Log z HJT

Nitram2 · Příspěvekod **Nitram2** » 29 bře 2013 08:10

A tady posílám log z CombiFixu: ComboFix 13-03-28.01 - Martin 29.03.2013 7:18.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4007.2309 [GMT 1:00]
Spuštěný z: c:\users\Martin\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Martin\AppData\Roaming\inst.exe
c:\users\Martin\AppData\Roaming\vso_ts_preview.xml
c:\windows\msvcr71.dll
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-02-28 do 2013-03-29 )))))))))))))))))))))))))))))))
.
.
2013-03-29 06:28 . 2013-03-29 06:28 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-03-29 06:28 . 2013-03-29 06:28 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-03-29 06:28 . 2013-03-29 06:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-29 06:23 . 2013-03-29 06:23 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5FEB3E4A-BB54-4CE9-B4AE-FEF8AFB26A9D}\offreg.dll
2013-03-28 20:34 . 2013-01-04 06:11 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-03-28 20:33 . 2013-01-13 20:31 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-03-28 20:33 . 2013-01-13 17:05 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-03-28 20:33 . 2013-01-13 19:59 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-03-28 20:33 . 2013-01-13 19:58 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-03-28 20:33 . 2013-01-13 19:53 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-03-28 20:33 . 2013-01-13 19:25 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-03-28 20:33 . 2013-01-13 19:43 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-03-28 20:33 . 2013-01-13 19:15 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-03-28 20:33 . 2013-01-13 19:10 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-03-28 20:33 . 2013-01-13 19:37 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-03-28 20:33 . 2013-03-28 20:33 -------- d-----w- C:\Intel
2013-03-28 20:08 . 2013-03-28 20:08 -------- d-----w- c:\windows\CheckSur
2013-03-28 16:39 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-28 16:39 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-28 16:39 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-28 16:16 . 2013-03-28 16:16 -------- d-----w- c:\program files\Microsoft Silverlight
2013-03-28 16:16 . 2013-03-28 16:16 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-03-28 16:15 . 2013-03-28 16:15 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-03-28 13:24 . 2013-03-19 04:50 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5FEB3E4A-BB54-4CE9-B4AE-FEF8AFB26A9D}\mpengine.dll
2013-03-28 11:23 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-03-28 11:23 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-28 11:23 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-03-28 11:23 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-03-28 11:23 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-03-28 11:23 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-03-28 11:23 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-03-28 11:23 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-03-28 11:23 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-03-28 11:23 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-03-28 10:41 . 2013-03-28 10:41 -------- d-----w- C:\TDSSKiller_Quarantine
2013-03-28 08:51 . 2013-03-28 10:38 -------- d-----w- c:\users\Martin\AppData\Local\Anvil Studio
2013-03-28 06:43 . 2013-03-28 06:43 -------- d-----w- c:\users\Martin\AppData\Local\CrashDumps
2013-03-27 19:58 . 2013-03-27 19:58 121 ----a-w- c:\windows\DeleteOnReboot.bat
2013-03-27 06:20 . 2013-03-27 06:20 -------- d-----w- c:\users\Martin\AppData\Roaming\Malwarebytes
2013-03-27 06:20 . 2013-03-27 06:20 -------- d-----w- c:\programdata\Malwarebytes
2013-03-27 06:20 . 2013-03-27 06:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-27 06:20 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-27 06:16 . 2013-03-28 16:13 -------- d-----w- c:\users\Martin\AppData\Local\Adobe
2013-03-26 14:21 . 2013-03-26 14:21 388096 ----a-r- c:\users\Martin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-03-26 14:21 . 2013-03-26 14:21 -------- d-----w- c:\program files (x86)\Trend Micro
2013-03-24 15:09 . 2013-03-24 19:22 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2013-03-24 15:09 . 2013-03-24 19:22 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2013-03-24 15:00 . 2013-03-24 15:04 -------- d-----w- c:\users\Martin\AppData\Roaming\Vso
2013-03-19 06:29 . 2013-03-19 06:29 -------- d-----w- c:\program files (x86)\Photo!
2013-03-19 05:56 . 2013-03-19 05:56 -------- d-----w- c:\users\Martin\AppData\Local\Help
2013-03-19 05:56 . 2013-03-24 19:22 -------- d-----w- c:\program files\Focus Magic
2013-03-19 05:56 . 2000-11-13 10:55 109056 ----a-w- c:\windows\SysWow64\ESFinish.exe
2013-03-19 05:16 . 2013-03-19 05:16 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-12 14:38 . 2013-03-12 14:38 -------- d-----w- c:\users\Martin\temp
2013-03-12 14:38 . 2013-03-24 19:09 -------- d-----w- c:\users\Martin\AppData\Roaming\TeamViewer
2013-03-09 16:48 . 2007-04-10 00:06 10752 ----a-w- c:\windows\system32\E_GCINST.DLL
2013-03-09 16:48 . 2009-10-01 02:01 88064 ----a-w- c:\windows\system32\E_IBCBGGE.DLL
2013-03-06 14:47 . 2013-03-28 16:20 -------- d-----w- c:\program files (x86)\Microsoft Works
2013-03-06 14:44 . 2013-03-06 14:44 -------- d-----w- c:\users\Martin\AppData\Local\Microsoft Help
2013-03-03 06:45 . 2013-03-06 23:33 178624 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-03 06:45 . 2013-03-06 23:33 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-02 18:30 . 2013-03-02 18:30 -------- d-----w- c:\users\Martin\AppData\Roaming\MusE
2013-03-02 18:30 . 2013-03-02 18:30 -------- d-----w- c:\users\Martin\AppData\Local\MusE
2013-03-02 18:29 . 2013-03-02 18:29 -------- d-----w- c:\program files (x86)\MuseScore
2013-02-27 19:04 . 2013-02-27 19:04 6656 ----a-w- c:\windows\system32\drivers\hidkmdf.sys
2013-02-27 19:04 . 2013-02-27 19:04 20992 ----a-w- c:\windows\system32\drivers\uvhid.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-29 06:12 . 2011-11-16 11:08 45056 ----a-w- c:\windows\system32\acovcnt.exe
2013-03-19 05:16 . 2012-07-04 18:07 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-19 05:16 . 2012-07-04 18:07 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-14 08:28 . 2012-04-14 07:41 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-14 08:28 . 2012-04-14 07:41 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-06 23:33 . 2012-05-04 19:31 377920 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2012-05-04 19:31 70992 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-03-06 23:33 . 2012-05-04 19:31 68920 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2012-05-04 19:31 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2012-05-04 19:31 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:33 . 2012-05-04 19:31 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 23:32 . 2012-05-04 19:30 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 23:32 . 2012-05-04 19:31 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-04 13:53 . 2012-04-26 12:24 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-02-19 15:00 . 2012-11-08 12:06 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-02-12 05:45 . 2013-03-28 11:23 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-28 11:23 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-28 11:23 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-28 11:23 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-28 11:23 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-28 11:23 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-21 13:08 . 2012-02-24 17:50 26624 ----a-w- c:\windows\system32\drivers\ccusbmid.sys
2013-01-17 00:28 . 2012-05-06 05:37 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-03-28 11:23 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-29 10:34 . 2013-01-06 08:28 958272 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-12-29 10:34 . 2013-01-06 08:28 9389888 ----a-w- c:\windows\system32\nvcuda.dll
2012-12-29 10:34 . 2013-01-06 08:28 7931896 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-12-29 10:34 . 2013-01-06 08:28 7565240 ----a-w- c:\windows\system32\nvopencl.dll
2012-12-29 10:34 . 2013-01-06 08:28 6263784 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-12-29 10:34 . 2013-01-06 08:28 30648 ----a-w- c:\windows\system32\drivers\nvpciflt.sys
2012-12-29 10:34 . 2013-01-06 08:28 2904504 ----a-w- c:\windows\system32\nvcuvid.dll
2012-12-29 10:34 . 2013-01-06 08:28 2720696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-12-29 10:34 . 2013-01-06 08:28 26931128 ----a-w- c:\windows\system32\nvoglv64.dll
2012-12-29 10:34 . 2013-01-06 08:28 25256376 ----a-w- c:\windows\system32\nvcompiler.dll
2012-12-29 10:34 . 2013-01-06 08:28 2504248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-12-29 10:34 . 2013-01-06 08:28 2344888 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-12-29 10:34 . 2013-01-06 08:28 20450232 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-12-29 10:34 . 2013-01-06 08:28 1985976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-12-29 10:34 . 2013-01-06 08:28 18054312 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-12-29 10:34 . 2013-01-06 08:28 17560504 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-12-29 10:34 . 2013-01-06 08:28 15129064 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-12-29 10:34 . 2013-01-06 08:28 15052368 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-12-29 10:34 . 2013-01-06 08:28 12641120 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-12-29 10:34 . 2013-01-06 08:28 10997176 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-12-29 10:34 . 2012-10-08 10:42 1504696 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-12-29 10:34 . 2012-10-08 10:42 246024 ----a-w- c:\windows\system32\nvinitx.dll
2012-12-29 10:34 . 2012-10-08 10:42 201728 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-12-29 10:34 . 2012-10-08 10:42 1813432 ----a-w- c:\windows\system32\nvdispco64.dll
2012-12-29 10:34 . 2011-11-16 10:50 1107592 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-12-29 10:34 . 2011-11-16 10:50 2824656 ----a-w- c:\windows\system32\nvapi64.dll
2012-12-29 08:40 . 2011-05-11 11:53 6382008 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-29 08:40 . 2011-05-11 11:52 3455416 ----a-w- c:\windows\system32\nvsvc64.dll
2012-12-29 08:40 . 2011-05-11 11:53 2923201 ----a-w- c:\windows\system32\nvcoproc.bin
2012-12-29 08:40 . 2011-05-11 11:53 997816 ----a-w- c:\windows\system32\nv3dappshext.dll
2012-12-29 08:40 . 2011-05-11 11:53 884152 ----a-w- c:\windows\system32\nvvsvc.exe
2012-12-29 08:40 . 2011-05-11 11:53 63928 ----a-w- c:\windows\system32\nvshext.dll
2012-12-29 08:40 . 2011-05-11 11:53 55736 ----a-w- c:\windows\system32\nv3dappshextr.dll
2012-12-29 08:40 . 2011-05-11 11:53 2558392 ----a-w- c:\windows\system32\nvsvcr.dll
2012-12-29 08:40 . 2011-05-11 11:53 118712 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-26 10:11 . 2013-01-18 20:37 444283 ----a-w- c:\program files (x86)\Common Files\WinPcapNmap.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-11-18 3092088]
"360Amigo"="c:\program files\360Amigo\360Amigo.exe" [2012-10-18 5156128]
"Unified Remote v2"="c:\program files (x86)\Unified Remote\RemoteServer.exe" [2013-02-28 275544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-24 1601536]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "c:\programdata\Nuance\PDF Reader\Ereg\Ereg.ini"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-04-21 294912]
R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-03-08 46592]
R3 CCUSBMIDI;CASIO USB MIDI;c:\windows\system32\Drivers\ccusbmid.sys [2013-01-21 26624]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-07-28 14448]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920]
R3 RTCore64;RTCore64;c:\program files (x86)\RMClock\RTCore64.sys [2005-05-25 7168]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys [2009-12-22 1307648]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-14 1255736]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-12-29 30648]
S0 oodisr;O&O DiskImage Snapshot/Restore Driver;c:\windows\system32\DRIVERS\oodisr.sys [2012-11-27 116496]
S0 oodisrh;oodisrh;c:\windows\system32\DRIVERS\oodisrh.sys [2012-11-27 40720]
S0 oodivd;O&O DiskImage Virtual Devices Driver;c:\windows\system32\DRIVERS\oodivd.sys [2012-11-27 255248]
S0 oodivdh;oodivdh;c:\windows\system32\DRIVERS\oodivdh.sys [2012-11-27 44304]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-26 17536]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-02-19 39768]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-04 379520]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-04-21 1136640]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-03-30 923984]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-03-30 1001808]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-04-21 134928]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 OO DiskImage;OO DiskImage;c:\program files\OO Software\DiskImage\oodiag.exe [2012-11-27 6156144]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-03-06 3560288]
S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-02-19 968880]
S3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-04-21 294912]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-03-30 1321296]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-03-08 51712]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-14 327168]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-09 60416]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 uvhid;Unified Virtual HID;c:\windows\system32\DRIVERS\uvhid.sys [2013-02-27 20992]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-14 19:54 1629648 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-03-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 08:28]
.
2012-07-15 c:\windows\Tasks\ASUS SmartLogon Console Sensor.job
- c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15 18:42]
.
2013-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-27 15:57]
.
2013-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-27 15:57]
.
2013-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1628778170-4223881759-3681946860-1001Core.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-02 08:34]
.
2013-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1628778170-4223881759-3681946860-1001UA.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-02 08:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OODIIcon]
@="{14A94384-BBED-47ed-86C0-6BF63FD892D0}"
[HKEY_CLASSES_ROOT\CLSID\{14A94384-BBED-47ed-86C0-6BF63FD892D0}]
2012-11-27 20:51 114544 ----a-w- c:\program files\OO Software\DiskImage\oodishi.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"SynAsusAcpi"="c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe" [BU]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"OODITRAY.EXE"="c:\program files\OO Software\DiskImage\ooditray.exe" [2012-11-27 4974448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.bing.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files (x86)\Verdict Free\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files (x86)\Verdict Free\etnxp.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\td9vocbn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://atlas.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Software Midi Keyboard v1.8 Demo - c:\program files (x86)\Midimass\Midi Keyboard v1
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODI07.00.00.01PRO"="D3398256296DC673730857ADD0552670FCDE9267E6C6AF2BF5865340DDF15354B9955476B22F16B1F9EC1151D9BA61AA98B0C23582FD26E1C95D24CC1A6C4AEA876F8D3A31EB6905550FDC631FCFE7EADA542C4706E4502E401C5AE01C88862B666A672248D6C581ED5916F58F62F2A8079FED5DCF81BC88191F7A0ECDA58BAB358C68AE11C743FDDC9D6B9B1163D01A94CBFDBB31FE8EA549295E690E47724584C2EF68163C8E15700FDF6B7DE6E1BBAEF6A1AA72297B86F8E0B00DB013E397995AAED858D167272C474A81A0A61C4E35A1F5774B73CCE985CF7495FC55A083EE89AC0F4C4DA1D5C541547D3BFE09D53CB1EAF3EB72E255FEE67D26ACFBFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6171C11EC38DE3DA6171C11EC38DE3DA9C6AECB7A5D140704CD1F14D4620BAA937BAA3AF210AF3C3031D9D0FBD271F3B1C0B9AA15EFCA042522F87FB70F21ABF58C0E09F15E4E1AD5AC289D81CD825502DDF768BF516A35D3FA41A7563930EA20BB3C03C89745A3E52354684BB98128D27FA087EE2A8CA0907641C918C99D58E6A67E6C45F7861FABD242212BC20DAC03A354BF99B61E9EEFF27A86B7AEC484B52DD27289397877863E0C1C47173AC4870FEBAD8B3780AC9B959F64475672250A7666A188A0F63BE9AA7E0F99E8117BE7C76ED1E26E87EBD04799CBA7376894766A21EB0CF1511EDDA31D166FED0D7BC1999D919224FC20E1B2020A92485DD0A1361929B076C9F7FC751CB06A629D1444136B33E0A39EB4B1C829D193087BFA454A1D9367FC98C075B36443800528B9B5887CE468BD9C33BC3D93B78A7660D9AFDD2CC87557E6990D351513FC9704056B8F2DB69A449B4E8D8876B5A9171FD6C3E77ACBF1D955459812FECDF9617D3052848C1CB51136DBC66740287A733C80F7A7F0824BDEF6A984A92780ECAB541C6C865AEE54FEF7529DD80ED05998B288549C2DB7C14451D24F1EC7219A473D4C4CF710EADF6CE1515B21B4D6F2966FC37A0C7E99696BE06F0E554E859B065F6A1C8057AF963EEA18DBC8BAC04E82D52E9A00EABB2BB993D066F85BE85EBDD63F960B0DC28BDC790B121D5CFC42F43B63FAC52892C51ACD701578466A25C8B4BD0C47468C2631EBB4032C0A5E798A69A6766D25F847F8E5676785168F8588FB77602847D821AE14C0C7CB651874E29F5DFACC822F16482675C0158BBD68DBA4268D640D580AC4B4010E93C6C487A48E128B7C92D4EAFD4F7C9A6315418D2D9BA49E76C31FC46F8969955FBAE25AF65C723D5ADFF2529291847E6CD9C805E3BFF2B31F4FA509273D9336CE7F526807A3CF3B86A7722C8597380DF33369B4F0E5350261C4C85F6D723C56C688D78005729F446757212FD679E5F7FE"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-03-29 07:31:16
ComboFix-quarantined-files.txt 2013-03-29 06:31
ComboFix2.txt 2013-03-28 11:18
.
Před spuštěním: Volných bajtů: 169 580 228 608
Po spuštění: Volných bajtů: 169 312 862 208
.
- - End Of File - - EA6370D72DFE7DB354CDBCCF0E39766E

