Prosím o kontrolu logu, zalagovaný PC, dlouhé načítání. Vyřešeno

[Clorky]

Zdravím, poslední dobou (od poslední prohlídky viz viewtopic.php?f=70&t=84843) Mi PC příjde občas dost zasekané. Jde především o načítání Tento Počítač (normálně, třeba teď se mi načte okamžitě, ale často i 1 minutu dlouho).
Tady je HJT:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:56:06, on 2.5.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Windows\ffpext\ffpsrv.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
E:\Programy\Skype\Phone\Skype.exe
E:\Programy\Mozilla Firefox 4.0\firefox.exe
E:\Programy\Mozilla Firefox 4.0\plugin-container.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Users\Clorky\Desktop\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={1AB2F828-9701-499F-9B89-6FF373EC970C}&mid=f7f1de55beb147d0b879318208e10f8c-0493dacff3ce654d3be0bcc39151371063074ba8&lang=cs&ds=ts022&pr=sa&d=2012-04-17 19:28:06&v=10.2.0.3&sap=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = Hynerovi)
O2 - BHO: LinkAirBrowserHelper HistoryTriggerBHO - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll
O4 - HKLM\..\Run: [HDAudDeck] c:\program files (x86)\via\viaudioi\vdeck\vdeck.exe -r
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ffpsrv] c:\windows\ffpext\ffpsrv.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: O&O Defrag (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RadeonPro Support Service - Mr. John aka japamd - C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 5986 bytes

[Reklama]

[jaro3]

Zase...odinstaluj jeden antivir..
Vidím tam AVG i ESET Smart Security!!

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

[Clorky]

AVG jsem neinstaloval, bude to asi jen toolbar, jdu na to.

MbAM:

Malwarebytes Anti-Malware 1.61.0.1400
http://www.malwarebytes.org

Database version: v2012.04.27.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Clorky :: I5PETR [administrator]

2.5.2012 14:42:00
mbam-log-2012-05-02 (14-43-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196946
Time elapsed: 1 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\SVKP (Trojan.Agent) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Windows\System32\SVKP.sys (Trojan.Agent) -> No action taken.
C:\Windows\SysWOW64\SVKP.sys (Trojan.Agent) -> No action taken.

(end)

[jaro3]

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujisti se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit nový log z MbAM.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[Clorky]

Zhruba za hoďku zedituju tenhle post, mám teď nějakou práci.

[jaro3]

Jasně!

[Clorky]

Tady to je, omlouvám se za spoždění, mám toho plno.

