Mám problém s internetem v internet exploreru. Po odstranění hromady havěti super antispywarem (kromě označeného avastu, který mi nejde vypnout) jsem projem pc combofixem. Nevím, zda je ještě v něčem problém, a tak přikládám log a žádám o radu. Předem děkuji.
ComboFix 12-12-20.02 - Rychetský 21.12.2012 19:03:56.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4007.2176 [GMT 1:00]
Spuštěný z: c:\users\Rychetskř\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Funmoods
c:\program files (x86)\Funmoods\1.5.23.22\bh\escort.dll
c:\program files (x86)\Funmoods\1.5.23.22\escortApp.dll
c:\program files (x86)\Funmoods\1.5.23.22\escortEng.dll
c:\program files (x86)\Funmoods\1.5.23.22\escortShld.dll
c:\program files (x86)\Funmoods\1.5.23.22\FavIcon.ico
c:\program files (x86)\Funmoods\1.5.23.22\funmoodssrv.exe
c:\program files (x86)\Funmoods\1.5.23.22\uninstall.exe
c:\programdata\Roaming
c:\windows\IsUn0407.exe
Q:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-21 do 2012-12-21 )))))))))))))))))))))))))))))))
.
.
2012-12-21 18:20 . 2012-12-21 18:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-21 16:18 . 2012-12-21 16:18 -------- d-----w- c:\users\Rychetský\AppData\Roaming\SUPERAntiSpyware.com
2012-12-21 16:17 . 2012-12-21 16:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-12-21 16:17 . 2012-12-21 16:17 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-12-20 13:36 . 2012-12-20 13:36 -------- d-----w- c:\users\Rychetský\AppData\Local\{9C42CB0E-A6DE-46E3-A53E-A8816506EE26}
2012-12-19 18:12 . 2012-12-19 18:12 -------- d-----w- c:\users\Rychetský\AppData\Local\{0095E821-A6DF-4A40-823F-18AE80FE8B6E}
2012-12-18 14:35 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C469815E-BBA3-423F-926D-6E34ADA735E8}\mpengine.dll
2012-12-14 15:16 . 2012-12-14 15:16 -------- d-----w- c:\users\Rychetský\AppData\Local\Macromedia
2012-12-14 05:21 . 2012-12-17 08:22 -------- d-----w- c:\program files (x86)\MyPlayCity.com
2012-12-13 07:35 . 2012-12-13 09:37 -------- d-----w- c:\program files (x86)\Phenomedia AG
2012-12-13 07:34 . 2012-12-13 07:34 -------- d-----w- c:\windows\_ISTMP1.DIR
2012-12-13 07:34 . 2012-12-13 07:34 -------- d-----w- c:\programdata\Browser Manager
2012-12-13 05:28 . 2012-12-13 05:35 -------- d-----w- c:\program files (x86)\phenomedia
2012-12-13 05:27 . 2012-12-13 05:27 311428 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2012-12-13 05:27 . 2012-12-13 05:27 184452 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2012-12-13 05:27 . 2003-09-03 01:28 724992 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2012-12-13 05:27 . 2003-09-03 01:27 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2012-12-13 05:27 . 2003-09-03 01:26 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2012-12-13 05:27 . 2003-09-03 01:26 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2012-12-13 05:27 . 2003-09-03 01:25 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2012-12-13 05:27 . 2003-09-03 01:23 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-12-13 05:08 . 2012-12-13 05:16 -------- d-----w- c:\users\Rychetský\AppData\Local\Torch
2012-12-13 05:04 . 2012-12-14 04:42 -------- d-----w- c:\programdata\boost_interprocess
2012-12-13 05:03 . 2012-12-13 05:08 -------- d-----w- c:\users\Rychetský\AppData\Local\iLivid
2012-12-12 04:51 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-10 16:48 . 2012-12-10 16:48 -------- d-----w- c:\users\Rychetský\AppData\Roaming\Autodesk
2012-12-10 16:47 . 2012-12-10 16:47 -------- d-----w- c:\users\Rychetský\AppData\Local\Autodesk
2012-12-10 10:03 . 2012-12-10 10:03 -------- d-----w- c:\users\Rychetský\AppData\Local\Mozilla
2012-12-10 10:03 . 2012-12-10 10:03 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-12-05 14:43 . 2012-12-06 10:41 -------- d-----w- c:\program files (x86)\hpmonitor
2012-12-05 14:43 . 2012-12-05 14:43 -------- d-----w- c:\users\Rychetský\AppData\Local\{4B0B4645-1327-4907-91E0-AE6DD29DC5CE}
2012-12-05 14:43 . 2012-12-17 08:25 -------- d-----w- c:\programdata\SweetIM
2012-12-05 14:43 . 2012-12-17 08:25 -------- d-----w- c:\program files (x86)\SweetIM
2012-12-05 06:43 . 2012-12-05 06:43 -------- d-----w- c:\users\Rychetský\AppData\Roaming\RegistryKeys
2012-12-04 09:44 . 2012-12-04 09:44 -------- d-----w- c:\program files (x86)\Seznam.cz
2012-12-04 09:44 . 2012-12-21 17:10 -------- d-----w- c:\users\Rychetský\AppData\Roaming\Seznam.cz
2012-12-04 09:44 . 2012-12-21 17:06 -------- d-----w- c:\program files (x86)\Zrychleni Pocitace
2012-11-28 14:53 . 2012-11-30 06:51 -------- d-----w- c:\program files (x86)\Arkanoid 3
2012-11-28 14:43 . 2012-11-28 14:46 -------- d-----w- c:\users\Rychetský\AppData\Roaming\DeepVoyage
2012-11-28 14:26 . 2012-11-28 14:26 -------- d-----w- c:\programdata\rionix
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 15:16 . 2012-06-24 07:41 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-14 15:16 . 2012-02-04 17:45 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 20:47 . 2012-01-11 12:01 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-02 07:52 . 2012-02-02 19:48 952 --sha-w- c:\programdata\KGyGaAvL.sys
2012-10-30 22:51 . 2011-12-31 18:54 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-08-31 03:38 21136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-10-30 22:51 . 2011-12-31 18:54 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2011-12-31 18:54 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2011-12-31 18:54 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2011-12-31 18:54 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2011-12-31 18:53 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2011-12-31 18:53 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2011-12-31 18:54 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-15 16:59 . 2012-05-04 11:43 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-04 16:40 . 2012-12-12 04:51 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-09-25 22:47 . 2012-11-14 07:20 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-14 07:20 95744 ----a-w- c:\windows\system32\synceng.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-07-04 13:03 1310040 ----a-r- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTT"="c:\program files\PC-Doctor\EnableToolbarW32.exe" [2011-06-27 23120]
"PCSpeedUp"="c:\program files (x86)\Zrychleni Pocitace\PCSUNotifier.exe" [2012-11-07 255856]
"cz.seznam.software.autoupdate"="c:\users\Rychetský\AppData\Roaming\Seznam.cz\szninstall.exe" [2012-09-13 1009288]
"cz.seznam.software.szndesktop"="c:\users\Rychetský\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" [2012-11-12 91704]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-12 336384]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-08-31 1629544]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"seznam-listicka-distribuce"="c:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2012-09-13 1009288]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2012-10-04 115032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-07-09 144232]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-04-27 436776]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-04-27 39976]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-06-21 34200]
R3 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 PCDSRVC{127174DC-C366ED8B-06020200}_0;PCDSRVC{127174DC-C366ED8B-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms [2011-06-27 25584]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-08-31 87400]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-08-31 173416]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-01 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2011-03-30 23664]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2011-07-09 32104]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-11 203264]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-16 198784]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-05-31 41320]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-05-31 59240]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 PCSUService;PC Speed Up Service;c:\program files (x86)\Zrychleni Pocitace\PCSUService.exe [2012-11-07 312176]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [2011-05-26 101888]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-02-13 84080]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2011-03-05 166016]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-08-08 12289472]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-06-21 25496]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - SASDIFSV
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 15:16]
.
2012-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-23 15:29]
.
2012-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-23 15:29]
.
2012-12-21 c:\windows\Tasks\PC SpeedUp Service Deactivator.job
- c:\program files (x86)\Zrychleni Pocitace\PCSUSD.exe [2012-12-04 11:34]
.