Reklama

Příspěvekod **jaro3** » 29 bře 2013 10:04

AVG
AVG Secure Search
ESET Smart Security
samé zbytky..

Zkus odinstalovat tímto:
AVG remove

http://www.avg.com/eu-en/utilities

Verze pro 32 bit OS:
http://download.avg.com/filedir/util/av ... 3_2706.exe

Verze pro 64 bit OS:
http://download.avg.com/filedir/util/av ... 3_2706.exe

+
ESS:
http://kb.eset.com/esetkb/index?page=content&id=SOLN93

Pak nový log z Combofixu.

Nitram2 · Příspěvekod **Nitram2** » 30 bře 2013 11:55

Dobrý den, když jsem nainstaloval ESS, přestal mi fungovat internet, zkusil jsem restartovat pc ale nepomohlo to, tak jsem to musel odinstalovat.

Příspěvekod **Žbeky** » 30 bře 2013 18:52

Však jaro psal, ať ESS odinstaluješ, ne nainstaluješ

Nitram2 · Příspěvekod **Nitram2** » 30 bře 2013 19:42

Dobrý den, vkládám zde log z ComboFixu: AComboFix 13-03-30.01 - Martin 30.03.2013 19:26:45.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4007.2511 [GMT 1:00]
Spuštěný z: c:\users\Martin\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-02-28 do 2013-03-30 )))))))))))))))))))))))))))))))
.
.
2013-03-30 18:36 . 2013-03-30 18:36 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-03-30 18:36 . 2013-03-30 18:36 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-03-30 18:36 . 2013-03-30 18:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-30 13:14 . 2013-03-30 13:21 -------- d-----w- c:\users\Martin\AppData\Local\Video Enhancer
2013-03-30 11:22 . 2013-03-30 11:22 -------- d-----w- c:\program files (x86)\Mobile Photo Enhancer
2013-03-30 11:16 . 2013-03-30 11:16 -------- d-----w- c:\program files (x86)\Video Enhancer
2013-03-30 05:23 . 2013-03-30 05:23 -------- d-----w- c:\users\Martin\AppData\Local\Diagnostics
2013-03-29 10:03 . 2013-03-19 04:50 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F2E43C0E-8ED9-45B4-883A-9B873E4B0DA3}\mpengine.dll
2013-03-28 20:34 . 2013-01-04 06:11 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-03-28 20:33 . 2013-01-13 20:31 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-03-28 20:33 . 2013-01-13 17:05 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-03-28 20:33 . 2013-01-13 19:59 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-03-28 20:33 . 2013-01-13 19:58 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-03-28 20:33 . 2013-01-13 19:53 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-03-28 20:33 . 2013-01-13 19:25 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-03-28 20:33 . 2013-01-13 19:43 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-03-28 20:33 . 2013-01-13 19:15 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-03-28 20:33 . 2013-01-13 19:10 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-03-28 20:33 . 2013-01-13 19:37 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-03-28 20:33 . 2013-03-28 20:33 -------- d-----w- C:\Intel
2013-03-28 20:08 . 2013-03-28 20:08 -------- d-----w- c:\windows\CheckSur
2013-03-28 16:39 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-28 16:39 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-28 16:39 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-28 16:16 . 2013-03-28 16:16 -------- d-----w- c:\program files\Microsoft Silverlight
2013-03-28 16:16 . 2013-03-28 16:16 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-03-28 16:15 . 2013-03-28 16:15 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-03-28 11:23 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-03-28 11:23 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-28 11:23 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-03-28 11:23 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-03-28 11:23 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-03-28 11:23 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-03-28 11:23 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-03-28 11:23 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-03-28 11:23 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-03-28 11:23 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-03-28 10:41 . 2013-03-28 10:41 -------- d-----w- C:\TDSSKiller_Quarantine
2013-03-28 08:51 . 2013-03-28 10:38 -------- d-----w- c:\users\Martin\AppData\Local\Anvil Studio
2013-03-28 06:43 . 2013-03-30 11:22 -------- d-----w- c:\users\Martin\AppData\Local\CrashDumps
2013-03-27 19:58 . 2013-03-27 19:58 121 ----a-w- c:\windows\DeleteOnReboot.bat
2013-03-27 06:20 . 2013-03-27 06:20 -------- d-----w- c:\users\Martin\AppData\Roaming\Malwarebytes
2013-03-27 06:20 . 2013-03-27 06:20 -------- d-----w- c:\programdata\Malwarebytes
2013-03-27 06:20 . 2013-03-27 06:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-27 06:20 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-27 06:16 . 2013-03-28 16:13 -------- d-----w- c:\users\Martin\AppData\Local\Adobe
2013-03-26 14:21 . 2013-03-26 14:21 388096 ----a-r- c:\users\Martin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-03-26 14:21 . 2013-03-26 14:21 -------- d-----w- c:\program files (x86)\Trend Micro
2013-03-24 15:09 . 2013-03-24 19:22 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2013-03-24 15:09 . 2013-03-24 19:22 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2013-03-24 15:00 . 2013-03-24 15:04 -------- d-----w- c:\users\Martin\AppData\Roaming\Vso
2013-03-19 06:29 . 2013-03-19 06:29 -------- d-----w- c:\program files (x86)\Photo!
2013-03-19 05:56 . 2013-03-19 05:56 -------- d-----w- c:\users\Martin\AppData\Local\Help
2013-03-19 05:56 . 2013-03-24 19:22 -------- d-----w- c:\program files\Focus Magic
2013-03-19 05:56 . 2000-11-13 10:55 109056 ----a-w- c:\windows\SysWow64\ESFinish.exe
2013-03-19 05:16 . 2013-03-19 05:16 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-12 14:38 . 2013-03-12 14:38 -------- d-----w- c:\users\Martin\temp
2013-03-12 14:38 . 2013-03-24 19:09 -------- d-----w- c:\users\Martin\AppData\Roaming\TeamViewer
2013-03-09 16:48 . 2007-04-10 00:06 10752 ----a-w- c:\windows\system32\E_GCINST.DLL
2013-03-09 16:48 . 2009-10-01 02:01 88064 ----a-w- c:\windows\system32\E_IBCBGGE.DLL
2013-03-06 14:47 . 2013-03-28 16:20 -------- d-----w- c:\program files (x86)\Microsoft Works
2013-03-06 14:44 . 2013-03-06 14:44 -------- d-----w- c:\users\Martin\AppData\Local\Microsoft Help
2013-03-03 06:45 . 2013-03-06 23:33 178624 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-03 06:45 . 2013-03-06 23:33 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-02 18:30 . 2013-03-02 18:30 -------- d-----w- c:\users\Martin\AppData\Roaming\MusE
2013-03-02 18:30 . 2013-03-02 18:30 -------- d-----w- c:\users\Martin\AppData\Local\MusE
2013-03-02 18:29 . 2013-03-02 18:29 -------- d-----w- c:\program files (x86)\MuseScore
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-30 18:14 . 2011-11-16 11:08 45056 ----a-w- c:\windows\system32\acovcnt.exe
2013-03-19 05:16 . 2012-07-04 18:07 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-19 05:16 . 2012-07-04 18:07 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-14 08:28 . 2012-04-14 07:41 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-14 08:28 . 2012-04-14 07:41 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-06 23:33 . 2012-05-04 19:31 377920 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2012-05-04 19:31 70992 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-03-06 23:33 . 2012-05-04 19:31 68920 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2012-05-04 19:31 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2012-05-04 19:31 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:33 . 2012-05-04 19:31 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 23:32 . 2012-05-04 19:30 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 23:32 . 2012-05-04 19:31 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-04 13:53 . 2012-04-26 12:24 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-02-27 19:04 . 2013-02-27 19:04 6656 ----a-w- c:\windows\system32\drivers\hidkmdf.sys
2013-02-27 19:04 . 2013-02-27 19:04 20992 ----a-w- c:\windows\system32\drivers\uvhid.sys
2013-02-19 15:00 . 2012-11-08 12:06 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-02-12 05:45 . 2013-03-28 11:23 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-28 11:23 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-28 11:23 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-28 11:23 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-28 11:23 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-28 11:23 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-21 13:08 . 2012-02-24 17:50 26624 ----a-w- c:\windows\system32\drivers\ccusbmid.sys
2013-01-17 00:28 . 2012-05-06 05:37 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-03-28 11:23 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2010-01-26 10:11 . 2013-01-18 20:37 444283 ----a-w- c:\program files (x86)\Common Files\WinPcapNmap.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-11-18 3092088]
"360Amigo"="c:\program files\360Amigo\360Amigo.exe" [2012-10-18 5156128]
"Unified Remote v2"="c:\program files (x86)\Unified Remote\RemoteServer.exe" [2013-02-28 275544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-24 1601536]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "c:\programdata\Nuance\PDF Reader\Ereg\Ereg.ini"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R0 oodivd;O&O DiskImage Virtual Devices Driver;c:\windows\system32\DRIVERS\oodivd.sys [x]
R0 oodivdh;oodivdh;c:\windows\system32\DRIVERS\oodivdh.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-04-21 294912]
R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-03-08 46592]
R3 CCUSBMIDI;CASIO USB MIDI;c:\windows\system32\Drivers\ccusbmid.sys [2013-01-21 26624]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-07-28 14448]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920]
R3 RTCore64;RTCore64;c:\program files (x86)\RMClock\RTCore64.sys [2005-05-25 7168]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys [2009-12-22 1307648]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-14 1255736]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-12-29 30648]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-26 17536]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-02-19 39768]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-04 379520]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-04-21 1136640]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-03-30 923984]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-03-30 1001808]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-04-21 134928]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-03-06 3560288]
S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-02-19 968880]
S3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-04-21 294912]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-03-30 1321296]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-03-08 51712]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-14 327168]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-09 60416]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 uvhid;Unified Virtual HID;c:\windows\system32\DRIVERS\uvhid.sys [2013-02-27 20992]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-14 19:54 1629648 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-03-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 08:28]
.
2012-07-15 c:\windows\Tasks\ASUS SmartLogon Console Sensor.job
- c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15 18:42]
.
2013-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-27 15:57]
.
2013-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-27 15:57]
.
2013-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1628778170-4223881759-3681946860-1001Core.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-02 08:34]
.
2013-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1628778170-4223881759-3681946860-1001UA.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-02 08:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"SynAsusAcpi"="c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe" [BU]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.bing.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files (x86)\Verdict Free\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files (x86)\Verdict Free\etnxp.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\td9vocbn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://atlas.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
AddRemove-Software Midi Keyboard v1.8 Demo - c:\program files (x86)\Midimass\Midi Keyboard v1
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODI07.00.00.01PRO"="D3398256296DC673730857ADD0552670FCDE9267E6C6AF2BF5865340DDF15354B9955476B22F16B1F9EC1151D9BA61AA98B0C23582FD26E1C95D24CC1A6C4AEA876F8D3A31EB6905550FDC631FCFE7EADA542C4706E4502E401C5AE01C88862B666A672248D6C581ED5916F58F62F2A8079FED5DCF81BC88191F7A0ECDA58BAB358C68AE11C743FDDC9D6B9B1163D01A94CBFDBB31FE8EA549295E690E47724584C2EF68163C8E15700FDF6B7DE6E1BBAEF6A1AA72297B86F8E0B00DB013E397995AAED858D167272C474A81A0A61C4E35A1F5774B73CCE985CF7495FC55A083EE89AC0F4C4DA1D5C541547D3BFE09D53CB1EAF3EB72E255FEE67D26ACFBFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6171C11EC38DE3DA6171C11EC38DE3DA9C6AECB7A5D140704CD1F14D4620BAA937BAA3AF210AF3C3031D9D0FBD271F3B1C0B9AA15EFCA042522F87FB70F21ABF58C0E09F15E4E1AD5AC289D81CD825502DDF768BF516A35D3FA41A7563930EA20BB3C03C89745A3E52354684BB98128D27FA087EE2A8CA0907641C918C99D58E6A67E6C45F7861FABD242212BC20DAC03A354BF99B61E9EEFF27A86B7AEC484B52DD27289397877863E0C1C47173AC4870FEBAD8B3780AC9B959F64475672250A7666A188A0F63BE9AA7E0F99E8117BE7C76ED1E26E87EBD04799CBA7376894766A21EB0CF1511EDDA31D166FED0D7BC1999D919224FC20E1B2020A92485DD0A1361929B076C9F7FC751CB06A629D1444136B33E0A39EB4B1C829D193087BFA454A1D9367FC98C075B36443800528B9B5887CE468BD9C33BC3D93B78A7660D9AFDD2CC87557E6990D351513FC9704056B8F2DB69A449B4E8D8876B5A9171FD6C3E77ACBF1D955459812FECDF9617D3052848C1CB51136DBC66740287A733C80F7A7F0824BDEF6A984A92780ECAB541C6C865AEE54FEF7529DD80ED05998B288549C2DB7C14451D24F1EC7219A473D4C4CF710EADF6CE1515B21B4D6F2966FC37A0C7E99696BE06F0E554E859B065F6A1C8057AF963EEA18DBC8BAC04E82D52E9A00EABB2BB993D066F85BE85EBDD63F960B0DC28BDC790B121D5CFC42F43B63FAC52892C51ACD701578466A25C8B4BD0C47468C2631EBB4032C0A5E798A69A6766D25F847F8E5676785168F8588FB77602847D821AE14C0C7CB651874E29F5DFACC822F16482675C0158BBD68DBA4268D640D580AC4B4010E93C6C487A48E128B7C92D4EAFD4F7C9A6315418D2D9BA49E76C31FC46F8969955FBAE25AF65C723D5ADFF2529291847E6CD9C805E3BFF2B31F4FA509273D9336CE7F526807A3CF3B86A7722C8597380DF33369B4F0E5350261C4C85F6D723C56C688D78005729F446757212FD679E5F7FE"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-03-30 19:39:21
ComboFix-quarantined-files.txt 2013-03-30 18:39
ComboFix2.txt 2013-03-29 06:31
ComboFix3.txt 2013-03-28 11:18
.
Před spuštěním: Volných bajtů: 153 796 247 552
Po spuštění: Volných bajtů: 153 719 934 976
.
- - End Of File - - CB0A216B1D5189565E8709F311A0D06A