ComboFix 12-05-02.03 - Clorky 02.05.2012 18:21:48.4.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1033.18.4094.2531 [GMT 2:00]
Spuštěný z: c:\users\Clorky\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-04-02 do 2012-05-02 )))))))))))))))))))))))))))))))
.
.
2012-05-02 16:24 . 2012-05-02 16:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-29 17:46 . 2012-04-29 18:07 -------- d-----w- c:\users\Clorky\AppData\Local\Adobe
2012-04-29 12:55 . 2012-04-29 12:55 303616 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-04-29 12:54 . 2012-04-29 12:54 35328 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-04-29 12:50 . 2012-04-29 12:50 180356 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2012-04-29 12:50 . 2004-07-15 22:20 733184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2012-04-29 12:50 . 2004-07-15 22:20 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2012-04-29 12:50 . 2004-07-15 22:19 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2012-04-29 12:50 . 2004-07-15 22:18 172032 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2012-04-29 12:50 . 2004-07-15 22:18 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2012-04-29 12:50 . 2012-04-29 12:50 303236 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2012-04-29 10:50 . 2012-04-29 10:53 -------- d-----w- c:\users\Clorky\.idlerc
2012-04-29 10:48 . 2012-04-29 12:18 -------- d-----w- C:\Python27
2012-04-28 18:52 . 2012-04-29 12:37 -------- d-----w- c:\users\Clorky\AppData\Roaming\codeblocks
2012-04-28 18:51 . 2012-04-28 18:51 -------- d-----w- c:\program files (x86)\CodeBlocks
2012-04-28 07:39 . 2012-04-28 07:40 -------- d-----w- c:\users\Clorky\AppData\Local\Divinity 2
2012-04-28 06:20 . 2012-04-28 06:20 -------- d-----w- c:\programdata\Divinity 2
2012-04-26 16:11 . 2012-04-26 16:11 -------- d-----w- c:\programdata\ATI
2012-04-26 16:11 . 2012-04-26 16:11 -------- d-----w- c:\program files (x86)\AMD AVT
2012-04-26 16:11 . 2012-04-26 16:11 -------- d-----w- c:\program files (x86)\AMD APP
2012-04-26 15:55 . 2012-04-26 15:55 -------- d-----w- c:\program files (x86)\Game_Maker8
2012-04-24 19:53 . 2012-04-24 19:53 41984 ----a-w- c:\windows\system32\~WebUpdateHelper.exe
2012-04-22 09:39 . 2012-04-22 09:39 -------- d-----w- c:\users\Clorky\AppData\Local\Two Worlds II
2012-04-22 08:14 . 2012-04-22 08:14 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-04-22 08:05 . 2012-04-22 08:05 -------- d-----w- c:\program files (x86)\Phyxion.net
2012-04-22 07:53 . 2012-04-22 07:53 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-04-22 07:53 . 2012-04-22 07:53 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-04-22 06:40 . 2012-04-22 06:40 -------- d-----w- c:\users\Clorky\AppData\Local\ESET
2012-04-22 06:35 . 2012-04-22 06:35 -------- d-----w- c:\program files\ESET
2012-04-21 07:11 . 2012-04-21 07:11 -------- d-----w- c:\users\Clorky\AppData\Roaming\Trine2
2012-04-20 20:07 . 2012-04-26 16:54 -------- d-----w- c:\program files (x86)\GOG.com
2012-04-20 12:01 . 2012-04-20 12:01 -------- d-----w- C:\games
2012-04-20 11:53 . 2012-04-21 21:20 -------- d-----w- c:\programdata\Tarma Installer
2012-04-19 18:41 . 2012-04-19 18:41 -------- d-----w- c:\users\Clorky\AppData\Local\GLSL_Customization
2012-04-19 18:35 . 2012-04-19 18:35 -------- d-----w- c:\users\Clorky\AppData\Local\McMemory
2012-04-18 17:29 . 2012-04-18 17:29 -------- d-----w- c:\users\Clorky\AppData\Local\LG Electronics
2012-04-18 17:29 . 2012-04-18 17:29 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-04-18 17:28 . 2012-04-18 17:29 -------- d-----w- c:\program files (x86)\LG Electronics
2012-04-18 17:20 . 2012-04-18 17:20 -------- d-----w- c:\program files (x86)\Osborn Software
2012-04-18 17:16 . 2007-01-27 17:27 47854 ----a-w- c:\windows\SysWow64\drivers\FDCDNT.SYS
2012-04-18 17:16 . 2012-04-18 17:16 -------- d-----w- c:\program files (x86)\File and Folder Protector
2012-04-18 17:16 . 2012-04-18 17:16 -------- d-----w- c:\windows\ffpext
2012-04-17 17:27 . 2012-04-17 17:27 -------- d--h--w- c:\programdata\Common Files
2012-04-17 16:57 . 2012-04-17 16:57 -------- d-----w- c:\programdata\Tunngle
2012-04-15 19:05 . 2012-04-15 19:05 -------- d-----w- c:\programdata\AVS4YOU
2012-04-14 18:13 . 2012-04-14 18:13 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1F2CC860-4B70-4C50-8576-AAB417E199B3}\offreg.dll
2012-04-14 16:40 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-14 16:40 . 2012-04-17 17:10 -------- d-----w- c:\programdata\AVAST Software
2012-04-14 16:40 . 2012-04-14 16:40 -------- d-----w- c:\program files\AVAST Software
2012-04-14 15:17 . 2012-04-18 19:14 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-14 13:38 . 2012-04-14 13:38 -------- d-----w- c:\programdata\BDLogging
2012-04-14 13:23 . 2012-04-14 13:23 -------- d-----w- c:\users\Clorky\AppData\Roaming\GlarySoft
2012-04-14 13:21 . 2012-04-14 13:21 -------- d-----w- c:\program files (x86)\Glary Utilities
2012-04-14 10:15 . 2012-04-14 10:27 -------- d-----w- c:\users\Clorky\AppData\Roaming\Bioshock
2012-04-14 09:54 . 2012-04-14 09:54 -------- d-----w- c:\users\Clorky\AppData\Roaming\Malwarebytes
2012-04-14 09:54 . 2012-04-14 09:54 -------- d-----w- c:\programdata\Malwarebytes
2012-04-14 09:54 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-14 09:54 . 2012-04-14 09:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-13 11:17 . 2012-04-13 11:17 -------- d-----w- c:\program files\Java
2012-04-13 11:09 . 2012-04-13 11:17 955848 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-04-13 11:05 . 2012-04-20 18:46 -------- d-----w- c:\users\Clorky\AppData\Roaming\.Nitrous
2012-04-13 08:53 . 2012-03-14 03:27 8669240 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1F2CC860-4B70-4C50-8576-AAB417E199B3}\mpengine.dll
2012-04-12 20:30 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 20:30 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 20:30 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 20:30 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 20:30 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 20:30 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 20:30 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-12 18:28 . 2012-04-12 18:28 -------- d-----w- c:\users\Clorky\AppData\Local\Irrational Games
2012-04-12 16:00 . 2012-05-02 14:08 -------- d-----w- c:\users\Clorky\AppData\Roaming\.minecraft
2012-04-12 11:25 . 2012-04-12 11:26 -------- d-----w- c:\users\Clorky\AppData\Local\Facebook
2012-04-10 21:31 . 2012-04-10 21:31 2303488 ----a-w- c:\windows\SysWow64\python27.dll
2012-04-09 17:38 . 2012-04-09 17:38 -------- d-----w- c:\program files (x86)\Convert AVI to MP4
2012-04-08 08:50 . 2012-04-08 08:50 -------- d-----w- c:\users\Clorky\AppData\Local\Rockstar Games
2012-04-07 22:02 . 2012-04-07 22:02 -------- d-----w- c:\program files (x86)\AviSynth 2.5
2012-04-07 18:15 . 2012-04-07 20:08 -------- d-----w- c:\users\Clorky\AppData\Roaming\TS3Client
2012-04-07 18:15 . 2012-04-07 18:15 -------- d-----w- c:\users\Clorky\AppData\Local\TeamSpeak 3 Client
2012-04-07 14:30 . 2012-04-07 14:31 -------- d-----w- c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2012-04-07 09:57 . 2012-04-07 09:57 -------- d-sh--w- c:\programdata\SecuROM