2012-12-13 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
2012-12-21 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"TpShocks"="TpShocks.exe" [2011-03-29 380776]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-04-26 310912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-05-31 40808]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2011-06-10 5990200]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.myplaycity.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://home.myplaycity.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Rychetský\AppData\Roaming\Mozilla\Firefox\Profiles\p706qtfs.default\
FF - prefs.js: Keyword.Enabled - true
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: keyword.URL - hxxp://home.myplaycity.com/results.php?category=web&s=
FF - ExtSQL: 2012-11-08 13:45; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2012-12-10 11:03; {ea614400-e918-4741-9a97-7a972ff7c30b}; c:\users\RychetskĂ½\AppData\Roaming\Mozilla\Firefox\Profiles\p706qtfs.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - c:\progra~2\Funmoods\1.5.23.22\bh\escort.dll
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-Media Finder - c:\program files (x86)\Media Finder\Media Finder.exe
Wow6432Node-HKLM-Run-Sweetpacks Communicator - c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
Toolbar-10 - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Moorhuhn 2 V1.1 - c:\windows\IsUn0407.exe
AddRemove-Moorhuhn Winter-Edition - c:\windows\IsUn0407.exe
AddRemove-Funmoods Web Search - c:\progra~2\Funmoods\1.5.23.22\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06020200}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-12-21 20:29:11
ComboFix-quarantined-files.txt 2012-12-21 19:29
.
Před spuštěním: Volných bajtů: 191 167 483 904
Po spuštění: Volných bajtů: 191 381 491 712
.
- - End Of File - - 5142C7EBCF79ABEC13AE9C72BFEB0549
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Pomalé internetové spojení
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119522
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalé internetové spojení
Proč spouštíte ComboFix, utilitu určenou pouze odborníkům? Hodláte si zbořit systém?. Kdybyste četl pravidla, dal byste log z RSIT a teprva na základě jeho posouzení by rádce rozhodl, co dále.
Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:
Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.KillAll::
Folder::
c:\programdata\SweetIM
c:\program files (x86)\SweetIM
File::
c:\programdata\KGyGaAvL.sys
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
Registry::
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
[-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SweetIM"=-
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
Reboot::
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomalé internetové spojení
Omlouvám se, už vše budu dělat jak mám.
Potom co jsem postupoval dle pokynů, tak se vykonaly 4 fáze, ale pak už nic bez jakéhokoliv výpisu. Přitom to probíhá uiž kolem 2 hodin (je tam psáno, že u zvlášť zavirovaného systému to může trvat až 20 min). Mohu to kilnout?
Potom co jsem postupoval dle pokynů, tak se vykonaly 4 fáze, ale pak už nic bez jakéhokoliv výpisu. Přitom to probíhá uiž kolem 2 hodin (je tam psáno, že u zvlášť zavirovaného systému to může trvat až 20 min). Mohu to kilnout?
-
Rudy
- Site Admin
- Příspěvky: 119522
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalé internetové spojení
Můžete a zkuste CF spustit stejným způsobem, ale v nouz. režimu.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomalé internetové spojení
Už to doběhlo, po asi 14 hodinách. Přikládám report a uctivě se ptám, je-li v něčem problém.
ComboFix 12-12-20.02 - Rychetský 21.12.2012 22:16:43.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4007.1910 [GMT 1:00]
Spuštěný z: c:\users\Rychetskř\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Rychetskř\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-22 do 2012-12-22 )))))))))))))))))))))))))))))))
.
.
2012-12-22 06:57 . 2012-12-22 06:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-22 02:02 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0D2ECF0-1D2F-45A5-8380-CBE01580296F}\mpengine.dll
2012-12-21 16:18 . 2012-12-21 16:18 -------- d-----w- c:\users\Rychetský\AppData\Roaming\SUPERAntiSpyware.com
2012-12-21 16:17 . 2012-12-21 16:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-12-21 16:17 . 2012-12-21 16:17 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-12-20 13:36 . 2012-12-20 13:36 -------- d-----w- c:\users\Rychetský\AppData\Local\{9C42CB0E-A6DE-46E3-A53E-A8816506EE26}
2012-12-19 18:12 . 2012-12-19 18:12 -------- d-----w- c:\users\Rychetský\AppData\Local\{0095E821-A6DF-4A40-823F-18AE80FE8B6E}
2012-12-14 15:16 . 2012-12-14 15:16 -------- d-----w- c:\users\Rychetský\AppData\Local\Macromedia
2012-12-14 05:21 . 2012-12-17 08:22 -------- d-----w- c:\program files (x86)\MyPlayCity.com
2012-12-13 07:35 . 2012-12-13 09:37 -------- d-----w- c:\program files (x86)\Phenomedia AG
2012-12-13 07:34 . 2012-12-13 07:34 -------- d-----w- c:\windows\_ISTMP1.DIR
2012-12-13 07:34 . 2012-12-13 07:34 -------- d-----w- c:\programdata\Browser Manager
2012-12-13 05:28 . 2012-12-13 05:35 -------- d-----w- c:\program files (x86)\phenomedia
2012-12-13 05:27 . 2012-12-13 05:27 311428 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2012-12-13 05:27 . 2012-12-13 05:27 184452 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2012-12-13 05:27 . 2003-09-03 01:28 724992 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2012-12-13 05:27 . 2003-09-03 01:27 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2012-12-13 05:27 . 2003-09-03 01:26 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2012-12-13 05:27 . 2003-09-03 01:26 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2012-12-13 05:27 . 2003-09-03 01:25 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2012-12-13 05:27 . 2003-09-03 01:23 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-12-13 05:08 . 2012-12-13 05:16 -------- d-----w- c:\users\Rychetský\AppData\Local\Torch
2012-12-13 05:04 . 2012-12-14 04:42 -------- d-----w- c:\programdata\boost_interprocess
2012-12-13 05:03 . 2012-12-13 05:08 -------- d-----w- c:\users\Rychetský\AppData\Local\iLivid
2012-12-12 04:51 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-10 16:48 . 2012-12-10 16:48 -------- d-----w- c:\users\Rychetský\AppData\Roaming\Autodesk
2012-12-10 16:47 . 2012-12-10 16:47 -------- d-----w- c:\users\Rychetský\AppData\Local\Autodesk
2012-12-10 10:03 . 2012-12-10 10:03 -------- d-----w- c:\users\Rychetský\AppData\Local\Mozilla
2012-12-10 10:03 . 2012-12-10 10:03 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-12-05 14:43 . 2012-12-06 10:41 -------- d-----w- c:\program files (x86)\hpmonitor
2012-12-05 14:43 . 2012-12-05 14:43 -------- d-----w- c:\users\Rychetský\AppData\Local\{4B0B4645-1327-4907-91E0-AE6DD29DC5CE}
2012-12-05 14:43 . 2012-12-17 08:25 -------- d-----w- c:\programdata\SweetIM
2012-12-05 14:43 . 2012-12-17 08:25 -------- d-----w- c:\program files (x86)\SweetIM
2012-12-05 06:43 . 2012-12-05 06:43 -------- d-----w- c:\users\Rychetský\AppData\Roaming\RegistryKeys
2012-12-04 09:44 . 2012-12-04 09:44 -------- d-----w- c:\program files (x86)\Seznam.cz
2012-12-04 09:44 . 2012-12-21 17:10 -------- d-----w- c:\users\Rychetský\AppData\Roaming\Seznam.cz
2012-12-04 09:44 . 2012-12-21 17:06 -------- d-----w- c:\program files (x86)\Zrychleni Pocitace
2012-11-28 14:53 . 2012-11-30 06:51 -------- d-----w- c:\program files (x86)\Arkanoid 3
2012-11-28 14:43 . 2012-11-28 14:46 -------- d-----w- c:\users\Rychetský\AppData\Roaming\DeepVoyage
2012-11-28 14:26 . 2012-11-28 14:26 -------- d-----w- c:\programdata\rionix
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 15:16 . 2012-06-24 07:41 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-14 15:16 . 2012-02-04 17:45 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 20:47 . 2012-01-11 12:01 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-02 07:52 . 2012-02-02 19:48 952 --sha-w- c:\programdata\KGyGaAvL.sys
2012-10-30 22:51 . 2011-12-31 18:54 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-08-31 03:38 21136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-10-30 22:51 . 2011-12-31 18:54 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2011-12-31 18:54 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2011-12-31 18:54 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2011-12-31 18:54 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2011-12-31 18:53 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2011-12-31 18:53 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2011-12-31 18:54 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-15 16:59 . 2012-05-04 11:43 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-04 16:40 . 2012-12-12 04:51 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-09-25 22:47 . 2012-11-14 07:20 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-14 07:20 95744 ----a-w- c:\windows\system32\synceng.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}]
c:\progra~2\Funmoods\1.5.23.22\bh\escort.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-07-04 13:03 1310040 ----a-r- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTT"="c:\program files\PC-Doctor\EnableToolbarW32.exe" [2011-06-27 23120]
"PCSpeedUp"="c:\program files (x86)\Zrychleni Pocitace\PCSUNotifier.exe" [2012-11-07 255856]
"cz.seznam.software.autoupdate"="c:\users\Rychetský\AppData\Roaming\Seznam.cz\szninstall.exe" [2012-09-13 1009288]
"cz.seznam.software.szndesktop"="c:\users\Rychetský\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" [2012-11-12 91704]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-12 336384]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-08-31 1629544]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"seznam-listicka-distribuce"="c:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2012-09-13 1009288]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2012-10-04 115032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-07-09 144232]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-04-27 436776]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-04-27 39976]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-06-21 34200]
R3 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-08-31 87400]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-08-31 173416]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-01 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2011-03-30 23664]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2011-07-09 32104]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-11 203264]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-16 198784]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-05-31 41320]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-05-31 59240]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 PCSUService;PC Speed Up Service;c:\program files (x86)\Zrychleni Pocitace\PCSUService.exe [2012-11-07 312176]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [2011-05-26 101888]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-02-13 84080]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2011-03-05 166016]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-08-08 12289472]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-06-21 25496]
S3 PCDSRVC{127174DC-C366ED8B-06020200}_0;PCDSRVC{127174DC-C366ED8B-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms [2011-06-27 25584]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - SASDIFSV
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 15:16]
.