Příspěvekod **Žbeky** » 31 bře 2013 12:06

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

Folder::
C:\TDSSKiller_Quarantine
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Common Files\AVG Secure Search
c:\program files (x86)\Google\Update
c:\users\Martin\AppData\Local\Google\Update

File::
c:\windows\DeleteOnReboot.bat
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1628778170-4223881759-3681946860-1001Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1628778170-4223881759-3681946860-1001UA.job

Registry::
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=-

Driver::
SkypeUpdate
vToolbarUpdater14.2.0

RegNull::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
Obrázek

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

Nitram2 · Příspěvekod **Nitram2** » 01 dub 2013 08:59

Dobrý den, posílám log z ComboFixu: ComboFix 13-03-31.01 - Martin 01.04.2013 8:11.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4007.2337 [GMT 2:00]
Spuštěný z: c:\users\Martin\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Martin\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\DeleteOnReboot.bat"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1628778170-4223881759-3681946860-1001Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1628778170-4223881759-3681946860-1001UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\AVG Secure Search
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
c:\program files (x86)\Google\Update
c:\program files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
c:\program files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe
c:\program files (x86)\Google\Update\1.3.21.135\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.21.135\GoogleUpdateBroker.exe
c:\program files (x86)\Google\Update\1.3.21.135\GoogleUpdateHelper.msi
c:\program files (x86)\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe
c:\program files (x86)\Google\Update\1.3.21.135\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\1.3.21.135\goopdate.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_am.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_ar.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_bg.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_bn.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_ca.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_cs.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_da.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_de.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_el.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_en-GB.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_en.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_es-419.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_es.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_et.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_fa.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_fi.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_fil.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_fr.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_gu.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_hi.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_hr.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_hu.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_id.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_is.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_it.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_iw.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_ja.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_kn.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_ko.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_lt.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_lv.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_ml.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_mr.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_ms.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_nl.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_no.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_pl.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_pt-BR.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_pt-PT.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_ro.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_ru.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_sk.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_sl.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_sr.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_sv.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_sw.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_ta.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_te.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_th.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_tr.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_uk.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_ur.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_vi.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_zh-CN.dll
c:\program files (x86)\Google\Update\1.3.21.135\goopdateres_zh-TW.dll
c:\program files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
c:\program files (x86)\Google\Update\1.3.21.135\psmachine.dll
c:\program files (x86)\Google\Update\1.3.21.135\psuser.dll
c:\program files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.135\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\25.0.1364.172\25.0.1364.172_25.0.1364.152_chrome_updater.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Skype\Updater\Updater.dll
c:\program files (x86)\Skype\Updater\Updater.exe
C:\TDSSKiller_Quarantine
c:\tdsskiller_quarantine\28.03.2013_11.39.10\zasubsys0000\file0000\object.ini
c:\tdsskiller_quarantine\28.03.2013_11.39.10\zasubsys0000\file0000\trz6DB2.tmp
c:\tdsskiller_quarantine\28.03.2013_11.39.10\zasubsys0000\file0000\tsk0000.ini
c:\tdsskiller_quarantine\28.03.2013_11.39.10\zasubsys0000\object.ini
c:\tdsskiller_quarantine\28.03.2013_11.39.10\zasubsys0000\zafs0000\trz83D2.tmp
c:\tdsskiller_quarantine\28.03.2013_11.39.10\zasubsys0000\zafs0000\trz9070.tmp
c:\tdsskiller_quarantine\28.03.2013_11.39.10\zasubsys0000\zafs0000\tsk0000.dta
c:\tdsskiller_quarantine\28.03.2013_11.39.10\zasubsys0000\zafs0000\tsk0000.ini
c:\tdsskiller_quarantine\28.03.2013_11.39.10\zasubsys0000\zafs0000\tsk0001.ini
c:\users\Martin\AppData\Local\Google\Update
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler64.exe
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\GoogleUpdate.exe
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateBroker.exe
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateHelper.msi
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateSetup.exe
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdate.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_am.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_ar.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_bg.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_bn.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_ca.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_cs.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_da.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_de.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_el.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_en-GB.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_en.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_es-419.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_es.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_et.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_fa.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_fi.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_fil.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_fr.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_gu.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_hi.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_hr.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_hu.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_id.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_is.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_it.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_iw.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_ja.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_kn.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_ko.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_lt.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_lv.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_ml.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_mr.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_ms.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_nl.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_no.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_pl.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_pt-BR.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_pt-PT.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_ro.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_ru.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_sk.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_sl.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_sr.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_sv.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_sw.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_ta.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_te.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_th.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_tr.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_uk.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_ur.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_vi.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_zh-CN.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\goopdateres_zh-TW.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\psmachine.dll
c:\users\Martin\AppData\Local\Google\Update\1.3.21.135\psuser.dll
c:\users\Martin\AppData\Local\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.135\GoogleUpdateSetup.exe
c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe
c:\windows\DeleteOnReboot.bat
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1628778170-4223881759-3681946860-1001Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1628778170-4223881759-3681946860-1001UA.job
.
Nakažená kopie c:\windows\SysWow64\userinit.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\erdnt\cache86\userinit.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
-------\Service_vToolbarUpdater14.2.0
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-03-01 do 2013-04-01 )))))))))))))))))))))))))))))))
.
.
2013-04-01 06:20 . 2013-04-01 06:20 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-04-01 06:20 . 2013-04-01 06:20 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-04-01 06:20 . 2013-04-01 06:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-31 08:01 . 2013-03-31 08:01 -------- d-----w- c:\program files\WinRAR
2013-03-30 13:14 . 2013-03-30 13:21 -------- d-----w- c:\users\Martin\AppData\Local\Video Enhancer
2013-03-30 11:22 . 2013-03-30 11:22 -------- d-----w- c:\program files (x86)\Mobile Photo Enhancer
2013-03-30 11:16 . 2013-03-30 11:16 -------- d-----w- c:\program files (x86)\Video Enhancer
2013-03-30 05:23 . 2013-03-30 05:23 -------- d-----w- c:\users\Martin\AppData\Local\Diagnostics
2013-03-29 10:03 . 2013-03-19 04:50 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F2E43C0E-8ED9-45B4-883A-9B873E4B0DA3}\mpengine.dll
2013-03-28 20:34 . 2013-01-04 06:11 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-03-28 20:33 . 2013-01-13 20:31 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-03-28 20:33 . 2013-01-13 17:05 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-03-28 20:33 . 2013-01-13 19:59 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-03-28 20:33 . 2013-01-13 19:58 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-03-28 20:33 . 2013-01-13 19:53 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-03-28 20:33 . 2013-01-13 19:25 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-03-28 20:33 . 2013-01-13 19:43 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-03-28 20:33 . 2013-01-13 19:15 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-03-28 20:33 . 2013-01-13 19:10 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-03-28 20:33 . 2013-01-13 19:37 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-03-28 20:33 . 2013-03-28 20:33 -------- d-----w- C:\Intel