2012-04-07 09:57 . 2012-04-07 09:57 -------- d--h--r- c:\users\Clorky\AppData\Roaming\SecuROM
2012-04-07 09:46 . 2012-04-07 09:46 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23 7431680 ----a-w- c:\windows\system32\atiumd64.dll
2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2012-04-06 01:09 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-04-05 20:34 . 2012-04-05 20:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-05 20:34 . 2012-04-05 20:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-05 20:34 . 2012-04-05 20:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-05 20:33 . 2012-04-05 20:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-05 20:33 . 2012-04-05 20:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-05 20:33 . 2012-04-05 20:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-05 20:32 . 2012-04-05 20:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-04 15:33 . 2004-04-18 21:42 733184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2012-04-04 15:33 . 2004-04-18 21:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-18 19:15 . 2012-03-29 13:43 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-18 19:15 . 2012-02-29 18:34 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-13 11:17 . 2012-02-29 20:39 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-06 02:21 . 2012-02-29 15:57 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2012-02-29 15:57 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:13 . 2012-02-15 03:07 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:00 . 2012-02-29 15:57 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2012-02-29 15:57 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-04-06 01:34 . 2012-02-29 15:57 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:22 . 2012-02-29 15:57 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-02-29 15:57 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:09 . 2012-02-29 15:57 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-02-15 02:12 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-02-29 15:57 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-03-31 10:50 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-03-31 10:50 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-03-31 06:24 . 2012-03-31 06:24 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-03-28 16:04 . 2012-03-28 16:04 2255696 ----a-w- c:\windows\system32\ooscrsav.scr
2012-03-28 16:03 . 2012-03-28 16:03 352080 ----a-w- c:\windows\system32\oodbs.exe
2012-03-28 16:02 . 2012-03-28 16:02 536400 ----a-w- c:\windows\system32\oodssrs.dll
2012-03-28 16:01 . 2012-03-28 16:01 10064 ----a-w- c:\windows\system32\oodbsrs.dll
2012-03-26 19:42 . 2012-03-26 19:42 61440 ----a-w- c:\windows\SysWow64\nvPhotoshopUtil.dll
2012-03-26 19:42 . 2012-03-26 19:42 40960 ----a-w- c:\windows\SysWow64\nvISWOW64.dll
2012-03-26 19:42 . 2012-03-20 18:35 151552 ----a-w- c:\windows\SysWow64\nvRegDev.dll
2012-03-22 19:04 . 2012-03-22 19:04 33344 ----a-w- c:\windows\system32\drivers\hamachi.sys
2012-03-09 19:45 . 2012-03-09 19:45 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-09 12:07 . 2012-03-09 12:07 29184 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-03-09 12:06 . 2012-03-09 12:06 24576 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-03-07 23:40 . 2012-03-07 23:40 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-07 23:40 . 2012-03-07 23:40 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-07 23:40 . 2012-03-07 23:40 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-07 23:40 . 2012-03-07 23:40 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-07 23:40 . 2012-03-07 23:40 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-07 23:40 . 2012-03-07 23:40 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-07 23:40 . 2012-03-07 23:40 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-07 23:40 . 2012-03-07 23:40 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-07 23:40 . 2012-03-07 23:40 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-07 23:40 . 2012-03-07 23:40 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-07 23:40 . 2012-03-07 23:40 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-07 23:40 . 2012-03-07 23:40 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-07 23:40 . 2012-03-07 23:40 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-07 23:40 . 2012-03-07 23:40 448512 ----a-w- c:\windows\system32\html.iec
2012-03-07 23:40 . 2012-03-07 23:40 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-07 23:40 . 2012-03-07 23:40 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-07 23:40 . 2012-03-07 23:40 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-07 23:40 . 2012-03-07 23:40 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-07 23:40 . 2012-03-07 23:40 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-07 23:40 . 2012-03-07 23:40 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-07 23:40 . 2012-03-07 23:40 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-07 23:40 . 2012-03-07 23:40 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-07 23:40 . 2012-03-07 23:40 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-07 23:40 . 2012-03-07 23:40 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-07 23:40 . 2012-03-07 23:40 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-07 23:40 . 2012-03-07 23:40 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-07 23:40 . 2012-03-07 23:40 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-07 23:40 . 2012-03-07 23:40 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-07 23:40 . 2012-03-07 23:40 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-07 23:40 . 2012-03-07 23:40 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-07 23:40 . 2012-03-07 23:40 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-07 23:40 . 2012-03-07 23:40 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-07 23:40 . 2012-03-07 23:40 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-07 23:40 . 2012-03-07 23:40 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-03-03 16:15 . 2012-03-03 16:15 74703 ----a-w- c:\windows\SysWow64\mfc45.dll
2012-02-29 19:30 . 2012-02-29 19:30 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-29 19:30 . 2012-02-29 19:30 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-29 19:29 . 2012-02-29 19:29 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-29 19:29 . 2012-02-29 19:29 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-29 19:29 . 2012-02-29 19:29 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-29 19:27 . 2012-02-29 19:27 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-29 19:27 . 2012-02-29 19:27 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-29 19:26 . 2012-02-29 19:26 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-02-29 19:26 . 2012-02-29 19:26 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-02-29 19:26 . 2012-02-29 19:26 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-02-29 19:26 . 2012-02-29 19:26 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-02-29 19:26 . 2012-02-29 19:26 459232 ----a-w- c:\windows\system32\drivers\cng.sys