2012-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-23 15:29]
.
2012-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-23 15:29]
.
2012-12-21 c:\windows\Tasks\PC SpeedUp Service Deactivator.job
- c:\program files (x86)\Zrychleni Pocitace\PCSUSD.exe [2012-12-04 11:34]
.
2012-12-13 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
2012-12-21 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"TpShocks"="TpShocks.exe" [2011-03-29 380776]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-04-26 310912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-05-31 40808]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2011-06-10 5990200]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.myplaycity.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://home.myplaycity.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Rychetský\AppData\Roaming\Mozilla\Firefox\Profiles\p706qtfs.default\
FF - prefs.js: Keyword.Enabled - true
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: keyword.URL - hxxp://home.myplaycity.com/results.php?category=web&s=
FF - ExtSQL: 2012-11-08 13:45; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2012-12-10 11:03; {ea614400-e918-4741-9a97-7a972ff7c30b}; c:\users\RychetskĂ½\AppData\Roaming\Mozilla\Firefox\Profiles\p706qtfs.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
AddRemove-Moorhuhn 2 V1.1 - c:\windows\IsUn0407.exe
AddRemove-Moorhuhn Winter-Edition - c:\windows\IsUn0407.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06020200}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-12-22 13:36:27
ComboFix-quarantined-files.txt 2012-12-22 12:36
ComboFix2.txt 2012-12-21 19:29
.
Před spuštěním: Volných bajtů: 193 350 246 400
Po spuštění: Volných bajtů: 193 162 702 848
.
- - End Of File - - A0D1876F6217A9B65EC78C7C80827C74
ComboFix 12-12-20.02 - Rychetský 21.12.2012 22:16:43.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4007.1910 [GMT 1:00]
Spuštěný z: c:\users\Rychetskř\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Rychetskř\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-22 do 2012-12-22 )))))))))))))))))))))))))))))))
.
.
2012-12-22 06:57 . 2012-12-22 06:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-22 02:02 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0D2ECF0-1D2F-45A5-8380-CBE01580296F}\mpengine.dll
2012-12-21 16:18 . 2012-12-21 16:18 -------- d-----w- c:\users\Rychetský\AppData\Roaming\SUPERAntiSpyware.com
2012-12-21 16:17 . 2012-12-21 16:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-12-21 16:17 . 2012-12-21 16:17 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-12-20 13:36 . 2012-12-20 13:36 -------- d-----w- c:\users\Rychetský\AppData\Local\{9C42CB0E-A6DE-46E3-A53E-A8816506EE26}
2012-12-19 18:12 . 2012-12-19 18:12 -------- d-----w- c:\users\Rychetský\AppData\Local\{0095E821-A6DF-4A40-823F-18AE80FE8B6E}
2012-12-14 15:16 . 2012-12-14 15:16 -------- d-----w- c:\users\Rychetský\AppData\Local\Macromedia
2012-12-14 05:21 . 2012-12-17 08:22 -------- d-----w- c:\program files (x86)\MyPlayCity.com
2012-12-13 07:35 . 2012-12-13 09:37 -------- d-----w- c:\program files (x86)\Phenomedia AG
2012-12-13 07:34 . 2012-12-13 07:34 -------- d-----w- c:\windows\_ISTMP1.DIR
2012-12-13 07:34 . 2012-12-13 07:34 -------- d-----w- c:\programdata\Browser Manager
2012-12-13 05:28 . 2012-12-13 05:35 -------- d-----w- c:\program files (x86)\phenomedia
2012-12-13 05:27 . 2012-12-13 05:27 311428 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2012-12-13 05:27 . 2012-12-13 05:27 184452 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2012-12-13 05:27 . 2003-09-03 01:28 724992 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2012-12-13 05:27 . 2003-09-03 01:27 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2012-12-13 05:27 . 2003-09-03 01:26 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2012-12-13 05:27 . 2003-09-03 01:26 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2012-12-13 05:27 . 2003-09-03 01:25 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2012-12-13 05:27 . 2003-09-03 01:23 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-12-13 05:08 . 2012-12-13 05:16 -------- d-----w- c:\users\Rychetský\AppData\Local\Torch
2012-12-13 05:04 . 2012-12-14 04:42 -------- d-----w- c:\programdata\boost_interprocess
2012-12-13 05:03 . 2012-12-13 05:08 -------- d-----w- c:\users\Rychetský\AppData\Local\iLivid
2012-12-12 04:51 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-10 16:48 . 2012-12-10 16:48 -------- d-----w- c:\users\Rychetský\AppData\Roaming\Autodesk
2012-12-10 16:47 . 2012-12-10 16:47 -------- d-----w- c:\users\Rychetský\AppData\Local\Autodesk
2012-12-10 10:03 . 2012-12-10 10:03 -------- d-----w- c:\users\Rychetský\AppData\Local\Mozilla
2012-12-10 10:03 . 2012-12-10 10:03 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-12-05 14:43 . 2012-12-06 10:41 -------- d-----w- c:\program files (x86)\hpmonitor
2012-12-05 14:43 . 2012-12-05 14:43 -------- d-----w- c:\users\Rychetský\AppData\Local\{4B0B4645-1327-4907-91E0-AE6DD29DC5CE}
2012-12-05 14:43 . 2012-12-17 08:25 -------- d-----w- c:\programdata\SweetIM
2012-12-05 14:43 . 2012-12-17 08:25 -------- d-----w- c:\program files (x86)\SweetIM
2012-12-05 06:43 . 2012-12-05 06:43 -------- d-----w- c:\users\Rychetský\AppData\Roaming\RegistryKeys
2012-12-04 09:44 . 2012-12-04 09:44 -------- d-----w- c:\program files (x86)\Seznam.cz
2012-12-04 09:44 . 2012-12-21 17:10 -------- d-----w- c:\users\Rychetský\AppData\Roaming\Seznam.cz
2012-12-04 09:44 . 2012-12-21 17:06 -------- d-----w- c:\program files (x86)\Zrychleni Pocitace
2012-11-28 14:53 . 2012-11-30 06:51 -------- d-----w- c:\program files (x86)\Arkanoid 3
2012-11-28 14:43 . 2012-11-28 14:46 -------- d-----w- c:\users\Rychetský\AppData\Roaming\DeepVoyage
2012-11-28 14:26 . 2012-11-28 14:26 -------- d-----w- c:\programdata\rionix
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 15:16 . 2012-06-24 07:41 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-14 15:16 . 2012-02-04 17:45 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 20:47 . 2012-01-11 12:01 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-02 07:52 . 2012-02-02 19:48 952 --sha-w- c:\programdata\KGyGaAvL.sys
2012-10-30 22:51 . 2011-12-31 18:54 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-08-31 03:38 21136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-10-30 22:51 . 2011-12-31 18:54 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2011-12-31 18:54 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2011-12-31 18:54 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2011-12-31 18:54 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2011-12-31 18:53 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2011-12-31 18:53 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2011-12-31 18:54 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-15 16:59 . 2012-05-04 11:43 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-04 16:40 . 2012-12-12 04:51 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-09-25 22:47 . 2012-11-14 07:20 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-14 07:20 95744 ----a-w- c:\windows\system32\synceng.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}]
c:\progra~2\Funmoods\1.5.23.22\bh\escort.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-07-04 13:03 1310040 ----a-r- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTT"="c:\program files\PC-Doctor\EnableToolbarW32.exe" [2011-06-27 23120]
"PCSpeedUp"="c:\program files (x86)\Zrychleni Pocitace\PCSUNotifier.exe" [2012-11-07 255856]
"cz.seznam.software.autoupdate"="c:\users\Rychetský\AppData\Roaming\Seznam.cz\szninstall.exe" [2012-09-13 1009288]
"cz.seznam.software.szndesktop"="c:\users\Rychetský\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" [2012-11-12 91704]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-12 336384]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-08-31 1629544]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"seznam-listicka-distribuce"="c:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2012-09-13 1009288]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2012-10-04 115032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-07-09 144232]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-04-27 436776]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-04-27 39976]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-06-21 34200]
R3 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-08-31 87400]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-08-31 173416]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-01 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2011-03-30 23664]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2011-07-09 32104]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-11 203264]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-16 198784]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-05-31 41320]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-05-31 59240]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 PCSUService;PC Speed Up Service;c:\program files (x86)\Zrychleni Pocitace\PCSUService.exe [2012-11-07 312176]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [2011-05-26 101888]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-02-13 84080]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2011-03-05 166016]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-08-08 12289472]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-06-21 25496]
S3 PCDSRVC{127174DC-C366ED8B-06020200}_0;PCDSRVC{127174DC-C366ED8B-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms [2011-06-27 25584]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - SASDIFSV
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 15:16]
.