2013-03-28 20:08 . 2013-03-28 20:08 -------- d-----w- c:\windows\CheckSur
2013-03-28 16:39 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-28 16:39 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-28 16:39 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-28 16:16 . 2013-03-28 16:16 -------- d-----w- c:\program files\Microsoft Silverlight
2013-03-28 16:16 . 2013-03-28 16:16 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-03-28 16:15 . 2013-03-28 16:15 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-03-28 11:23 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-03-28 11:23 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-28 11:23 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-03-28 11:23 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-03-28 11:23 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-03-28 11:23 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-03-28 11:23 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-03-28 11:23 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-03-28 11:23 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-03-28 11:23 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-03-28 08:51 . 2013-03-28 10:38 -------- d-----w- c:\users\Martin\AppData\Local\Anvil Studio
2013-03-28 06:43 . 2013-03-30 11:22 -------- d-----w- c:\users\Martin\AppData\Local\CrashDumps
2013-03-27 06:20 . 2013-03-27 06:20 -------- d-----w- c:\users\Martin\AppData\Roaming\Malwarebytes
2013-03-27 06:20 . 2013-03-27 06:20 -------- d-----w- c:\programdata\Malwarebytes
2013-03-27 06:20 . 2013-03-27 06:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-27 06:20 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-27 06:16 . 2013-03-28 16:13 -------- d-----w- c:\users\Martin\AppData\Local\Adobe
2013-03-26 14:21 . 2013-03-26 14:21 388096 ----a-r- c:\users\Martin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-03-26 14:21 . 2013-03-26 14:21 -------- d-----w- c:\program files (x86)\Trend Micro
2013-03-24 15:09 . 2013-03-24 19:22 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2013-03-24 15:09 . 2013-03-24 19:22 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2013-03-24 15:00 . 2013-03-24 15:04 -------- d-----w- c:\users\Martin\AppData\Roaming\Vso
2013-03-19 06:29 . 2013-03-19 06:29 -------- d-----w- c:\program files (x86)\Photo!
2013-03-19 05:56 . 2013-03-19 05:56 -------- d-----w- c:\users\Martin\AppData\Local\Help
2013-03-19 05:56 . 2013-03-24 19:22 -------- d-----w- c:\program files\Focus Magic
2013-03-19 05:56 . 2000-11-13 10:55 109056 ----a-w- c:\windows\SysWow64\ESFinish.exe
2013-03-19 05:16 . 2013-03-19 05:16 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-12 14:38 . 2013-03-12 14:38 -------- d-----w- c:\users\Martin\temp
2013-03-12 14:38 . 2013-03-24 19:09 -------- d-----w- c:\users\Martin\AppData\Roaming\TeamViewer
2013-03-09 16:48 . 2007-04-10 00:06 10752 ----a-w- c:\windows\system32\E_GCINST.DLL
2013-03-09 16:48 . 2009-10-01 02:01 88064 ----a-w- c:\windows\system32\E_IBCBGGE.DLL
2013-03-06 14:47 . 2013-03-28 16:20 -------- d-----w- c:\program files (x86)\Microsoft Works
2013-03-06 14:44 . 2013-03-06 14:44 -------- d-----w- c:\users\Martin\AppData\Local\Microsoft Help
2013-03-03 06:45 . 2013-03-06 23:33 178624 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-03 06:45 . 2013-03-06 23:33 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-02 18:30 . 2013-03-02 18:30 -------- d-----w- c:\users\Martin\AppData\Roaming\MusE
2013-03-02 18:30 . 2013-03-02 18:30 -------- d-----w- c:\users\Martin\AppData\Local\MusE
2013-03-02 18:29 . 2013-03-02 18:29 -------- d-----w- c:\program files (x86)\MuseScore
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-01 06:21 . 2011-11-16 11:08 45056 ----a-w- c:\windows\system32\acovcnt.exe
2013-03-19 05:16 . 2012-07-04 18:07 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-19 05:16 . 2012-07-04 18:07 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-14 08:28 . 2012-04-14 07:41 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-14 08:28 . 2012-04-14 07:41 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-06 23:33 . 2012-05-04 19:31 377920 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2012-05-04 19:31 70992 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-03-06 23:33 . 2012-05-04 19:31 68920 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2012-05-04 19:31 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2012-05-04 19:31 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:33 . 2012-05-04 19:31 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 23:32 . 2012-05-04 19:30 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 23:32 . 2012-05-04 19:31 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-04 13:53 . 2012-04-26 12:24 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-02-27 19:04 . 2013-02-27 19:04 6656 ----a-w- c:\windows\system32\drivers\hidkmdf.sys
2013-02-27 19:04 . 2013-02-27 19:04 20992 ----a-w- c:\windows\system32\drivers\uvhid.sys
2013-02-19 15:00 . 2012-11-08 12:06 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-02-12 05:45 . 2013-03-28 11:23 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-28 11:23 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-28 11:23 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-28 11:23 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-28 11:23 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-28 11:23 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-21 13:08 . 2012-02-24 17:50 26624 ----a-w- c:\windows\system32\drivers\ccusbmid.sys
2013-01-17 00:28 . 2012-05-06 05:37 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-03-28 11:23 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2010-01-26 10:11 . 2013-01-18 20:37 444283 ----a-w- c:\program files (x86)\Common Files\WinPcapNmap.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-11-18 3092088]
"360Amigo"="c:\program files\360Amigo\360Amigo.exe" [2012-10-18 5156128]
"Unified Remote v2"="c:\program files (x86)\Unified Remote\RemoteServer.exe" [2013-02-28 275544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-24 1601536]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "c:\programdata\Nuance\PDF Reader\Ereg\Ereg.ini"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R0 oodivd;O&O DiskImage Virtual Devices Driver;c:\windows\system32\DRIVERS\oodivd.sys [x]
R0 oodivdh;oodivdh;c:\windows\system32\DRIVERS\oodivdh.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-04-21 294912]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-03-30 1321296]
R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-03-08 46592]
R3 CCUSBMIDI;CASIO USB MIDI;c:\windows\system32\Drivers\ccusbmid.sys [2013-01-21 26624]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-07-28 14448]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920]
R3 RTCore64;RTCore64;c:\program files (x86)\RMClock\RTCore64.sys [2005-05-25 7168]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys [2009-12-22 1307648]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-14 1255736]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-12-29 30648]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-26 17536]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-02-19 39768]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-04 379520]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-04-21 1136640]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-03-30 923984]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-03-30 1001808]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-04-21 134928]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-03-06 3560288]
S3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-04-21 294912]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-03-08 51712]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-14 327168]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-09 60416]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 uvhid;Unified Virtual HID;c:\windows\system32\DRIVERS\uvhid.sys [2013-02-27 20992]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-14 19:54 1629648 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-03-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 08:28]
.
2012-07-15 c:\windows\Tasks\ASUS SmartLogon Console Sensor.job
- c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15 18:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"SynAsusAcpi"="c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe" [BU]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.bing.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files (x86)\Verdict Free\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files (x86)\Verdict Free\etnxp.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\td9vocbn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://atlas.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
AddRemove-Software Midi Keyboard v1.8 Demo - c:\program files (x86)\Midimass\Midi Keyboard v1
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODI07.00.00.01PRO"="D3398256296DC673730857ADD0552670FCDE9267E6C6AF2BF5865340DDF15354B9955476B22F16B1F9EC1151D9BA61AA98B0C23582FD26E1C95D24CC1A6C4AEA876F8D3A31EB6905550FDC631FCFE7EADA542C4706E4502E401C5AE01C88862B666A672248D6C581ED5916F58F62F2A8079FED5DCF81BC88191F7A0ECDA58BAB358C68AE11C743FDDC9D6B9B1163D01A94CBFDBB31FE8EA549295E690E47724584C2EF68163C8E15700FDF6B7DE6E1BBAEF6A1AA72297B86F8E0B00DB013E397995AAED858D167272C474A81A0A61C4E35A1F5774B73CCE985CF7495FC55A083EE89AC0F4C4DA1D5C541547D3BFE09D53CB1EAF3EB72E255FEE67D26ACFBFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6171C11EC38DE3DA6171C11EC38DE3DA9C6AECB7A5D140704CD1F14D4620BAA937BAA3AF210AF3C3031D9D0FBD271F3B1C0B9AA15EFCA042522F87FB70F21ABF58C0E09F15E4E1AD5AC289D81CD825502DDF768BF516A35D3FA41A7563930EA20BB3C03C89745A3E52354684BB98128D27FA087EE2A8CA0907641C918C99D58E6A67E6C45F7861FABD242212BC20DAC03A354BF99B61E9EEFF27A86B7AEC484B52DD27289397877863E0C1C47173AC4870FEBAD8B3780AC9B959F64475672250A7666A188A0F63BE9AA7E0F99E8117BE7C76ED1E26E87EBD04799CBA7376894766A21EB0CF1511EDDA31D166FED0D7BC1999D919224FC20E1B2020A92485DD0A1361929B076C9F7FC751CB06A629D1444136B33E0A39EB4B1C829D193087BFA454A1D9367FC98C075B36443800528B9B5887CE468BD9C33BC3D93B78A7660D9AFDD2CC87557E6990D351513FC9704056B8F2DB69A449B4E8D8876B5A9171FD6C3E77ACBF1D955459812FECDF9617D3052848C1CB51136DBC66740287A733C80F7A7F0824BDEF6A984A92780ECAB541C6C865AEE54FEF7529DD80ED05998B288549C2DB7C14451D24F1EC7219A473D4C4CF710EADF6CE1515B21B4D6F2966FC37A0C7E99696BE06F0E554E859B065F6A1C8057AF963EEA18DBC8BAC04E82D52E9A00EABB2BB993D066F85BE85EBDD63F960B0DC28BDC790B121D5CFC42F43B63FAC52892C51ACD701578466A25C8B4BD0C47468C2631EBB4032C0A5E798A69A6766D25F847F8E5676785168F8588FB77602847D821AE14C0C7CB651874E29F5DFACC822F16482675C0158BBD68DBA4268D640D580AC4B4010E93C6C487A48E128B7C92D4EAFD4F7C9A6315418D2D9BA49E76C31FC46F8969955FBAE25AF65C723D5ADFF2529291847E6CD9C805E3BFF2B31F4FA509273D9336CE7F526807A3CF3B86A7722C8597380DF33369B4F0E5350261C4C85F6D723C56C688D78005729F446757212FD679E5F7FE"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\SmartLogon\smartlogon.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\TeamViewer\Version8\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version8\tv_w32.exe
.
**************************************************************************
.
Celkový čas: 2013-04-01 08:28:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-04-01 06:28
ComboFix2.txt 2013-03-30 18:39
ComboFix3.txt 2013-03-29 06:31
ComboFix4.txt 2013-03-28 11:18
.
Před spuštěním: Volných bajtů: 154 264 039 424
Po spuštění: Volných bajtů: 154 190 700 544
.
- - End Of File - - 650A0A488898EAAD677A3AAD816EE911

Příspěvekod **jaro3** » 01 dub 2013 10:55

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
File::
c:\windows\system32\drivers\avgtpx64.sys

Driver::
avgtp

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

OODI07.00.00.01PRO---to je co za program? OODefrag??