2012-02-29 19:26 . 2012-02-29 19:26 395776 ----a-w- c:\windows\system32\webio.dll
2012-02-29 19:26 . 2012-02-29 19:26 340992 ----a-w- c:\windows\system32\schannel.dll
2012-02-29 19:26 . 2012-02-29 19:26 314880 ----a-w- c:\windows\SysWow64\webio.dll
2012-02-29 19:26 . 2012-02-29 19:26 31232 ----a-w- c:\windows\system32\lsass.exe
2012-02-29 19:26 . 2012-02-29 19:26 29184 ----a-w- c:\windows\system32\sspisrv.dll
2012-02-29 19:26 . 2012-02-29 19:26 28160 ----a-w- c:\windows\system32\secur32.dll
2012-02-29 19:26 . 2012-02-29 19:26 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2012-02-29 19:26 . 2012-02-29 19:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-02-29 19:26 . 2012-02-29 19:26 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-02-29 19:26 . 2012-02-29 19:26 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2012-02-29 19:26 . 2012-02-29 19:26 136192 ----a-w- c:\windows\system32\sspicli.dll
2012-02-29 19:26 . 2012-02-29 19:26 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-02-29 19:26 . 2012-02-29 19:26 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-02-29 19:26 . 2012-02-29 19:26 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-02-29 19:26 . 2012-02-29 19:26 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-02-29 19:25 . 2012-02-29 19:25 77312 ----a-w- c:\windows\system32\packager.dll
2012-02-29 19:25 . 2012-02-29 19:25 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-02-29 19:24 . 2012-02-29 19:24 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-02-29 19:24 . 2012-02-29 19:24 2048 ----a-w- c:\windows\system32\tzres.dll
2012-02-29 19:24 . 2012-02-29 19:24 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-02-29 19:23 . 2012-02-29 19:23 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-02-29 19:23 . 2012-02-29 19:23 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-02-29 19:21 . 2012-02-29 19:21 288640 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-02-29 19:21 . 2012-02-29 19:21 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-02-29 19:12 . 2012-02-29 19:12 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"HDAudDeck"="c:\program files (x86)\via\viaudioi\vdeck\vdeck.exe" [2010-08-11 2472048]
"ffpsrv"="c:\windows\ffpext\ffpsrv.exe" [2007-02-02 83968]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ OODBS
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 253088]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys [x]
R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2012-04-07 19952]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2012-03-28 3288400]
S2 RadeonPro Support Service;RadeonPro Support Service;c:\program files (x86)\RadeonPro\RadeonProSupport.exe [2011-02-10 12800]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys [x]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys [x]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-05-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 19:15]
.
2012-05-02 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2012-04-14 21:31]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2012-03-28 3998032]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.exe" [2011-03-15 499608]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://isearch.avg.com/?cid={1AB2F828-9701-499F-9B89-6FF373EC970C}&mid=f7f1de55beb147d0b879318208e10f8c-0493dacff3ce654d3be0bcc39151371063074ba8&lang=cs&ds=ts022&pr=sa&d=2012-04-17 19:28&v=10.2.0.3&sap=hp
mLocal Page = c:\windows\SYSTEM32\blank.htm
TCP: Interfaces\{8EA87408-1E32-49AB-B3FF-30F4C705D657}: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Clorky\AppData\Roaming\Mozilla\Firefox\Profiles\nzoqllew.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - www.google.cz
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
.
------- Asociace souborů -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellIconOverlayIdentifiers-{152C96EB-288E-4EDC-B7C6-D21F8250ADF3} - (no file)
ShellIconOverlayIdentifiers-{342DAA0B-D796-460D-8566-901E08A1CCAD} - (no file)
ShellIconOverlayIdentifiers-{57595DAE-1AE1-4D97-A49E-67CBB53B52DF} - (no file)
ShellIconOverlayIdentifiers-{33816773-98AE-4723-ADE0-EBE54C8B5A67} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1365180198-3819917712-2369891476-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ca,88,93,ea,23,f9,36,80,af,e7,8c,9b,3f,44,58,fc,77,04,3d,15,f2,5c,9a,
b4,56,b9,5d,a8,c4,76,a3,75,e8,85,8e,a6,cd,a8,1e,2e,4b,e1,69,6e,14,98,2c,99,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-1365180198-3819917712-2369891476-1001\Software\SecuROM\License information*]
"datasecu"=hex:d9,09,63,41,0e,e0,83,06,7c,07,70,04,2f,d9,8a,d7,30,91,a9,54,7a,
92,48,ab,2a,4f,23,b6,2d,c0,77,f9,15,78,74,bc,a2,4f,4a,39,32,4c,1e,18,56,7d,\
"rkeysecu"=hex:ac,85,ae,05,b4,fc,d7,1e,f1,ef,44,4b,4f,69,5f,a1
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG15.00.00.01PROFESSIONAL"="CFE1CA2B0F975DAD4D9EB25DEA92878C93B8ECAB521C7EEA39E3EC839017D1EE4911C78A1B75336D1264B7FB6F9FC66F968BBADE0524058D78513DFD473F32958A115042A82F5C855CEE78493D596C54EAE309DE6B3D4E08CE9D0AB62A379E1F87A8B500CE9B70CA506F01C66C949CF307803AA240D7A599A2B3B0B7B4AEAB7038106C066A476E64950C7D0C5AD85C5B63955537031B3A52DC75AF222687D13E97F40EA79BF0364D5A5FC0C12863976B7E4984B9F2DF9F98EE352C2A02D8ED94A677564FC58B8F574DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D1407BA7FD869164D67949DB7CE019D40AA5C838FACAD88F720A3481AB483170CBD662E5E8C032449C738B75445831C8F294696B6C6A0AA54923A9C32A04E0C2B75CCF2B9AD6F35D1C873AB5A038B4258268F99A9AF8A4150AFB800BD4D824191C6920FBAE1153D071AB32DE81063C71B771C176494051BA079B8CBD29B1DE0DB7B8046AF5F74E18FE8920EA915A972A54FF51087B470BA5DC5D54C28015E4B8CAF61D40A6F4C8176B7AC96E4543F39ADB1A9F657E46E5681C12E439D86CA930851076860F1A1AB2AD724818B20CBCBC8FACDB5BA0DE6D8EF6A6565B249A90198244521EBD7BFA5FB751FFCAF5E380B7157F5A83EA905DF6B13A55C0B7A888FEAC176970BA7B2E7220C46AD870CB30D0AC83E9C11CB383F9CE297C3F1E035EE1294F4D4BE7CCA1E386B47286FB7301BD324C4D80817B2FC1054EC2ED2D24602015CA3D5AE039EA93DB9D4FAE50563B1F6952C151AC2EC543635579E3FC012E013ADE50EA300069F91EE24A10DAB4804FE191B7B641D22B2E22A91116BAA36570470A4E38A471FC67D586E11ACF49B755A02BC2D2605CFBA4FA8546FB0A491E3F6DFCB2FF6C44A1DAA16F130AE42E0A15DF3BE3EC2EEBAC2977BE09D8B594ABAF08A4E401EF5ADD2269E6FD923065DD5BFE9D43743E268563C42F96E9D06C5C359569D575A6C32CB6438ADDBBCC79B929BB0B593527E2633216EE62B2CFB321A00FAB52CA85004213B81767B51A2690EF06C9AC2C07001CC10C875921E1FFE8C950290E6AB5A9420E46A16EE5C45DAB02410C22981FE4DC7B3E9725402EA609FAF4DAFA7A8591BC67FB75EDFFDF4C21AFA67F29FAD80A1011EC1B41609EACE8AC690187E8B300D4D8D0327EFF686BD1A228FEEF080E0DA06C19311EE864186B839D1D2F25F542B987538462F30E6A9B6A7F982DE59A29518F875E36EF42386CAC76E6B7ED6CFF4C702989D263293272A016C7C1B3E58362FFE510E95EFD893131816730EC8C2AE2AE0390B50AEA29EE00401AE4FD4AB6475F36772D6B941B798B44CFE06AFDCE244A602779C77B8397C6B27F0186A570A4A5DC9"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
.
**************************************************************************
.
Celkový čas: 2012-05-02 18:28:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-05-02 16:28
.
Před spuštěním: 146 777 694 208 bytes free
Po spuštění: 146 612 023 296 bytes free
.
- - End Of File - - F10CD825B17F2346A37A6A082B51A05A