2012-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-23 15:29]
.
2012-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-23 15:29]
.
2012-12-21 c:\windows\Tasks\PC SpeedUp Service Deactivator.job
- c:\program files (x86)\Zrychleni Pocitace\PCSUSD.exe [2012-12-04 11:34]
.
2012-12-13 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
2012-12-21 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"TpShocks"="TpShocks.exe" [2011-03-29 380776]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-04-26 310912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-05-31 40808]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2011-06-10 5990200]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.myplaycity.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://home.myplaycity.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Rychetský\AppData\Roaming\Mozilla\Firefox\Profiles\p706qtfs.default\
FF - prefs.js: Keyword.Enabled - true
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: keyword.URL - hxxp://home.myplaycity.com/results.php?category=web&s=
FF - ExtSQL: 2012-11-08 13:45; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2012-12-10 11:03; {ea614400-e918-4741-9a97-7a972ff7c30b}; c:\users\RychetskĂ½\AppData\Roaming\Mozilla\Firefox\Profiles\p706qtfs.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
AddRemove-Moorhuhn 2 V1.1 - c:\windows\IsUn0407.exe
AddRemove-Moorhuhn Winter-Edition - c:\windows\IsUn0407.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06020200}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-12-22 13:36:27
ComboFix-quarantined-files.txt 2012-12-22 12:36
ComboFix2.txt 2012-12-21 19:29
.
Před spuštěním: Volných bajtů: 193 350 246 400
Po spuštění: Volných bajtů: 193 162 702 848
.
- - End Of File - - A0D1876F6217A9B65EC78C7C80827C74
-
Rudy
- Site Admin
- Příspěvky: 119522
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalé internetové spojení
Ještě dočistíme. Přesuňte ComboFix na kořenový adresá5 c:\. Otevřte poznámkový blok a zkopírujte do něj:
Uložte rovněž na kořenový adresář c:\ jako CFScript.txt. Pak je myší v průzkumníku windows (nebo jiném souborovém manažeru) přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.KillAll::
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
Folder::
c:\progra~2\Funmoods
c:\program files (x86)\SweetIM
Registry::
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
[-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SweetIM"=-
Firefox::
FF - ProfilePath - c:\users\Rychetský\AppData\Roaming\Mozilla\Firefox\Profiles\p706qtfs.default\
FF - prefs.js: Keyword.Enabled - true
FF - prefs.js: keyword.URL - hxxp://home.myplaycity.com/results.php?category=web&s=
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
Reboot::
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomalé internetové spojení
Tak se to provedlo, nicméně sem nemůžu dát report, protože na počítači, kde se to provádělo teď nejde spustit žádná aplikace. Píše to: "Pokus použít neplatnou položku v registrech, která je odznačena pro odstranění".
Co s tím?
Co s tím?
-
Rudy
- Site Admin
- Příspěvky: 119522
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalé internetové spojení
Zkuste ještě jeden restart.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomalé internetové spojení
To pomohlo. Je to již v pořádku?
ComboFix 12-12-20.02 - Rychetský 23.12.2012 9:56.3.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4007.2315 [GMT 1:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\SweetIM
c:\program files (x86)\SweetIM\Messenger\ContentPackagesActivationHandler.exe
c:\program files (x86)\SweetIM\Messenger\default.xml
c:\program files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll
c:\program files (x86)\SweetIM\Messenger\mgArchive.dll
c:\program files (x86)\SweetIM\Messenger\mgcommon.dll
c:\program files (x86)\SweetIM\Messenger\mgcommunication.dll
c:\program files (x86)\SweetIM\Messenger\mgconfig.dll
c:\program files (x86)\SweetIM\Messenger\mgFlashPlayer.dll
c:\program files (x86)\SweetIM\Messenger\mghooking.dll
c:\program files (x86)\SweetIM\Messenger\mgICQAuto.dll
c:\program files (x86)\SweetIM\Messenger\mgICQMessengerAdapter.dll
c:\program files (x86)\SweetIM\Messenger\mglogger.dll
c:\program files (x86)\SweetIM\Messenger\mgMediaPlayer.dll
c:\program files (x86)\SweetIM\Messenger\mgMsnAuto.dll
c:\program files (x86)\SweetIM\Messenger\mgMsnMessengerAdapter.dll
c:\program files (x86)\SweetIM\Messenger\mgsimcommon.dll
c:\program files (x86)\SweetIM\Messenger\mgSweetIM.dll
c:\program files (x86)\SweetIM\Messenger\mgUpdateSupport.dll
c:\program files (x86)\SweetIM\Messenger\mgxml_wrapper.dll
c:\program files (x86)\SweetIM\Messenger\mgYahooAuto.dll
c:\program files (x86)\SweetIM\Messenger\mgYahooMessengerAdapter.dll
c:\program files (x86)\SweetIM\Messenger\msvcp71.dll
c:\program files (x86)\SweetIM\Messenger\msvcr71.dll
c:\program files (x86)\SweetIM\Messenger\resources\images\AudibleButton.png
c:\program files (x86)\SweetIM\Messenger\resources\images\DisplayPicturesButton.png
c:\program files (x86)\SweetIM\Messenger\resources\images\EmoticonButton.png
c:\program files (x86)\SweetIM\Messenger\resources\images\GamesButton.png
c:\program files (x86)\SweetIM\Messenger\resources\images\KeyboardButton.png
c:\program files (x86)\SweetIM\Messenger\resources\images\NudgeButton.png
c:\program files (x86)\SweetIM\Messenger\resources\images\SoundFxButton.png
c:\program files (x86)\SweetIM\Messenger\resources\images\WinksButton.png
c:\program files (x86)\SweetIM\Messenger\resources\sqlite\mgSqlite3.dll
c:\program files (x86)\SweetIM\Messenger\SweetIM.exe
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\ClearHist.exe
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\conf\logger.xml
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\default.xml
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgcommon.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgconfig.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mghooking.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mglogger.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcm90.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcp90.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcr90.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\about.html
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\affid.dat
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\basis.xml
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\bing.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_bing.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_current.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_dictionary.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_google.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_hover.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_left.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_photo.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_video.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_web.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_yahoo.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\dating.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\find.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\games.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\glitter.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\google.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_bing.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_current.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_dictionary.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_google.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_hover.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_left.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_photo.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_video.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_web.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_yahoo.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\help.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\highlight.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\locales.xml
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\music.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\news.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\options.html
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_bing.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_current.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_dictionary.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_google.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_hover.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_left.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_photo.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_video.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_web.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_yahoo.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\photos.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\shopping.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\video.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\web-search.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\web-toolbar.js
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-23 do 2012-12-23 )))))))))))))))))))))))))))))))
.
.