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Nitram2 · Příspěvekod **Nitram2** » 01 dub 2013 21:32

Dobrý den, posílám log z ComboFixu: ComboFix 13-04-01.01 - Martin 01.04.2013 20:25:21.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4007.1904 [GMT 2:00]
Spuštěný z: c:\users\Martin\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Martin\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\avgtpx64.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\avgtpx64.sys
.
Nakažená kopie c:\windows\SysWow64\userinit.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\erdnt\cache86\userinit.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AVGTP
-------\Service_avgtp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-03-01 do 2013-04-01 )))))))))))))))))))))))))))))))
.
.
2013-04-01 18:33 . 2013-04-01 18:33 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-04-01 18:33 . 2013-04-01 18:33 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-04-01 18:33 . 2013-04-01 18:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-01 07:28 . 2013-04-01 07:28 -------- d-----w- c:\windows\cs
2013-04-01 07:24 . 2013-04-01 07:24 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e26979801ce2ea904\DXSETUP.exe
2013-04-01 07:24 . 2013-04-01 07:24 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e26979801ce2ea904\dsetup32.dll
2013-04-01 07:24 . 2013-04-01 07:24 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e26979801ce2ea904\DSETUP.dll
2013-04-01 07:24 . 2013-04-01 07:24 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e06600d31ce2ea903\DSETUP.dll
2013-04-01 07:24 . 2013-04-01 07:24 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e06600d31ce2ea903\DXSETUP.exe
2013-04-01 07:24 . 2013-04-01 07:24 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e06600d31ce2ea903\dsetup32.dll
2013-04-01 07:23 . 2013-04-01 07:23 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\de72b5041ce2ea901\DSETUP.dll
2013-04-01 07:23 . 2013-04-01 07:23 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\de72b5041ce2ea901\DXSETUP.exe
2013-04-01 07:23 . 2013-04-01 07:23 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\de72b5041ce2ea901\dsetup32.dll
2013-03-31 08:01 . 2013-03-31 08:01 -------- d-----w- c:\program files\WinRAR
2013-03-30 13:14 . 2013-03-30 13:21 -------- d-----w- c:\users\Martin\AppData\Local\Video Enhancer
2013-03-30 11:22 . 2013-03-30 11:22 -------- d-----w- c:\program files (x86)\Mobile Photo Enhancer
2013-03-30 11:16 . 2013-03-30 11:16 -------- d-----w- c:\program files (x86)\Video Enhancer
2013-03-30 05:23 . 2013-03-30 05:23 -------- d-----w- c:\users\Martin\AppData\Local\Diagnostics
2013-03-29 10:03 . 2013-03-19 04:50 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F2E43C0E-8ED9-45B4-883A-9B873E4B0DA3}\mpengine.dll
2013-03-28 20:34 . 2013-01-04 06:11 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-03-28 20:33 . 2013-01-13 20:31 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-03-28 20:33 . 2013-01-13 17:05 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-03-28 20:33 . 2013-01-13 19:59 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-03-28 20:33 . 2013-01-13 19:58 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-03-28 20:33 . 2013-01-13 19:53 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-03-28 20:33 . 2013-01-13 19:25 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-03-28 20:33 . 2013-01-13 19:43 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-03-28 20:33 . 2013-01-13 19:15 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-03-28 20:33 . 2013-01-13 19:10 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-03-28 20:33 . 2013-01-13 19:37 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-03-28 20:33 . 2013-03-28 20:33 -------- d-----w- C:\Intel
2013-03-28 20:08 . 2013-03-28 20:08 -------- d-----w- c:\windows\CheckSur
2013-03-28 16:39 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-28 16:39 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-28 16:39 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-28 16:16 . 2013-03-28 16:16 -------- d-----w- c:\program files\Microsoft Silverlight
2013-03-28 16:16 . 2013-03-28 16:16 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-03-28 16:15 . 2013-03-28 16:15 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-03-28 11:23 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-03-28 11:23 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-28 11:23 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-03-28 11:23 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-03-28 11:23 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-03-28 11:23 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-03-28 11:23 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-03-28 11:23 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-03-28 11:23 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-03-28 11:23 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-03-28 08:51 . 2013-03-28 10:38 -------- d-----w- c:\users\Martin\AppData\Local\Anvil Studio
2013-03-28 06:43 . 2013-03-30 11:22 -------- d-----w- c:\users\Martin\AppData\Local\CrashDumps
2013-03-27 06:20 . 2013-03-27 06:20 -------- d-----w- c:\users\Martin\AppData\Roaming\Malwarebytes
2013-03-27 06:20 . 2013-03-27 06:20 -------- d-----w- c:\programdata\Malwarebytes
2013-03-27 06:20 . 2013-03-27 06:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-27 06:20 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-27 06:16 . 2013-03-28 16:13 -------- d-----w- c:\users\Martin\AppData\Local\Adobe
2013-03-26 14:21 . 2013-03-26 14:21 388096 ----a-r- c:\users\Martin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-03-26 14:21 . 2013-03-26 14:21 -------- d-----w- c:\program files (x86)\Trend Micro
2013-03-24 15:09 . 2013-03-24 19:22 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2013-03-24 15:09 . 2013-03-24 19:22 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2013-03-24 15:00 . 2013-03-24 15:04 -------- d-----w- c:\users\Martin\AppData\Roaming\Vso
2013-03-19 06:29 . 2013-03-19 06:29 -------- d-----w- c:\program files (x86)\Photo!
2013-03-19 05:56 . 2013-03-19 05:56 -------- d-----w- c:\users\Martin\AppData\Local\Help
2013-03-19 05:56 . 2013-03-24 19:22 -------- d-----w- c:\program files\Focus Magic
2013-03-19 05:56 . 2000-11-13 10:55 109056 ----a-w- c:\windows\SysWow64\ESFinish.exe
2013-03-19 05:16 . 2013-03-19 05:16 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-12 14:38 . 2013-03-12 14:38 -------- d-----w- c:\users\Martin\temp
2013-03-12 14:38 . 2013-03-24 19:09 -------- d-----w- c:\users\Martin\AppData\Roaming\TeamViewer
2013-03-09 16:48 . 2007-04-10 00:06 10752 ----a-w- c:\windows\system32\E_GCINST.DLL
2013-03-09 16:48 . 2009-10-01 02:01 88064 ----a-w- c:\windows\system32\E_IBCBGGE.DLL
2013-03-06 14:47 . 2013-03-28 16:20 -------- d-----w- c:\program files (x86)\Microsoft Works
2013-03-06 14:44 . 2013-03-06 14:44 -------- d-----w- c:\users\Martin\AppData\Local\Microsoft Help
2013-03-03 06:45 . 2013-03-06 23:33 178624 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-03 06:45 . 2013-03-06 23:33 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-01 18:35 . 2011-11-16 11:08 45056 ----a-w- c:\windows\system32\acovcnt.exe
2013-03-19 05:16 . 2012-07-04 18:07 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-19 05:16 . 2012-07-04 18:07 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-14 08:28 . 2012-04-14 07:41 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-14 08:28 . 2012-04-14 07:41 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-06 23:33 . 2012-05-04 19:31 377920 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2012-05-04 19:31 70992 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-03-06 23:33 . 2012-05-04 19:31 68920 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2012-05-04 19:31 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2012-05-04 19:31 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:33 . 2012-05-04 19:31 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 23:32 . 2012-05-04 19:30 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 23:32 . 2012-05-04 19:31 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-04 13:53 . 2012-04-26 12:24 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-02-27 19:04 . 2013-02-27 19:04 6656 ----a-w- c:\windows\system32\drivers\hidkmdf.sys
2013-02-27 19:04 . 2013-02-27 19:04 20992 ----a-w- c:\windows\system32\drivers\uvhid.sys
2013-02-12 05:45 . 2013-03-28 11:23 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-28 11:23 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-28 11:23 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-28 11:23 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-28 11:23 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-28 11:23 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-21 13:08 . 2012-02-24 17:50 26624 ----a-w- c:\windows\system32\drivers\ccusbmid.sys
2013-01-17 00:28 . 2012-05-06 05:37 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-03-28 11:23 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2010-01-26 10:11 . 2013-01-18 20:37 444283 ----a-w- c:\program files (x86)\Common Files\WinPcapNmap.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-11-18 3092088]
"360Amigo"="c:\program files\360Amigo\360Amigo.exe" [2012-10-18 5156128]
"Unified Remote v2"="c:\program files (x86)\Unified Remote\RemoteServer.exe" [2013-02-28 275544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-24 1601536]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "c:\programdata\Nuance\PDF Reader\Ereg\Ereg.ini"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R0 oodivd;O&O DiskImage Virtual Devices Driver;c:\windows\system32\DRIVERS\oodivd.sys [x]
R0 oodivdh;oodivdh;c:\windows\system32\DRIVERS\oodivdh.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-04-21 294912]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-03-30 1321296]
R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-03-08 46592]
R3 CCUSBMIDI;CASIO USB MIDI;c:\windows\system32\Drivers\ccusbmid.sys [2013-01-21 26624]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-07-28 14448]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920]
R3 RTCore64;RTCore64;c:\program files (x86)\RMClock\RTCore64.sys [2005-05-25 7168]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys [2009-12-22 1307648]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-14 1255736]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-12-29 30648]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-26 17536]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-04 379520]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-04-21 1136640]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-03-30 923984]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-03-30 1001808]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-04-21 134928]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-03-06 3560288]