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

KillAll::
Folder::
c:\programdata\AVAST Software
c:\program files\AVAST Software


FileLook::
c:\windows\system32\drivers\bdsandbox.sys

DDS::
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://isearch.avg.com/?cid={1AB2F828-9701-499F-9B89-6FF373EC970C}&mid=f7f1de55beb147d0b879318208e10f8c-0493dacff3ce654d3be0bcc39151371063074ba8&lang=cs&ds=ts022&pr=sa&d=2012-04-17 19:28&v=10.2.0.3&sap=hp
mLocal Page = c:\windows\SYSTEM32\blank.htm

Firefox::
FF - ProfilePath - c:\users\Clorky\AppData\Roaming\Mozilla\Firefox\Profiles\nzoqllew.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

RegNull::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-
BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[Clorky]

V obou případech skénování CFixu hlásil, že je nod zapnutý, avšak byl vypnutý (v ballastech nebyl, ani v procesech)
Tady to je:

CFix:

ComboFix 12-05-02.03 - Clorky 02.05.2012 21:32:31.5.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1033.18.4094.2637 [GMT 2:00]
Spuštěný z: c:\users\Clorky\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Clorky\Desktop\CFScript.txt
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AVAST Software
c:\program files\AVAST Software\Avast\Setup\history.ini
c:\program files\AVAST Software\Avast\Setup\setup.ini
c:\programdata\AVAST Software
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-04-02 do 2012-05-02 )))))))))))))))))))))))))))))))
.
.
2012-05-02 19:34 . 2012-05-02 19:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-29 17:46 . 2012-04-29 18:07 -------- d-----w- c:\users\Clorky\AppData\Local\Adobe
2012-04-29 12:55 . 2012-04-29 12:55 303616 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-04-29 12:54 . 2012-04-29 12:54 35328 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-04-29 12:50 . 2012-04-29 12:50 180356 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2012-04-29 12:50 . 2004-07-15 22:20 733184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2012-04-29 12:50 . 2004-07-15 22:20 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2012-04-29 12:50 . 2004-07-15 22:19 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2012-04-29 12:50 . 2004-07-15 22:18 172032 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2012-04-29 12:50 . 2004-07-15 22:18 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2012-04-29 12:50 . 2012-04-29 12:50 303236 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2012-04-29 10:50 . 2012-04-29 10:53 -------- d-----w- c:\users\Clorky\.idlerc
2012-04-29 10:48 . 2012-04-29 12:18 -------- d-----w- C:\Python27
2012-04-28 18:52 . 2012-04-29 12:37 -------- d-----w- c:\users\Clorky\AppData\Roaming\codeblocks
2012-04-28 18:51 . 2012-04-28 18:51 -------- d-----w- c:\program files (x86)\CodeBlocks
2012-04-28 07:39 . 2012-04-28 07:40 -------- d-----w- c:\users\Clorky\AppData\Local\Divinity 2
2012-04-28 06:20 . 2012-04-28 06:20 -------- d-----w- c:\programdata\Divinity 2
2012-04-26 16:11 . 2012-04-26 16:11 -------- d-----w- c:\programdata\ATI
2012-04-26 16:11 . 2012-04-26 16:11 -------- d-----w- c:\program files (x86)\AMD AVT
2012-04-26 16:11 . 2012-04-26 16:11 -------- d-----w- c:\program files (x86)\AMD APP
2012-04-26 15:55 . 2012-04-26 15:55 -------- d-----w- c:\program files (x86)\Game_Maker8
2012-04-24 19:53 . 2012-04-24 19:53 41984 ----a-w- c:\windows\system32\~WebUpdateHelper.exe
2012-04-22 09:39 . 2012-04-22 09:39 -------- d-----w- c:\users\Clorky\AppData\Local\Two Worlds II
2012-04-22 08:14 . 2012-04-22 08:14 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-04-22 08:05 . 2012-04-22 08:05 -------- d-----w- c:\program files (x86)\Phyxion.net
2012-04-22 07:53 . 2012-04-22 07:53 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-04-22 07:53 . 2012-04-22 07:53 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-04-22 06:40 . 2012-04-22 06:40 -------- d-----w- c:\users\Clorky\AppData\Local\ESET
2012-04-22 06:35 . 2012-04-22 06:35 -------- d-----w- c:\program files\ESET
2012-04-21 07:11 . 2012-04-21 07:11 -------- d-----w- c:\users\Clorky\AppData\Roaming\Trine2
2012-04-20 20:07 . 2012-04-26 16:54 -------- d-----w- c:\program files (x86)\GOG.com
2012-04-20 12:01 . 2012-04-20 12:01 -------- d-----w- C:\games
2012-04-20 11:53 . 2012-04-21 21:20 -------- d-----w- c:\programdata\Tarma Installer
2012-04-19 18:41 . 2012-04-19 18:41 -------- d-----w- c:\users\Clorky\AppData\Local\GLSL_Customization
2012-04-19 18:35 . 2012-04-19 18:35 -------- d-----w- c:\users\Clorky\AppData\Local\McMemory
2012-04-18 17:29 . 2012-04-18 17:29 -------- d-----w- c:\users\Clorky\AppData\Local\LG Electronics
2012-04-18 17:29 . 2012-04-18 17:29 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-04-18 17:28 . 2012-04-18 17:29 -------- d-----w- c:\program files (x86)\LG Electronics
2012-04-18 17:20 . 2012-04-18 17:20 -------- d-----w- c:\program files (x86)\Osborn Software
2012-04-18 17:16 . 2007-01-27 17:27 47854 ----a-w- c:\windows\SysWow64\drivers\FDCDNT.SYS
2012-04-18 17:16 . 2012-04-18 17:16 -------- d-----w- c:\program files (x86)\File and Folder Protector
2012-04-18 17:16 . 2012-04-18 17:16 -------- d-----w- c:\windows\ffpext
2012-04-17 17:27 . 2012-04-17 17:27 -------- d--h--w- c:\programdata\Common Files
2012-04-17 16:57 . 2012-04-17 16:57 -------- d-----w- c:\programdata\Tunngle
2012-04-15 19:05 . 2012-04-15 19:05 -------- d-----w- c:\programdata\AVS4YOU
2012-04-14 18:13 . 2012-04-14 18:13 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1F2CC860-4B70-4C50-8576-AAB417E199B3}\offreg.dll
2012-04-14 16:40 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-14 15:17 . 2012-04-18 19:14 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-14 13:38 . 2012-04-14 13:38 -------- d-----w- c:\programdata\BDLogging
2012-04-14 13:23 . 2012-04-14 13:23 -------- d-----w- c:\users\Clorky\AppData\Roaming\GlarySoft
2012-04-14 13:21 . 2012-04-14 13:21 -------- d-----w- c:\program files (x86)\Glary Utilities
2012-04-14 10:15 . 2012-04-14 10:27 -------- d-----w- c:\users\Clorky\AppData\Roaming\Bioshock
2012-04-14 09:54 . 2012-04-14 09:54 -------- d-----w- c:\users\Clorky\AppData\Roaming\Malwarebytes
2012-04-14 09:54 . 2012-04-14 09:54 -------- d-----w- c:\programdata\Malwarebytes
2012-04-14 09:54 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-14 09:54 . 2012-04-14 09:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-13 11:17 . 2012-04-13 11:17 -------- d-----w- c:\program files\Java
2012-04-13 11:09 . 2012-04-13 11:17 955848 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-04-13 11:05 . 2012-04-20 18:46 -------- d-----w- c:\users\Clorky\AppData\Roaming\.Nitrous
2012-04-13 08:53 . 2012-03-14 03:27 8669240 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1F2CC860-4B70-4C50-8576-AAB417E199B3}\mpengine.dll
2012-04-12 20:30 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 20:30 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 20:30 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 20:30 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 20:30 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 20:30 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 20:30 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-12 18:28 . 2012-04-12 18:28 -------- d-----w- c:\users\Clorky\AppData\Local\Irrational Games
2012-04-12 16:00 . 2012-05-02 14:08 -------- d-----w- c:\users\Clorky\AppData\Roaming\.minecraft
2012-04-12 11:25 . 2012-04-12 11:26 -------- d-----w- c:\users\Clorky\AppData\Local\Facebook
2012-04-10 21:31 . 2012-04-10 21:31 2303488 ----a-w- c:\windows\SysWow64\python27.dll
2012-04-09 17:38 . 2012-04-09 17:38 -------- d-----w- c:\program files (x86)\Convert AVI to MP4
2012-04-08 08:50 . 2012-04-08 08:50 -------- d-----w- c:\users\Clorky\AppData\Local\Rockstar Games
2012-04-07 22:02 . 2012-04-07 22:02 -------- d-----w- c:\program files (x86)\AviSynth 2.5
2012-04-07 18:15 . 2012-04-07 20:08 -------- d-----w- c:\users\Clorky\AppData\Roaming\TS3Client
2012-04-07 18:15 . 2012-04-07 18:15 -------- d-----w- c:\users\Clorky\AppData\Local\TeamSpeak 3 Client
2012-04-07 14:30 . 2012-04-07 14:31 -------- d-----w- c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2012-04-07 09:57 . 2012-04-07 09:57 -------- d-sh--w- c:\programdata\SecuROM