2012-12-23 09:11 . 2012-12-23 09:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-22 02:02 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0D2ECF0-1D2F-45A5-8380-CBE01580296F}\mpengine.dll
2012-12-21 16:18 . 2012-12-21 16:18 -------- d-----w- c:\users\Rychetský\AppData\Roaming\SUPERAntiSpyware.com
2012-12-21 16:17 . 2012-12-21 16:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-12-21 16:17 . 2012-12-21 16:17 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-12-20 13:36 . 2012-12-20 13:36 -------- d-----w- c:\users\Rychetský\AppData\Local\{9C42CB0E-A6DE-46E3-A53E-A8816506EE26}
2012-12-19 18:12 . 2012-12-19 18:12 -------- d-----w- c:\users\Rychetský\AppData\Local\{0095E821-A6DF-4A40-823F-18AE80FE8B6E}
2012-12-14 15:16 . 2012-12-14 15:16 -------- d-----w- c:\users\Rychetský\AppData\Local\Macromedia
2012-12-14 05:21 . 2012-12-17 08:22 -------- d-----w- c:\program files (x86)\MyPlayCity.com
2012-12-13 07:35 . 2012-12-13 09:37 -------- d-----w- c:\program files (x86)\Phenomedia AG
2012-12-13 07:34 . 2012-12-13 07:34 -------- d-----w- c:\windows\_ISTMP1.DIR
2012-12-13 07:34 . 2012-12-13 07:34 -------- d-----w- c:\programdata\Browser Manager
2012-12-13 05:28 . 2012-12-13 05:35 -------- d-----w- c:\program files (x86)\phenomedia
2012-12-13 05:27 . 2012-12-13 05:27 311428 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2012-12-13 05:27 . 2012-12-13 05:27 184452 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2012-12-13 05:27 . 2003-09-03 01:28 724992 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2012-12-13 05:27 . 2003-09-03 01:27 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2012-12-13 05:27 . 2003-09-03 01:26 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2012-12-13 05:27 . 2003-09-03 01:26 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2012-12-13 05:27 . 2003-09-03 01:25 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2012-12-13 05:27 . 2003-09-03 01:23 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-12-13 05:08 . 2012-12-13 05:16 -------- d-----w- c:\users\Rychetský\AppData\Local\Torch
2012-12-13 05:04 . 2012-12-14 04:42 -------- d-----w- c:\programdata\boost_interprocess
2012-12-13 05:03 . 2012-12-13 05:08 -------- d-----w- c:\users\Rychetský\AppData\Local\iLivid
2012-12-12 04:51 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-10 16:48 . 2012-12-10 16:48 -------- d-----w- c:\users\Rychetský\AppData\Roaming\Autodesk
2012-12-10 16:47 . 2012-12-10 16:47 -------- d-----w- c:\users\Rychetský\AppData\Local\Autodesk
2012-12-10 10:03 . 2012-12-10 10:03 -------- d-----w- c:\users\Rychetský\AppData\Local\Mozilla
2012-12-10 10:03 . 2012-12-10 10:03 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-12-05 14:43 . 2012-12-06 10:41 -------- d-----w- c:\program files (x86)\hpmonitor
2012-12-05 14:43 . 2012-12-05 14:43 -------- d-----w- c:\users\Rychetský\AppData\Local\{4B0B4645-1327-4907-91E0-AE6DD29DC5CE}
2012-12-05 14:43 . 2012-12-17 08:25 -------- d-----w- c:\programdata\SweetIM
2012-12-05 06:43 . 2012-12-05 06:43 -------- d-----w- c:\users\Rychetský\AppData\Roaming\RegistryKeys
2012-12-04 09:44 . 2012-12-04 09:44 -------- d-----w- c:\program files (x86)\Seznam.cz
2012-12-04 09:44 . 2012-12-23 06:23 -------- d-----w- c:\users\Rychetský\AppData\Roaming\Seznam.cz
2012-12-04 09:44 . 2012-12-23 09:13 -------- d-----w- c:\program files (x86)\Zrychleni Pocitace
2012-11-28 14:53 . 2012-11-30 06:51 -------- d-----w- c:\program files (x86)\Arkanoid 3
2012-11-28 14:43 . 2012-11-28 14:46 -------- d-----w- c:\users\Rychetský\AppData\Roaming\DeepVoyage
2012-11-28 14:26 . 2012-11-28 14:26 -------- d-----w- c:\programdata\rionix
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 15:16 . 2012-06-24 07:41 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-14 15:16 . 2012-02-04 17:45 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 20:47 . 2012-01-11 12:01 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-02 07:52 . 2012-02-02 19:48 952 --sha-w- c:\programdata\KGyGaAvL.sys
2012-10-30 22:51 . 2011-12-31 18:54 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-08-31 03:38 21136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-10-30 22:51 . 2011-12-31 18:54 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2011-12-31 18:54 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2011-12-31 18:54 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2011-12-31 18:54 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2011-12-31 18:53 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2011-12-31 18:53 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2011-12-31 18:54 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-15 16:59 . 2012-05-04 11:43 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-04 16:40 . 2012-12-12 04:51 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-09-25 22:47 . 2012-11-14 07:20 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-14 07:20 95744 ----a-w- c:\windows\system32\synceng.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}]
c:\progra~2\Funmoods\1.5.23.22\bh\escort.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTT"="c:\program files\PC-Doctor\EnableToolbarW32.exe" [2011-06-27 23120]
"PCSpeedUp"="c:\program files (x86)\Zrychleni Pocitace\PCSUNotifier.exe" [2012-11-07 255856]
"cz.seznam.software.autoupdate"="c:\users\Rychetský\AppData\Roaming\Seznam.cz\szninstall.exe" [2012-09-13 1009288]
"cz.seznam.software.szndesktop"="c:\users\Rychetský\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" [2012-11-12 91704]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-12 336384]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-08-31 1629544]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"seznam-listicka-distribuce"="c:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2012-09-13 1009288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-07-09 144232]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-04-27 436776]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-04-27 39976]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-06-21 34200]
R3 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 PCDSRVC{127174DC-C366ED8B-06020200}_0;PCDSRVC{127174DC-C366ED8B-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms [2011-06-27 25584]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-08-31 87400]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-08-31 173416]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-01 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2011-03-30 23664]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2011-07-09 32104]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-11 203264]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-16 198784]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-05-31 41320]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-05-31 59240]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 PCSUService;PC Speed Up Service;c:\program files (x86)\Zrychleni Pocitace\PCSUService.exe [2012-11-07 312176]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [2011-05-26 101888]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-02-13 84080]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2011-03-05 166016]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-08-08 12289472]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-06-21 25496]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 15:16]
.
2012-12-22 c:\windows\Tasks\PC SpeedUp Service Deactivator.job
- c:\program files (x86)\Zrychleni Pocitace\PCSUSD.exe [2012-12-04 11:34]
.
2012-12-13 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
2012-12-23 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"TpShocks"="TpShocks.exe" [2011-03-29 380776]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-04-26 310912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-05-31 40808]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2011-06-10 5990200]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.myplaycity.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://home.myplaycity.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Rychetský\AppData\Roaming\Mozilla\Firefox\Profiles\p706qtfs.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://home.myplaycity.com/
FF - ExtSQL: 2012-11-08 13:45; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2012-12-10 11:03; {ea614400-e918-4741-9a97-7a972ff7c30b}; c:\users\RychetskĂ½\AppData\Roaming\Mozilla\Firefox\Profiles\p706qtfs.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
AddRemove-Moorhuhn 2 V1.1 - c:\windows\IsUn0407.exe
AddRemove-Moorhuhn Winter-Edition - c:\windows\IsUn0407.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06020200}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\SysWOW64\SAsrv.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
c:\program files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
.
**************************************************************************
.
Celkový čas: 2012-12-23 10:27:35 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-23 09:27
ComboFix2.txt 2012-12-22 12:37
ComboFix3.txt 2012-12-21 19:29
.
Před spuštěním: Volných bajtů: 192 780 759 040
Po spuštění: Volných bajtů: 192 358 113 280
.
- - End Of File - - BEE55FF688353CEA3BE556A94153F647
ComboFix 12-12-20.02 - Rychetský 23.12.2012 9:56.3.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4007.2315 [GMT 1:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\SweetIM
c:\program files (x86)\SweetIM\Messenger\ContentPackagesActivationHandler.exe
c:\program files (x86)\SweetIM\Messenger\default.xml
c:\program files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll
c:\program files (x86)\SweetIM\Messenger\mgArchive.dll
c:\program files (x86)\SweetIM\Messenger\mgcommon.dll
c:\program files (x86)\SweetIM\Messenger\mgcommunication.dll
c:\program files (x86)\SweetIM\Messenger\mgconfig.dll
c:\program files (x86)\SweetIM\Messenger\mgFlashPlayer.dll
c:\program files (x86)\SweetIM\Messenger\mghooking.dll
c:\program files (x86)\SweetIM\Messenger\mgICQAuto.dll
c:\program files (x86)\SweetIM\Messenger\mgICQMessengerAdapter.dll
c:\program files (x86)\SweetIM\Messenger\mglogger.dll
c:\program files (x86)\SweetIM\Messenger\mgMediaPlayer.dll
c:\program files (x86)\SweetIM\Messenger\mgMsnAuto.dll
c:\program files (x86)\SweetIM\Messenger\mgMsnMessengerAdapter.dll
c:\program files (x86)\SweetIM\Messenger\mgsimcommon.dll
c:\program files (x86)\SweetIM\Messenger\mgSweetIM.dll
c:\program files (x86)\SweetIM\Messenger\mgUpdateSupport.dll
c:\program files (x86)\SweetIM\Messenger\mgxml_wrapper.dll
c:\program files (x86)\SweetIM\Messenger\mgYahooAuto.dll
c:\program files (x86)\SweetIM\Messenger\mgYahooMessengerAdapter.dll
c:\program files (x86)\SweetIM\Messenger\msvcp71.dll
c:\program files (x86)\SweetIM\Messenger\msvcr71.dll
c:\program files (x86)\SweetIM\Messenger\resources\images\AudibleButton.png
c:\program files (x86)\SweetIM\Messenger\resources\images\DisplayPicturesButton.png
c:\program files (x86)\SweetIM\Messenger\resources\images\EmoticonButton.png
c:\program files (x86)\SweetIM\Messenger\resources\images\GamesButton.png
c:\program files (x86)\SweetIM\Messenger\resources\images\KeyboardButton.png
c:\program files (x86)\SweetIM\Messenger\resources\images\NudgeButton.png
c:\program files (x86)\SweetIM\Messenger\resources\images\SoundFxButton.png
c:\program files (x86)\SweetIM\Messenger\resources\images\WinksButton.png
c:\program files (x86)\SweetIM\Messenger\resources\sqlite\mgSqlite3.dll
c:\program files (x86)\SweetIM\Messenger\SweetIM.exe
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\ClearHist.exe
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\conf\logger.xml
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\default.xml
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgcommon.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgconfig.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mghooking.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mglogger.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcm90.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcp90.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcr90.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\about.html
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\affid.dat
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\basis.xml
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\bing.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_bing.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_current.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_dictionary.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_google.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_hover.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_left.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_photo.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_video.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_web.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_yahoo.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\dating.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\find.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\games.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\glitter.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\google.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_bing.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_current.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_dictionary.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_google.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_hover.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_left.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_photo.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_video.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_web.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_yahoo.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\help.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\highlight.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\locales.xml
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\music.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\news.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\options.html
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_bing.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_current.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_dictionary.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_google.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_hover.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_left.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_photo.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_video.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_web.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_yahoo.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\photos.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\shopping.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\video.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\web-search.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\web-toolbar.js
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-23 do 2012-12-23 )))))))))))))))))))))))))))))))
.