S3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-04-21 294912]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-03-08 51712]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-14 327168]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-09 60416]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 uvhid;Unified Virtual HID;c:\windows\system32\DRIVERS\uvhid.sys [2013-02-27 20992]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-14 19:54 1629648 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-04-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 08:28]
.
2012-07-15 c:\windows\Tasks\ASUS SmartLogon Console Sensor.job
- c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15 18:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"SynAsusAcpi"="c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe" [BU]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.bing.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files (x86)\Verdict Free\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files (x86)\Verdict Free\etnxp.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\td9vocbn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://atlas.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
AddRemove-Software Midi Keyboard v1.8 Demo - c:\program files (x86)\Midimass\Midi Keyboard v1
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODI07.00.00.01PRO"="D3398256296DC673730857ADD0552670FCDE9267E6C6AF2BF5865340DDF15354B9955476B22F16B1F9EC1151D9BA61AA98B0C23582FD26E1C95D24CC1A6C4AEA876F8D3A31EB6905550FDC631FCFE7EADA542C4706E4502E401C5AE01C88862B666A672248D6C581ED5916F58F62F2A8079FED5DCF81BC88191F7A0ECDA58BAB358C68AE11C743FDDC9D6B9B1163D01A94CBFDBB31FE8EA549295E690E47724584C2EF68163C8E15700FDF6B7DE6E1BBAEF6A1AA72297B86F8E0B00DB013E397995AAED858D167272C474A81A0A61C4E35A1F5774B73CCE985CF7495FC55A083EE89AC0F4C4DA1D5C541547D3BFE09D53CB1EAF3EB72E255FEE67D26ACFBFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6171C11EC38DE3DA6171C11EC38DE3DA9C6AECB7A5D140704CD1F14D4620BAA937BAA3AF210AF3C3031D9D0FBD271F3B1C0B9AA15EFCA042522F87FB70F21ABF58C0E09F15E4E1AD5AC289D81CD825502DDF768BF516A35D3FA41A7563930EA20BB3C03C89745A3E52354684BB98128D27FA087EE2A8CA0907641C918C99D58E6A67E6C45F7861FABD242212BC20DAC03A354BF99B61E9EEFF27A86B7AEC484B52DD27289397877863E0C1C47173AC4870FEBAD8B3780AC9B959F64475672250A7666A188A0F63BE9AA7E0F99E8117BE7C76ED1E26E87EBD04799CBA7376894766A21EB0CF1511EDDA31D166FED0D7BC1999D919224FC20E1B2020A92485DD0A1361929B076C9F7FC751CB06A629D1444136B33E0A39EB4B1C829D193087BFA454A1D9367FC98C075B36443800528B9B5887CE468BD9C33BC3D93B78A7660D9AFDD2CC87557E6990D351513FC9704056B8F2DB69A449B4E8D8876B5A9171FD6C3E77ACBF1D955459812FECDF9617D3052848C1CB51136DBC66740287A733C80F7A7F0824BDEF6A984A92780ECAB541C6C865AEE54FEF7529DD80ED05998B288549C2DB7C14451D24F1EC7219A473D4C4CF710EADF6CE1515B21B4D6F2966FC37A0C7E99696BE06F0E554E859B065F6A1C8057AF963EEA18DBC8BAC04E82D52E9A00EABB2BB993D066F85BE85EBDD63F960B0DC28BDC790B121D5CFC42F43B63FAC52892C51ACD701578466A25C8B4BD0C47468C2631EBB4032C0A5E798A69A6766D25F847F8E5676785168F8588FB77602847D821AE14C0C7CB651874E29F5DFACC822F16482675C0158BBD68DBA4268D640D580AC4B4010E93C6C487A48E128B7C92D4EAFD4F7C9A6315418D2D9BA49E76C31FC46F8969955FBAE25AF65C723D5ADFF2529291847E6CD9C805E3BFF2B31F4FA509273D9336CE7F526807A3CF3B86A7722C8597380DF33369B4F0E5350261C4C85F6D723C56C688D78005729F446757212FD679E5F7FE"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\ASUS\SmartLogon\smartlogon.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\TeamViewer\Version8\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version8\tv_w32.exe
.
**************************************************************************
.
Celkový čas: 2013-04-01 20:41:31 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-04-01 18:41
ComboFix2.txt 2013-04-01 06:28
ComboFix3.txt 2013-03-30 18:39
ComboFix4.txt 2013-03-29 06:31
ComboFix5.txt 2013-04-01 18:23
.
Před spuštěním: Volných bajtů: 153 278 955 520
Po spuštění: Volných bajtů: 153 221 390 336
.
- - End Of File - - 407389E7EE809CEE3092989D43CD913F
A tady je log z HJT:
ComboFix 13-04-01.01 - Martin 01.04.2013 20:25:21.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4007.1904 [GMT 2:00]
Spuštěný z: c:\users\Martin\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Martin\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\avgtpx64.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\avgtpx64.sys
.
Nakažená kopie c:\windows\SysWow64\userinit.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\erdnt\cache86\userinit.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AVGTP
-------\Service_avgtp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-03-01 do 2013-04-01 )))))))))))))))))))))))))))))))
.
.
2013-04-01 18:33 . 2013-04-01 18:33 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-04-01 18:33 . 2013-04-01 18:33 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-04-01 18:33 . 2013-04-01 18:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-01 07:28 . 2013-04-01 07:28 -------- d-----w- c:\windows\cs
2013-04-01 07:24 . 2013-04-01 07:24 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e26979801ce2ea904\DXSETUP.exe
2013-04-01 07:24 . 2013-04-01 07:24 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e26979801ce2ea904\dsetup32.dll
2013-04-01 07:24 . 2013-04-01 07:24 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e26979801ce2ea904\DSETUP.dll
2013-04-01 07:24 . 2013-04-01 07:24 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e06600d31ce2ea903\DSETUP.dll
2013-04-01 07:24 . 2013-04-01 07:24 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e06600d31ce2ea903\DXSETUP.exe
2013-04-01 07:24 . 2013-04-01 07:24 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e06600d31ce2ea903\dsetup32.dll
2013-04-01 07:23 . 2013-04-01 07:23 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\de72b5041ce2ea901\DSETUP.dll
2013-04-01 07:23 . 2013-04-01 07:23 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\de72b5041ce2ea901\DXSETUP.exe
2013-04-01 07:23 . 2013-04-01 07:23 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\de72b5041ce2ea901\dsetup32.dll
2013-03-31 08:01 . 2013-03-31 08:01 -------- d-----w- c:\program files\WinRAR
2013-03-30 13:14 . 2013-03-30 13:21 -------- d-----w- c:\users\Martin\AppData\Local\Video Enhancer
2013-03-30 11:22 . 2013-03-30 11:22 -------- d-----w- c:\program files (x86)\Mobile Photo Enhancer
2013-03-30 11:16 . 2013-03-30 11:16 -------- d-----w- c:\program files (x86)\Video Enhancer
2013-03-30 05:23 . 2013-03-30 05:23 -------- d-----w- c:\users\Martin\AppData\Local\Diagnostics
2013-03-29 10:03 . 2013-03-19 04:50 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F2E43C0E-8ED9-45B4-883A-9B873E4B0DA3}\mpengine.dll
2013-03-28 20:34 . 2013-01-04 06:11 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-03-28 20:33 . 2013-01-13 20:31 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-03-28 20:33 . 2013-01-13 17:05 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-03-28 20:33 . 2013-01-13 19:59 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-03-28 20:33 . 2013-01-13 19:58 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-03-28 20:33 . 2013-01-13 19:53 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-03-28 20:33 . 2013-01-13 19:25 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-03-28 20:33 . 2013-01-13 19:43 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-03-28 20:33 . 2013-01-13 19:15 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-03-28 20:33 . 2013-01-13 19:10 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-03-28 20:33 . 2013-01-13 19:37 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-03-28 20:33 . 2013-03-28 20:33 -------- d-----w- C:\Intel
2013-03-28 20:08 . 2013-03-28 20:08 -------- d-----w- c:\windows\CheckSur
2013-03-28 16:39 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-28 16:39 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-28 16:39 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-28 16:16 . 2013-03-28 16:16 -------- d-----w- c:\program files\Microsoft Silverlight
2013-03-28 16:16 . 2013-03-28 16:16 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-03-28 16:15 . 2013-03-28 16:15 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-03-28 11:23 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-03-28 11:23 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-28 11:23 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-03-28 11:23 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-03-28 11:23 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-03-28 11:23 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-03-28 11:23 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-03-28 11:23 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-03-28 11:23 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-03-28 11:23 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-03-28 08:51 . 2013-03-28 10:38 -------- d-----w- c:\users\Martin\AppData\Local\Anvil Studio
2013-03-28 06:43 . 2013-03-30 11:22 -------- d-----w- c:\users\Martin\AppData\Local\CrashDumps
2013-03-27 06:20 . 2013-03-27 06:20 -------- d-----w- c:\users\Martin\AppData\Roaming\Malwarebytes
2013-03-27 06:20 . 2013-03-27 06:20 -------- d-----w- c:\programdata\Malwarebytes
2013-03-27 06:20 . 2013-03-27 06:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-27 06:20 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-27 06:16 . 2013-03-28 16:13 -------- d-----w- c:\users\Martin\AppData\Local\Adobe
2013-03-26 14:21 . 2013-03-26 14:21 388096 ----a-r- c:\users\Martin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-03-26 14:21 . 2013-03-26 14:21 -------- d-----w- c:\program files (x86)\Trend Micro
2013-03-24 15:09 . 2013-03-24 19:22 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2013-03-24 15:09 . 2013-03-24 19:22 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2013-03-24 15:00 . 2013-03-24 15:04 -------- d-----w- c:\users\Martin\AppData\Roaming\Vso
2013-03-19 06:29 . 2013-03-19 06:29 -------- d-----w- c:\program files (x86)\Photo!
2013-03-19 05:56 . 2013-03-19 05:56 -------- d-----w- c:\users\Martin\AppData\Local\Help
2013-03-19 05:56 . 2013-03-24 19:22 -------- d-----w- c:\program files\Focus Magic
2013-03-19 05:56 . 2000-11-13 10:55 109056 ----a-w- c:\windows\SysWow64\ESFinish.exe
2013-03-19 05:16 . 2013-03-19 05:16 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-12 14:38 . 2013-03-12 14:38 -------- d-----w- c:\users\Martin\temp