2012-04-07 09:57 . 2012-04-07 09:57 -------- d--h--r- c:\users\Clorky\AppData\Roaming\SecuROM
2012-04-07 09:46 . 2012-04-07 09:46 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23 7431680 ----a-w- c:\windows\system32\atiumd64.dll
2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2012-04-06 01:09 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-04-05 20:34 . 2012-04-05 20:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-05 20:34 . 2012-04-05 20:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-05 20:34 . 2012-04-05 20:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-05 20:33 . 2012-04-05 20:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-05 20:33 . 2012-04-05 20:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-05 20:33 . 2012-04-05 20:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-05 20:32 . 2012-04-05 20:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-04 15:33 . 2004-04-18 21:42 733184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2012-04-04 15:33 . 2004-04-18 21:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2012-04-04 15:33 . 2004-04-18 21:39 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2012-04-04 15:33 . 2004-04-18 21:39 172032 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-18 19:15 . 2012-03-29 13:43 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-18 19:15 . 2012-02-29 18:34 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-13 11:17 . 2012-02-29 20:39 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-06 02:21 . 2012-02-29 15:57 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2012-02-29 15:57 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:13 . 2012-02-15 03:07 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:00 . 2012-02-29 15:57 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2012-02-29 15:57 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-04-06 01:34 . 2012-02-29 15:57 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:22 . 2012-02-29 15:57 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-02-29 15:57 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:09 . 2012-02-29 15:57 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-02-15 02:12 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-02-29 15:57 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-03-31 10:50 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-03-31 10:50 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-03-31 06:24 . 2012-03-31 06:24 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-03-28 16:04 . 2012-03-28 16:04 2255696 ----a-w- c:\windows\system32\ooscrsav.scr
2012-03-28 16:03 . 2012-03-28 16:03 352080 ----a-w- c:\windows\system32\oodbs.exe
2012-03-28 16:02 . 2012-03-28 16:02 536400 ----a-w- c:\windows\system32\oodssrs.dll
2012-03-28 16:01 . 2012-03-28 16:01 10064 ----a-w- c:\windows\system32\oodbsrs.dll
2012-03-26 19:42 . 2012-03-26 19:42 61440 ----a-w- c:\windows\SysWow64\nvPhotoshopUtil.dll
2012-03-26 19:42 . 2012-03-26 19:42 40960 ----a-w- c:\windows\SysWow64\nvISWOW64.dll
2012-03-26 19:42 . 2012-03-20 18:35 151552 ----a-w- c:\windows\SysWow64\nvRegDev.dll
2012-03-22 19:04 . 2012-03-22 19:04 33344 ----a-w- c:\windows\system32\drivers\hamachi.sys
2012-03-09 19:45 . 2012-03-09 19:45 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-09 12:07 . 2012-03-09 12:07 29184 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-03-09 12:06 . 2012-03-09 12:06 24576 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-03-07 23:40 . 2012-03-07 23:40 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-07 23:40 . 2012-03-07 23:40 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-07 23:40 . 2012-03-07 23:40 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-07 23:40 . 2012-03-07 23:40 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-07 23:40 . 2012-03-07 23:40 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-07 23:40 . 2012-03-07 23:40 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-07 23:40 . 2012-03-07 23:40 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-07 23:40 . 2012-03-07 23:40 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-07 23:40 . 2012-03-07 23:40 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-07 23:40 . 2012-03-07 23:40 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-07 23:40 . 2012-03-07 23:40 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-07 23:40 . 2012-03-07 23:40 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-07 23:40 . 2012-03-07 23:40 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-07 23:40 . 2012-03-07 23:40 448512 ----a-w- c:\windows\system32\html.iec
2012-03-07 23:40 . 2012-03-07 23:40 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-07 23:40 . 2012-03-07 23:40 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-07 23:40 . 2012-03-07 23:40 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-07 23:40 . 2012-03-07 23:40 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-07 23:40 . 2012-03-07 23:40 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-07 23:40 . 2012-03-07 23:40 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-07 23:40 . 2012-03-07 23:40 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-07 23:40 . 2012-03-07 23:40 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-07 23:40 . 2012-03-07 23:40 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-07 23:40 . 2012-03-07 23:40 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-07 23:40 . 2012-03-07 23:40 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-07 23:40 . 2012-03-07 23:40 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-07 23:40 . 2012-03-07 23:40 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-07 23:40 . 2012-03-07 23:40 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-07 23:40 . 2012-03-07 23:40 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-07 23:40 . 2012-03-07 23:40 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-07 23:40 . 2012-03-07 23:40 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-07 23:40 . 2012-03-07 23:40 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-07 23:40 . 2012-03-07 23:40 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-07 23:40 . 2012-03-07 23:40 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-03-03 16:15 . 2012-03-03 16:15 74703 ----a-w- c:\windows\SysWow64\mfc45.dll
2012-02-29 19:30 . 2012-02-29 19:30 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-29 19:30 . 2012-02-29 19:30 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-29 19:29 . 2012-02-29 19:29 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-29 19:29 . 2012-02-29 19:29 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-29 19:29 . 2012-02-29 19:29 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-29 19:27 . 2012-02-29 19:27 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-29 19:27 . 2012-02-29 19:27 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-29 19:26 . 2012-02-29 19:26 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-02-29 19:26 . 2012-02-29 19:26 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-02-29 19:26 . 2012-02-29 19:26 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-02-29 19:26 . 2012-02-29 19:26 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-02-29 19:26 . 2012-02-29 19:26 459232 ----a-w- c:\windows\system32\drivers\cng.sys
2012-02-29 19:26 . 2012-02-29 19:26 395776 ----a-w- c:\windows\system32\webio.dll
2012-02-29 19:26 . 2012-02-29 19:26 340992 ----a-w- c:\windows\system32\schannel.dll
2012-02-29 19:26 . 2012-02-29 19:26 314880 ----a-w- c:\windows\SysWow64\webio.dll
2012-02-29 19:26 . 2012-02-29 19:26 31232 ----a-w- c:\windows\system32\lsass.exe
2012-02-29 19:26 . 2012-02-29 19:26 29184 ----a-w- c:\windows\system32\sspisrv.dll
2012-02-29 19:26 . 2012-02-29 19:26 28160 ----a-w- c:\windows\system32\secur32.dll
2012-02-29 19:26 . 2012-02-29 19:26 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2012-02-29 19:26 . 2012-02-29 19:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-02-29 19:26 . 2012-02-29 19:26 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-02-29 19:26 . 2012-02-29 19:26 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2012-02-29 19:26 . 2012-02-29 19:26 136192 ----a-w- c:\windows\system32\sspicli.dll