.
2012-12-23 09:11 . 2012-12-23 09:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-22 02:02 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0D2ECF0-1D2F-45A5-8380-CBE01580296F}\mpengine.dll
2012-12-21 16:18 . 2012-12-21 16:18 -------- d-----w- c:\users\Rychetský\AppData\Roaming\SUPERAntiSpyware.com
2012-12-21 16:17 . 2012-12-21 16:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-12-21 16:17 . 2012-12-21 16:17 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-12-20 13:36 . 2012-12-20 13:36 -------- d-----w- c:\users\Rychetský\AppData\Local\{9C42CB0E-A6DE-46E3-A53E-A8816506EE26}
2012-12-19 18:12 . 2012-12-19 18:12 -------- d-----w- c:\users\Rychetský\AppData\Local\{0095E821-A6DF-4A40-823F-18AE80FE8B6E}
2012-12-14 15:16 . 2012-12-14 15:16 -------- d-----w- c:\users\Rychetský\AppData\Local\Macromedia
2012-12-14 05:21 . 2012-12-17 08:22 -------- d-----w- c:\program files (x86)\MyPlayCity.com
2012-12-13 07:35 . 2012-12-13 09:37 -------- d-----w- c:\program files (x86)\Phenomedia AG
2012-12-13 07:34 . 2012-12-13 07:34 -------- d-----w- c:\windows\_ISTMP1.DIR
2012-12-13 07:34 . 2012-12-13 07:34 -------- d-----w- c:\programdata\Browser Manager
2012-12-13 05:28 . 2012-12-13 05:35 -------- d-----w- c:\program files (x86)\phenomedia
2012-12-13 05:27 . 2012-12-13 05:27 311428 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2012-12-13 05:27 . 2012-12-13 05:27 184452 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2012-12-13 05:27 . 2003-09-03 01:28 724992 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2012-12-13 05:27 . 2003-09-03 01:27 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2012-12-13 05:27 . 2003-09-03 01:26 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2012-12-13 05:27 . 2003-09-03 01:26 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2012-12-13 05:27 . 2003-09-03 01:25 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2012-12-13 05:27 . 2003-09-03 01:23 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-12-13 05:08 . 2012-12-13 05:16 -------- d-----w- c:\users\Rychetský\AppData\Local\Torch
2012-12-13 05:04 . 2012-12-14 04:42 -------- d-----w- c:\programdata\boost_interprocess
2012-12-13 05:03 . 2012-12-13 05:08 -------- d-----w- c:\users\Rychetský\AppData\Local\iLivid
2012-12-12 04:51 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-10 16:48 . 2012-12-10 16:48 -------- d-----w- c:\users\Rychetský\AppData\Roaming\Autodesk
2012-12-10 16:47 . 2012-12-10 16:47 -------- d-----w- c:\users\Rychetský\AppData\Local\Autodesk
2012-12-10 10:03 . 2012-12-10 10:03 -------- d-----w- c:\users\Rychetský\AppData\Local\Mozilla
2012-12-10 10:03 . 2012-12-10 10:03 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-12-05 14:43 . 2012-12-06 10:41 -------- d-----w- c:\program files (x86)\hpmonitor
2012-12-05 14:43 . 2012-12-05 14:43 -------- d-----w- c:\users\Rychetský\AppData\Local\{4B0B4645-1327-4907-91E0-AE6DD29DC5CE}
2012-12-05 14:43 . 2012-12-17 08:25 -------- d-----w- c:\programdata\SweetIM
2012-12-05 06:43 . 2012-12-05 06:43 -------- d-----w- c:\users\Rychetský\AppData\Roaming\RegistryKeys
2012-12-04 09:44 . 2012-12-04 09:44 -------- d-----w- c:\program files (x86)\Seznam.cz
2012-12-04 09:44 . 2012-12-23 06:23 -------- d-----w- c:\users\Rychetský\AppData\Roaming\Seznam.cz
2012-12-04 09:44 . 2012-12-23 09:13 -------- d-----w- c:\program files (x86)\Zrychleni Pocitace
2012-11-28 14:53 . 2012-11-30 06:51 -------- d-----w- c:\program files (x86)\Arkanoid 3
2012-11-28 14:43 . 2012-11-28 14:46 -------- d-----w- c:\users\Rychetský\AppData\Roaming\DeepVoyage
2012-11-28 14:26 . 2012-11-28 14:26 -------- d-----w- c:\programdata\rionix
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 15:16 . 2012-06-24 07:41 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-14 15:16 . 2012-02-04 17:45 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 20:47 . 2012-01-11 12:01 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-02 07:52 . 2012-02-02 19:48 952 --sha-w- c:\programdata\KGyGaAvL.sys
2012-10-30 22:51 . 2011-12-31 18:54 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-08-31 03:38 21136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-10-30 22:51 . 2011-12-31 18:54 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2011-12-31 18:54 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2011-12-31 18:54 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2011-12-31 18:54 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2011-12-31 18:53 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2011-12-31 18:53 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2011-12-31 18:54 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-15 16:59 . 2012-05-04 11:43 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-04 16:40 . 2012-12-12 04:51 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-09-25 22:47 . 2012-11-14 07:20 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-14 07:20 95744 ----a-w- c:\windows\system32\synceng.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}]
c:\progra~2\Funmoods\1.5.23.22\bh\escort.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTT"="c:\program files\PC-Doctor\EnableToolbarW32.exe" [2011-06-27 23120]
"PCSpeedUp"="c:\program files (x86)\Zrychleni Pocitace\PCSUNotifier.exe" [2012-11-07 255856]
"cz.seznam.software.autoupdate"="c:\users\Rychetský\AppData\Roaming\Seznam.cz\szninstall.exe" [2012-09-13 1009288]
"cz.seznam.software.szndesktop"="c:\users\Rychetský\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" [2012-11-12 91704]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-12 336384]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-08-31 1629544]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"seznam-listicka-distribuce"="c:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2012-09-13 1009288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-07-09 144232]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-04-27 436776]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-04-27 39976]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-06-21 34200]
R3 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 PCDSRVC{127174DC-C366ED8B-06020200}_0;PCDSRVC{127174DC-C366ED8B-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms [2011-06-27 25584]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-08-31 87400]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-08-31 173416]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-01 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2011-03-30 23664]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2011-07-09 32104]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-11 203264]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-16 198784]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-05-31 41320]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-05-31 59240]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 PCSUService;PC Speed Up Service;c:\program files (x86)\Zrychleni Pocitace\PCSUService.exe [2012-11-07 312176]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [2011-05-26 101888]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-02-13 84080]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2011-03-05 166016]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-08-08 12289472]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-06-21 25496]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 15:16]
.
2012-12-22 c:\windows\Tasks\PC SpeedUp Service Deactivator.job
- c:\program files (x86)\Zrychleni Pocitace\PCSUSD.exe [2012-12-04 11:34]
.