2013-03-12 14:38 . 2013-03-24 19:09 -------- d-----w- c:\users\Martin\AppData\Roaming\TeamViewer
2013-03-09 16:48 . 2007-04-10 00:06 10752 ----a-w- c:\windows\system32\E_GCINST.DLL
2013-03-09 16:48 . 2009-10-01 02:01 88064 ----a-w- c:\windows\system32\E_IBCBGGE.DLL
2013-03-06 14:47 . 2013-03-28 16:20 -------- d-----w- c:\program files (x86)\Microsoft Works
2013-03-06 14:44 . 2013-03-06 14:44 -------- d-----w- c:\users\Martin\AppData\Local\Microsoft Help
2013-03-03 06:45 . 2013-03-06 23:33 178624 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-03 06:45 . 2013-03-06 23:33 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-01 18:35 . 2011-11-16 11:08 45056 ----a-w- c:\windows\system32\acovcnt.exe
2013-03-19 05:16 . 2012-07-04 18:07 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-19 05:16 . 2012-07-04 18:07 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-14 08:28 . 2012-04-14 07:41 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-14 08:28 . 2012-04-14 07:41 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-06 23:33 . 2012-05-04 19:31 377920 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2012-05-04 19:31 70992 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-03-06 23:33 . 2012-05-04 19:31 68920 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2012-05-04 19:31 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2012-05-04 19:31 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:33 . 2012-05-04 19:31 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 23:32 . 2012-05-04 19:30 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 23:32 . 2012-05-04 19:31 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-04 13:53 . 2012-04-26 12:24 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-02-27 19:04 . 2013-02-27 19:04 6656 ----a-w- c:\windows\system32\drivers\hidkmdf.sys
2013-02-27 19:04 . 2013-02-27 19:04 20992 ----a-w- c:\windows\system32\drivers\uvhid.sys
2013-02-12 05:45 . 2013-03-28 11:23 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-28 11:23 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-28 11:23 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-28 11:23 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-28 11:23 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-28 11:23 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-21 13:08 . 2012-02-24 17:50 26624 ----a-w- c:\windows\system32\drivers\ccusbmid.sys
2013-01-17 00:28 . 2012-05-06 05:37 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-03-28 11:23 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2010-01-26 10:11 . 2013-01-18 20:37 444283 ----a-w- c:\program files (x86)\Common Files\WinPcapNmap.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-11-18 3092088]
"360Amigo"="c:\program files\360Amigo\360Amigo.exe" [2012-10-18 5156128]
"Unified Remote v2"="c:\program files (x86)\Unified Remote\RemoteServer.exe" [2013-02-28 275544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-24 1601536]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "c:\programdata\Nuance\PDF Reader\Ereg\Ereg.ini"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R0 oodivd;O&O DiskImage Virtual Devices Driver;c:\windows\system32\DRIVERS\oodivd.sys [x]
R0 oodivdh;oodivdh;c:\windows\system32\DRIVERS\oodivdh.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-04-21 294912]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-03-30 1321296]
R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-03-08 46592]
R3 CCUSBMIDI;CASIO USB MIDI;c:\windows\system32\Drivers\ccusbmid.sys [2013-01-21 26624]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-07-28 14448]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920]
R3 RTCore64;RTCore64;c:\program files (x86)\RMClock\RTCore64.sys [2005-05-25 7168]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys [2009-12-22 1307648]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-14 1255736]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-12-29 30648]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-26 17536]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-04 379520]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-04-21 1136640]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-03-30 923984]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-03-30 1001808]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-04-21 134928]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-03-06 3560288]
S3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-04-21 294912]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-03-08 51712]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-14 327168]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-09 60416]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 uvhid;Unified Virtual HID;c:\windows\system32\DRIVERS\uvhid.sys [2013-02-27 20992]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-14 19:54 1629648 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-04-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 08:28]
.
2012-07-15 c:\windows\Tasks\ASUS SmartLogon Console Sensor.job
- c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15 18:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"SynAsusAcpi"="c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe" [BU]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.bing.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files (x86)\Verdict Free\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files (x86)\Verdict Free\etnxp.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\td9vocbn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://atlas.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
AddRemove-Software Midi Keyboard v1.8 Demo - c:\program files (x86)\Midimass\Midi Keyboard v1
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODI07.00.00.01PRO"="D3398256296DC673730857ADD0552670FCDE9267E6C6AF2BF5865340DDF15354B9955476B22F16B1F9EC1151D9BA61AA98B0C23582FD26E1C95D24CC1A6C4AEA876F8D3A31EB6905550FDC631FCFE7EADA542C4706E4502E401C5AE01C88862B666A672248D6C581ED5916F58F62F2A8079FED5DCF81BC88191F7A0ECDA58BAB358C68AE11C743FDDC9D6B9B1163D01A94CBFDBB31FE8EA549295E690E47724584C2EF68163C8E15700FDF6B7DE6E1BBAEF6A1AA72297B86F8E0B00DB013E397995AAED858D167272C474A81A0A61C4E35A1F5774B73CCE985CF7495FC55A083EE89AC0F4C4DA1D5C541547D3BFE09D53CB1EAF3EB72E255FEE67D26ACFBFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6171C11EC38DE3DA6171C11EC38DE3DA9C6AECB7A5D140704CD1F14D4620BAA937BAA3AF210AF3C3031D9D0FBD271F3B1C0B9AA15EFCA042522F87FB70F21ABF58C0E09F15E4E1AD5AC289D81CD825502DDF768BF516A35D3FA41A7563930EA20BB3C03C89745A3E52354684BB98128D27FA087EE2A8CA0907641C918C99D58E6A67E6C45F7861FABD242212BC20DAC03A354BF99B61E9EEFF27A86B7AEC484B52DD27289397877863E0C1C47173AC4870FEBAD8B3780AC9B959F64475672250A7666A188A0F63BE9AA7E0F99E8117BE7C76ED1E26E87EBD04799CBA7376894766A21EB0CF1511EDDA31D166FED0D7BC1999D919224FC20E1B2020A92485DD0A1361929B076C9F7FC751CB06A629D1444136B33E0A39EB4B1C829D193087BFA454A1D9367FC98C075B36443800528B9B5887CE468BD9C33BC3D93B78A7660D9AFDD2CC87557E6990D351513FC9704056B8F2DB69A449B4E8D8876B5A9171FD6C3E77ACBF1D955459812FECDF9617D3052848C1CB51136DBC66740287A733C80F7A7F0824BDEF6A984A92780ECAB541C6C865AEE54FEF7529DD80ED05998B288549C2DB7C14451D24F1EC7219A473D4C4CF710EADF6CE1515B21B4D6F2966FC37A0C7E99696BE06F0E554E859B065F6A1C8057AF963EEA18DBC8BAC04E82D52E9A00EABB2BB993D066F85BE85EBDD63F960B0DC28BDC790B121D5CFC42F43B63FAC52892C51ACD701578466A25C8B4BD0C47468C2631EBB4032C0A5E798A69A6766D25F847F8E5676785168F8588FB77602847D821AE14C0C7CB651874E29F5DFACC822F16482675C0158BBD68DBA4268D640D580AC4B4010E93C6C487A48E128B7C92D4EAFD4F7C9A6315418D2D9BA49E76C31FC46F8969955FBAE25AF65C723D5ADFF2529291847E6CD9C805E3BFF2B31F4FA509273D9336CE7F526807A3CF3B86A7722C8597380DF33369B4F0E5350261C4C85F6D723C56C688D78005729F446757212FD679E5F7FE"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\ASUS\SmartLogon\smartlogon.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\TeamViewer\Version8\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version8\tv_w32.exe
.
**************************************************************************
.
Celkový čas: 2013-04-01 20:41:31 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-04-01 18:41
ComboFix2.txt 2013-04-01 06:28
ComboFix3.txt 2013-03-30 18:39
ComboFix4.txt 2013-03-29 06:31
ComboFix5.txt 2013-04-01 18:23
.
Před spuštěním: Volných bajtů: 153 278 955 520
Po spuštění: Volných bajtů: 153 221 390 336
.
- - End Of File - - 407389E7EE809CEE3092989D43CD913F
A ještě z aswMBR:
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-01 21:00:55
-----------------------------
21:00:55.300 OS Version: Windows x64 6.1.7601 Service Pack 1
21:00:55.300 Number of processors: 2 586 0x2A07
21:00:55.300 ComputerName: MARTIN-PC UserName: Martin
21:00:56.060 Initialize success
21:00:56.149 AVAST engine defs: 13040100
21:01:34.791 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:01:34.791 Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 3
21:01:34.947 Disk 0 MBR read successfully
21:01:34.947 Disk 0 MBR scan
21:01:34.962 Disk 0 Windows 7 default MBR code
21:01:34.962 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 25600 MB offset 2048
21:01:34.978 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 286161 MB offset 52430848
21:01:35.009 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 403641 MB offset 638488576
21:01:35.165 Disk 0 scanning C:\Windows\system32\drivers
21:01:44.447 Service scanning
21:02:11.966 Modules scanning
21:02:11.981 Disk 0 trace - called modules:
21:02:11.997 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
21:02:12.527 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004fd7060]
21:02:12.527 3 CLASSPNP.SYS[fffff88001af543f] -> nt!IofCallDriver -> [0xfffffa8004a28040]
21:02:12.543 5 ACPI.sys[fffff88000d607a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004a30050]
21:02:13.307 AVAST engine scan C:\Windows
21:02:16.458 AVAST engine scan C:\Windows\system32
21:04:15.565 AVAST engine scan C:\Windows\system32\drivers
21:04:25.564 AVAST engine scan C:\Users\Martin
21:09:50.029 File: C:\Users\Martin\Desktop\RK_Quarantine\trz86C6.tmp **INFECTED** Win32:Malware-gen
21:09:50.076 File: C:\Users\Martin\Desktop\RK_Quarantine\trz99BB.tmp **INFECTED** Win32:Malware-gen
21:09:50.107 File: C:\Users\Martin\Desktop\RK_Quarantine\trz9A38.tmp **INFECTED** Win32:Trojan-gen
21:11:14.503 AVAST engine scan C:\ProgramData
21:16:06.957 Scan finished successfully
21:18:29.678 Disk 0 MBR has been saved successfully to "C:\Users\Martin\Desktop\MBR.dat"
21:18:29.678 The log file has been saved successfully to "C:\Users\Martin\Desktop\aswMBR.txt"