2012-02-29 19:26 . 2012-02-29 19:26 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-02-29 19:26 . 2012-02-29 19:26 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-02-29 19:26 . 2012-02-29 19:26 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-02-29 19:26 . 2012-02-29 19:26 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-02-29 19:25 . 2012-02-29 19:25 77312 ----a-w- c:\windows\system32\packager.dll
2012-02-29 19:25 . 2012-02-29 19:25 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-02-29 19:24 . 2012-02-29 19:24 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-02-29 19:24 . 2012-02-29 19:24 2048 ----a-w- c:\windows\system32\tzres.dll
2012-02-29 19:24 . 2012-02-29 19:24 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-02-29 19:23 . 2012-02-29 19:23 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-02-29 19:23 . 2012-02-29 19:23 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-02-29 19:21 . 2012-02-29 19:21 288640 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-02-29 19:21 . 2012-02-29 19:21 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-02-29 19:12 . 2012-02-29 19:12 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\drivers\bdsandbox.sys ---
Company: BitDefender SRL
File Description: BitDefender SandBox Filter Driver
File Version: 1.14
Product Name:
Copyright: (C) 2011 BitDefender SRL
Original Filename: BDSandBox.sys
File size: 79952
Created time: 2011-11-17 15:38
Modified time: 2011-11-17 15:38
MD5: 31571D77C6186AD228F52EE4EBDF8EE9
SHA1: 175A4331B946AA60CFFE8339E8A8639195509E72
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-02_16.25.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-29 17:26 . 2012-05-02 16:28 47050 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-02 16:28 35910 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-05-02 14:48 35910 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-02-29 17:20 . 2012-05-02 16:28 11712 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1365180198-3819917712-2369891476-1001_UserData.bin
+ 2012-05-02 19:35 . 2012-05-02 19:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-02 16:25 . 2012-05-02 16:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-02 16:25 . 2012-05-02 16:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-02 19:35 . 2012-05-02 19:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-05-02 14:51 651938 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-02 16:31 651938 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-02 16:31 120870 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-05-02 14:51 120870 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-05-02 16:24 316360 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-05-02 19:34 316360 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-29 18:24 . 2012-05-02 19:34 2223336 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-02-29 18:24 . 2012-05-02 16:24 2223336 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-02-29 20:21 . 2012-05-02 19:34 40852445 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1365180198-3819917712-2369891476-1001-12288.dat
- 2012-02-29 20:21 . 2012-05-02 16:24 40852445 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1365180198-3819917712-2369891476-1001-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"HDAudDeck"="c:\program files (x86)\via\viaudioi\vdeck\vdeck.exe" [2010-08-11 2472048]
"ffpsrv"="c:\windows\ffpext\ffpsrv.exe" [2007-02-02 83968]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ OODBS
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 253088]
R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2012-04-07 19952]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2012-03-28 3288400]
S2 RadeonPro Support Service;RadeonPro Support Service;c:\program files (x86)\RadeonPro\RadeonProSupport.exe [2011-02-10 12800]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [x]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [x]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [x]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [x]
S3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys [x]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys [x]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-05-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 19:15]
.
2012-05-02 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2012-04-14 21:31]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2012-03-28 3998032]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.exe" [2011-03-15 499608]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
TCP: Interfaces\{8EA87408-1E32-49AB-B3FF-30F4C705D657}: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Clorky\AppData\Roaming\Mozilla\Firefox\Profiles\nzoqllew.default\
FF - prefs.js: browser.startup.homepage - http://www.google.cz
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellIconOverlayIdentifiers-{152C96EB-288E-4EDC-B7C6-D21F8250ADF3} - (no file)
ShellIconOverlayIdentifiers-{342DAA0B-D796-460D-8566-901E08A1CCAD} - (no file)
ShellIconOverlayIdentifiers-{57595DAE-1AE1-4D97-A49E-67CBB53B52DF} - (no file)
ShellIconOverlayIdentifiers-{33816773-98AE-4723-ADE0-EBE54C8B5A67} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1365180198-3819917712-2369891476-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ca,88,93,ea,23,f9,36,80,af,e7,8c,9b,3f,44,58,fc,77,04,3d,15,f2,5c,9a,
b4,56,b9,5d,a8,c4,76,a3,75,e8,85,8e,a6,cd,a8,1e,2e,4b,e1,69,6e,14,98,2c,99,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-1365180198-3819917712-2369891476-1001\Software\SecuROM\License information*]
"datasecu"=hex:d9,09,63,41,0e,e0,83,06,7c,07,70,04,2f,d9,8a,d7,30,91,a9,54,7a,
92,48,ab,2a,4f,23,b6,2d,c0,77,f9,15,78,74,bc,a2,4f,4a,39,32,4c,1e,18,56,7d,\
"rkeysecu"=hex:ac,85,ae,05,b4,fc,d7,1e,f1,ef,44,4b,4f,69,5f,a1
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG15.00.00.01PROFESSIONAL"="CFE1CA2B0F975DAD4D9EB25DEA92878C93B8ECAB521C7EEA39E3EC839017D1EE4911C78A1B75336D1264B7FB6F9FC66F968BBADE0524058D78513DFD473F32958A115042A82F5C855CEE78493D596C54EAE309DE6B3D4E08CE9D0AB62A379E1F87A8B500CE9B70CA506F01C66C949CF307803AA240D7A599A2B3B0B7B4AEAB7038106C066A476E64950C7D0C5AD85C5B63955537031B3A52DC75AF222687D13E97F40EA79BF0364D5A5FC0C12863976B7E4984B9F2DF9F98EE352C2A02D8ED94A677564FC58B8F574DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D1407BA7FD869164D67949DB7CE019D40AA5C838FACAD88F720A3481AB483170CBD662E5E8C032449C738B75445831C8F294696B6C6A0AA54923A9C32A04E0C2B75CCF2B9AD6F35D1C873AB5A038B4258268F99A9AF8A4150AFB800BD4D824191C6920FBAE1153D071AB32DE81063C71B771C176494051BA079B8CBD29B1DE0DB7B8046AF5F74E18FE8920EA915A972A54FF51087B470BA5DC5D54C28015E4B8CAF61D40A6F4C8176B7AC96E4543F39ADB1A9F657E46E5681C12E439D86CA930851076860F1A1AB2AD724818B20CBCBC8FACDB5BA0DE6D8EF6A6565B249A90198244521EBD7BFA5FB751FFCAF5E380B7157F5A83EA905DF6B13A55C0B7A888FEAC176970BA7B2E7220C46AD870CB30D0AC83E9C11CB383F9CE297C3F1E035EE1294F4D4BE7CCA1E386B47286FB7301BD324C4D80817B2FC1054EC2ED2D24602015CA3D5AE039EA93DB9D4FAE50563B1F6952C151AC2EC543635579E3FC012E013ADE50EA300069F91EE24A10DAB4804FE191B7B641D22B2E22A91116BAA36570470A4E38A471FC67D586E11ACF49B755A02BC2D2605CFBA4FA8546FB0A491E3F6DFCB2FF6C44A1DAA16F130AE42E0A15DF3BE3EC2EEBAC2977BE09D8B594ABAF08A4E401EF5ADD2269E6FD923065DD5BFE9D43743E268563C42F96E9D06C5C359569D575A6C32CB6438ADDBBCC79B929BB0B593527E2633216EE62B2CFB321A00FAB52CA85004213B81767B51A2690EF06C9AC2C07001CC10C875921E1FFE8C950290E6AB5A9420E46A16EE5C45DAB02410C22981FE4DC7B3E9725402EA609FAF4DAFA7A8591BC67FB75EDFFDF4C21AFA67F29FAD80A1011EC1B41609EACE8AC690187E8B300D4D8D0327EFF686BD1A228FEEF080E0DA06C19311EE864186B839D1D2F25F542B987538462F30E6A9B6A7F982DE59A29518F875E36EF42386CAC76E6B7ED6CFF4C702989D263293272A016C7C1B3E58362FFE510E95EFD893131816730EC8C2AE2AE0390B50AEA29EE00401AE4FD4AB6475F36772D6B941B798B44CFE06AFDCE244A602779C77B8397C6B27F0186A570A4A5DC9"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
.
**************************************************************************
.
Celkový čas: 2012-05-02 21:39:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-05-02 19:39
ComboFix2.txt 2012-05-02 16:28
.
Před spuštěním: 146 644 725 760 bytes free
Po spuštění: 146 600 640 512 bytes free
.
- - End Of File - - 503F423FD5AC1CCD1A948FD667EF45B0