2012-12-13 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
2012-12-23 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"TpShocks"="TpShocks.exe" [2011-03-29 380776]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-04-26 310912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-05-31 40808]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2011-06-10 5990200]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.myplaycity.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://home.myplaycity.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Rychetský\AppData\Roaming\Mozilla\Firefox\Profiles\p706qtfs.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://home.myplaycity.com/
FF - ExtSQL: 2012-11-08 13:45; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2012-12-10 11:03; {ea614400-e918-4741-9a97-7a972ff7c30b}; c:\users\RychetskĂ½\AppData\Roaming\Mozilla\Firefox\Profiles\p706qtfs.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
AddRemove-Moorhuhn 2 V1.1 - c:\windows\IsUn0407.exe
AddRemove-Moorhuhn Winter-Edition - c:\windows\IsUn0407.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06020200}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\SysWOW64\SAsrv.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
c:\program files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
.
**************************************************************************
.
Celkový čas: 2012-12-23 10:27:35 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-23 09:27
ComboFix2.txt 2012-12-22 12:37
ComboFix3.txt 2012-12-21 19:29
.
Před spuštěním: Volných bajtů: 192 780 759 040
Po spuštění: Volných bajtů: 192 358 113 280
.
- - End Of File - - BEE55FF688353CEA3BE556A94153F647
-
Rudy
- Site Admin
- Příspěvky: 119522
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalé internetové spojení
Ještě jednou spusťte CF tímto skriptem:
KillAll::
File::
c:\programdata\KGyGaAvL.sys
Folder
c:\programdata\SweetIM
Firefox::
FF - ProfilePath - c:\users\Rychetský\AppData\Roaming\Mozilla\Firefox\Profiles\p706qtfs.default\
FF - prefs.js: browser.startup.homepage - hxxp://home.myplaycity.com/
FF - ExtSQL: 2012-11-08 13:45; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2012-12-10 11:03; {ea614400-e918-4741-9a97-7a972ff7c30b}; c:\users\RychetskĂ½\AppData\Roaming\Mozilla\Firefox\Profiles\p706qtfs.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
Reboot::
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomalé internetové spojení
Ještě něco tam vidíte?
ComboFix 12-12-22.02 - Rychetský 23.12.2012 14:57:59.4.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4007.2551 [GMT 1:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\KGyGaAvL.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\KGyGaAvL.sys
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-23 do 2012-12-23 )))))))))))))))))))))))))))))))
.
.
2012-12-23 14:13 . 2012-12-23 14:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-22 02:02 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0D2ECF0-1D2F-45A5-8380-CBE01580296F}\mpengine.dll
2012-12-21 16:18 . 2012-12-21 16:18 -------- d-----w- c:\users\Rychetský\AppData\Roaming\SUPERAntiSpyware.com
2012-12-21 16:17 . 2012-12-21 16:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-12-21 16:17 . 2012-12-21 16:17 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-12-20 13:36 . 2012-12-20 13:36 -------- d-----w- c:\users\Rychetský\AppData\Local\{9C42CB0E-A6DE-46E3-A53E-A8816506EE26}
2012-12-19 18:12 . 2012-12-19 18:12 -------- d-----w- c:\users\Rychetský\AppData\Local\{0095E821-A6DF-4A40-823F-18AE80FE8B6E}
2012-12-14 15:16 . 2012-12-14 15:16 -------- d-----w- c:\users\Rychetský\AppData\Local\Macromedia
2012-12-14 05:21 . 2012-12-17 08:22 -------- d-----w- c:\program files (x86)\MyPlayCity.com
2012-12-13 07:35 . 2012-12-13 09:37 -------- d-----w- c:\program files (x86)\Phenomedia AG
2012-12-13 07:34 . 2012-12-13 07:34 -------- d-----w- c:\windows\_ISTMP1.DIR
2012-12-13 07:34 . 2012-12-13 07:34 -------- d-----w- c:\programdata\Browser Manager
2012-12-13 05:28 . 2012-12-13 05:35 -------- d-----w- c:\program files (x86)\phenomedia
2012-12-13 05:27 . 2012-12-13 05:27 311428 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2012-12-13 05:27 . 2012-12-13 05:27 184452 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2012-12-13 05:27 . 2003-09-03 01:28 724992 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2012-12-13 05:27 . 2003-09-03 01:27 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2012-12-13 05:27 . 2003-09-03 01:26 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2012-12-13 05:27 . 2003-09-03 01:26 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2012-12-13 05:27 . 2003-09-03 01:25 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2012-12-13 05:27 . 2003-09-03 01:23 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-12-13 05:08 . 2012-12-13 05:16 -------- d-----w- c:\users\Rychetský\AppData\Local\Torch
2012-12-13 05:04 . 2012-12-14 04:42 -------- d-----w- c:\programdata\boost_interprocess
2012-12-13 05:03 . 2012-12-13 05:08 -------- d-----w- c:\users\Rychetský\AppData\Local\iLivid
2012-12-12 04:51 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-10 16:48 . 2012-12-10 16:48 -------- d-----w- c:\users\Rychetský\AppData\Roaming\Autodesk
2012-12-10 16:47 . 2012-12-10 16:47 -------- d-----w- c:\users\Rychetský\AppData\Local\Autodesk
2012-12-10 10:03 . 2012-12-10 10:03 -------- d-----w- c:\users\Rychetský\AppData\Local\Mozilla
2012-12-10 10:03 . 2012-12-10 10:03 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-12-05 14:43 . 2012-12-06 10:41 -------- d-----w- c:\program files (x86)\hpmonitor
2012-12-05 14:43 . 2012-12-05 14:43 -------- d-----w- c:\users\Rychetský\AppData\Local\{4B0B4645-1327-4907-91E0-AE6DD29DC5CE}
2012-12-05 14:43 . 2012-12-17 08:25 -------- d-----w- c:\programdata\SweetIM
2012-12-05 06:43 . 2012-12-05 06:43 -------- d-----w- c:\users\Rychetský\AppData\Roaming\RegistryKeys
2012-12-04 09:44 . 2012-12-04 09:44 -------- d-----w- c:\program files (x86)\Seznam.cz
2012-12-04 09:44 . 2012-12-23 12:06 -------- d-----w- c:\users\Rychetský\AppData\Roaming\Seznam.cz
2012-12-04 09:44 . 2012-12-23 14:15 -------- d-----w- c:\program files (x86)\Zrychleni Pocitace
2012-11-28 14:53 . 2012-11-30 06:51 -------- d-----w- c:\program files (x86)\Arkanoid 3
2012-11-28 14:43 . 2012-11-28 14:46 -------- d-----w- c:\users\Rychetský\AppData\Roaming\DeepVoyage
2012-11-28 14:26 . 2012-11-28 14:26 -------- d-----w- c:\programdata\rionix
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 15:16 . 2012-06-24 07:41 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-14 15:16 . 2012-02-04 17:45 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 20:47 . 2012-01-11 12:01 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-10-30 22:51 . 2011-12-31 18:54 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-08-31 03:38 21136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-10-30 22:51 . 2011-12-31 18:54 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2011-12-31 18:54 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2011-12-31 18:54 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2011-12-31 18:54 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2011-12-31 18:53 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2011-12-31 18:53 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2011-12-31 18:54 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-15 16:59 . 2012-05-04 11:43 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-04 16:40 . 2012-12-12 04:51 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-09-25 22:47 . 2012-11-14 07:20 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-14 07:20 95744 ----a-w- c:\windows\system32\synceng.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}]
c:\progra~2\Funmoods\1.5.23.22\bh\escort.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTT"="c:\program files\PC-Doctor\EnableToolbarW32.exe" [2011-06-27 23120]
"PCSpeedUp"="c:\program files (x86)\Zrychleni Pocitace\PCSUNotifier.exe" [2012-11-07 255856]
"cz.seznam.software.autoupdate"="c:\users\Rychetský\AppData\Roaming\Seznam.cz\szninstall.exe" [2012-09-13 1009288]
"cz.seznam.software.szndesktop"="c:\users\Rychetský\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" [2012-11-12 91704]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-12 336384]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-08-31 1629544]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"seznam-listicka-distribuce"="c:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2012-09-13 1009288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-07-09 144232]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-04-27 436776]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-04-27 39976]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-06-21 34200]
R3 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 PCDSRVC{127174DC-C366ED8B-06020200}_0;PCDSRVC{127174DC-C366ED8B-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms [2011-06-27 25584]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-08-31 87400]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-08-31 173416]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-01 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2011-03-30 23664]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2011-07-09 32104]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-11 203264]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-16 198784]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-05-31 41320]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-05-31 59240]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 PCSUService;PC Speed Up Service;c:\program files (x86)\Zrychleni Pocitace\PCSUService.exe [2012-11-07 312176]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [2011-05-26 101888]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-02-13 84080]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2011-03-05 166016]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-08-08 12289472]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-06-21 25496]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 15:16]
.