Příspěvekod **jaro3** » 02 dub 2013 15:36

Smaž z plochy:

C:\Users\Martin\Desktop\RK_Quarantine

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Co problémy?

Nitram2 · Příspěvekod **Nitram2** » 03 dub 2013 06:57

Dobrý den, nejde mi odinstalovat ComboFix.

Příspěvekod **jaro3** » 03 dub 2013 09:47

Stáhni si ToolsCleaner2( by de A.Rothstein & Dj Quiou )

na plochu a spusť ho.
Klikni na Pt. Restauration (obnova) a poté na OK.
Klikni na Corbeille (koš) a poté na OK.
Klikni na Fichiers temp (temp složky) a poté na OK.
Klikni na Recherche (hledání) a nech Cleaner pracovat. Může se během čištění zastavit , ale nech ho pokračovat.
Když program skončí , klikni na Suppression (odstranění)a odstraň nalezené.
Zavři program.
Program maže i všechny nástroje na odvirování a vytváření logů , které se zde používají (HJT, Combofix, OTM, OTL, OTS atd.)

Jsou nějaké problémy?

Log z HJT Vyřešeno

Re: Log z HJT

Re: Log z HJT

Re: Log z HJT

Re: Log z HJT

Re: Log z HJT

Re: Log z HJT

Re: Log z HJT

Re: Log z HJT

Re: Log z HJT

Re: Log z HJT

Re: Log z HJT

Re: Log z HJT

Kdo je online