aswMBR:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-02 21:48:21
-----------------------------
21:48:21.611 OS Version: Windows x64 6.1.7601 Service Pack 1
21:48:21.611 Number of processors: 4 586 0x1E05
21:48:21.611 ComputerName: I5PETR UserName: Clorky
21:48:22.448 Initialize success
21:50:30.488 AVAST engine defs: 12050200
21:57:08.259 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
21:57:08.260 Disk 0 Vendor: ST380021A 3.19 Size: 76319MB BusType: 3
21:57:08.262 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-4
21:57:08.263 Disk 1 Vendor: WDC_WD1001FALS-00E8B0 05.00K05 Size: 953869MB BusType: 3
21:57:08.269 Disk 1 MBR read successfully
21:57:08.271 Disk 1 MBR scan
21:57:08.274 Disk 1 Windows 7 default MBR code
21:57:08.279 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:57:08.300 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 299899 MB offset 206848
21:57:08.318 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 653867 MB offset 614400000
21:57:08.357 Disk 1 scanning C:\Windows\system32\drivers
21:57:13.540 Service scanning
21:57:25.867 Modules scanning
21:57:25.874 Disk 1 trace - called modules:
21:57:25.885 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
21:57:25.888 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80047b4060]
21:57:25.891 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8004588520]
21:57:25.893 5 ACPI.sys[fffff88000ecd7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-4[0xfffffa8004584680]
21:57:27.066 AVAST engine scan C:\Windows
21:57:30.337 AVAST engine scan C:\Windows\system32
21:59:11.305 AVAST engine scan C:\Windows\system32\drivers
21:59:17.719 AVAST engine scan C:\Users\Clorky
22:07:47.155 AVAST engine scan C:\ProgramData
22:08:07.602 Scan finished successfully
22:08:30.317 Disk 1 MBR has been saved successfully to "C:\Users\Clorky\Desktop\MBR.dat"
22:08:30.320 The log file has been saved successfully to "C:\Users\Clorky\Desktop\aswMBR.txt"

[jaro3]

Stáhni si TDSSKiller

Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

c:\users\Clorky\AppData\Local\GLSL_Customization
c:\users\Clorky\AppData\Local\McMemory
Znáš ty programy?

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně (zkopírovat celé!!):

Kód: Vybrat vše

KillAll::
File::
c:\windows\system32\aswBoot.exe
c:\windows\system32\drivers\bdsandbox.sys
c:\windows\system32\perfh009.dat
c:\windows\system32\perfh009.dat
c:\windows\system32\perfc009.dat
c:\windows\system32\perfc009.dat

Driver::
bdsandbox

DirLook::
c:\windows\ffpext

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[Clorky]

Jdu na to k večeru, ty programy(složky) znám, jsou to modifikace k Minecraftu.

[jaro3]

Aha , tak je necháme , pokračuj , co jsem napsal ten TDSSKiller a script pro CF.