2012-12-23 c:\windows\Tasks\PC SpeedUp Service Deactivator.job
- c:\program files (x86)\Zrychleni Pocitace\PCSUSD.exe [2012-12-04 11:34]
.
2012-12-13 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
2012-12-23 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"TpShocks"="TpShocks.exe" [2011-03-29 380776]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-04-26 310912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-05-31 40808]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2011-06-10 5990200]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.myplaycity.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://home.myplaycity.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Rychetský\AppData\Roaming\Mozilla\Firefox\Profiles\p706qtfs.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - ExtSQL: 2012-11-08 13:45; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2012-12-10 11:03; {ea614400-e918-4741-9a97-7a972ff7c30b}; c:\users\RychetskĂ½\AppData\Roaming\Mozilla\Firefox\Profiles\p706qtfs.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
AddRemove-Moorhuhn 2 V1.1 - c:\windows\IsUn0407.exe
AddRemove-Moorhuhn Winter-Edition - c:\windows\IsUn0407.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06020200}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\SysWOW64\SAsrv.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE
c:\program files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
.
**************************************************************************
.
Celkový čas: 2012-12-23 15:32:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-23 14:32
ComboFix2.txt 2012-12-23 09:27
ComboFix3.txt 2012-12-22 12:37
ComboFix4.txt 2012-12-21 19:29
.
Před spuštěním: Volných bajtů: 192 595 087 360
Po spuštění: Volných bajtů: 192 561 864 704
.
- - End Of File - - 1307A945B5341240C4F22DF09734EF09
ComboFix 12-12-22.02 - Rychetský 23.12.2012 14:57:59.4.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4007.2551 [GMT 1:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\KGyGaAvL.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\KGyGaAvL.sys
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-23 do 2012-12-23 )))))))))))))))))))))))))))))))
.
.
2012-12-23 14:13 . 2012-12-23 14:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-22 02:02 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0D2ECF0-1D2F-45A5-8380-CBE01580296F}\mpengine.dll
2012-12-21 16:18 . 2012-12-21 16:18 -------- d-----w- c:\users\Rychetský\AppData\Roaming\SUPERAntiSpyware.com
2012-12-21 16:17 . 2012-12-21 16:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-12-21 16:17 . 2012-12-21 16:17 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-12-20 13:36 . 2012-12-20 13:36 -------- d-----w- c:\users\Rychetský\AppData\Local\{9C42CB0E-A6DE-46E3-A53E-A8816506EE26}
2012-12-19 18:12 . 2012-12-19 18:12 -------- d-----w- c:\users\Rychetský\AppData\Local\{0095E821-A6DF-4A40-823F-18AE80FE8B6E}
2012-12-14 15:16 . 2012-12-14 15:16 -------- d-----w- c:\users\Rychetský\AppData\Local\Macromedia
2012-12-14 05:21 . 2012-12-17 08:22 -------- d-----w- c:\program files (x86)\MyPlayCity.com
2012-12-13 07:35 . 2012-12-13 09:37 -------- d-----w- c:\program files (x86)\Phenomedia AG
2012-12-13 07:34 . 2012-12-13 07:34 -------- d-----w- c:\windows\_ISTMP1.DIR
2012-12-13 07:34 . 2012-12-13 07:34 -------- d-----w- c:\programdata\Browser Manager
2012-12-13 05:28 . 2012-12-13 05:35 -------- d-----w- c:\program files (x86)\phenomedia
2012-12-13 05:27 . 2012-12-13 05:27 311428 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2012-12-13 05:27 . 2012-12-13 05:27 184452 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2012-12-13 05:27 . 2003-09-03 01:28 724992 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2012-12-13 05:27 . 2003-09-03 01:27 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2012-12-13 05:27 . 2003-09-03 01:26 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2012-12-13 05:27 . 2003-09-03 01:26 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2012-12-13 05:27 . 2003-09-03 01:25 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2012-12-13 05:27 . 2003-09-03 01:23 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-12-13 05:08 . 2012-12-13 05:16 -------- d-----w- c:\users\Rychetský\AppData\Local\Torch
2012-12-13 05:04 . 2012-12-14 04:42 -------- d-----w- c:\programdata\boost_interprocess
2012-12-13 05:03 . 2012-12-13 05:08 -------- d-----w- c:\users\Rychetský\AppData\Local\iLivid
2012-12-12 04:51 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-10 16:48 . 2012-12-10 16:48 -------- d-----w- c:\users\Rychetský\AppData\Roaming\Autodesk
2012-12-10 16:47 . 2012-12-10 16:47 -------- d-----w- c:\users\Rychetský\AppData\Local\Autodesk
2012-12-10 10:03 . 2012-12-10 10:03 -------- d-----w- c:\users\Rychetský\AppData\Local\Mozilla
2012-12-10 10:03 . 2012-12-10 10:03 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-12-05 14:43 . 2012-12-06 10:41 -------- d-----w- c:\program files (x86)\hpmonitor
2012-12-05 14:43 . 2012-12-05 14:43 -------- d-----w- c:\users\Rychetský\AppData\Local\{4B0B4645-1327-4907-91E0-AE6DD29DC5CE}
2012-12-05 14:43 . 2012-12-17 08:25 -------- d-----w- c:\programdata\SweetIM
2012-12-05 06:43 . 2012-12-05 06:43 -------- d-----w- c:\users\Rychetský\AppData\Roaming\RegistryKeys
2012-12-04 09:44 . 2012-12-04 09:44 -------- d-----w- c:\program files (x86)\Seznam.cz
2012-12-04 09:44 . 2012-12-23 12:06 -------- d-----w- c:\users\Rychetský\AppData\Roaming\Seznam.cz
2012-12-04 09:44 . 2012-12-23 14:15 -------- d-----w- c:\program files (x86)\Zrychleni Pocitace
2012-11-28 14:53 . 2012-11-30 06:51 -------- d-----w- c:\program files (x86)\Arkanoid 3
2012-11-28 14:43 . 2012-11-28 14:46 -------- d-----w- c:\users\Rychetský\AppData\Roaming\DeepVoyage
2012-11-28 14:26 . 2012-11-28 14:26 -------- d-----w- c:\programdata\rionix
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 15:16 . 2012-06-24 07:41 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-14 15:16 . 2012-02-04 17:45 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 20:47 . 2012-01-11 12:01 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-10-30 22:51 . 2011-12-31 18:54 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-08-31 03:38 21136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-10-30 22:51 . 2011-12-31 18:54 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2011-12-31 18:54 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2011-12-31 18:54 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2011-12-31 18:54 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2011-12-31 18:53 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2011-12-31 18:53 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2011-12-31 18:54 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-15 16:59 . 2012-05-04 11:43 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-04 16:40 . 2012-12-12 04:51 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-09-25 22:47 . 2012-11-14 07:20 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-14 07:20 95744 ----a-w- c:\windows\system32\synceng.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}]
c:\progra~2\Funmoods\1.5.23.22\bh\escort.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTT"="c:\program files\PC-Doctor\EnableToolbarW32.exe" [2011-06-27 23120]
"PCSpeedUp"="c:\program files (x86)\Zrychleni Pocitace\PCSUNotifier.exe" [2012-11-07 255856]
"cz.seznam.software.autoupdate"="c:\users\Rychetský\AppData\Roaming\Seznam.cz\szninstall.exe" [2012-09-13 1009288]
"cz.seznam.software.szndesktop"="c:\users\Rychetský\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" [2012-11-12 91704]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-12 336384]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-08-31 1629544]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"seznam-listicka-distribuce"="c:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2012-09-13 1009288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-07-09 144232]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-04-27 436776]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-04-27 39976]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-06-21 34200]
R3 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 PCDSRVC{127174DC-C366ED8B-06020200}_0;PCDSRVC{127174DC-C366ED8B-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms [2011-06-27 25584]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-08-31 87400]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-08-31 173416]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-01 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2011-03-30 23664]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2011-07-09 32104]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-11 203264]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-16 198784]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-05-31 41320]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-05-31 59240]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 PCSUService;PC Speed Up Service;c:\program files (x86)\Zrychleni Pocitace\PCSUService.exe [2012-11-07 312176]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [2011-05-26 101888]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-02-13 84080]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2011-03-05 166016]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-08-08 12289472]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-06-21 25496]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 15:16]
.
2012-12-23 c:\windows\Tasks\PC SpeedUp Service Deactivator.job
- c:\program files (x86)\Zrychleni Pocitace\PCSUSD.exe [2012-12-04 11:34]
.
2012-12-13 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
2012-12-23 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"TpShocks"="TpShocks.exe" [2011-03-29 380776]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-04-26 310912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-05-31 40808]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2011-06-10 5990200]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.myplaycity.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://home.myplaycity.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Rychetský\AppData\Roaming\Mozilla\Firefox\Profiles\p706qtfs.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - ExtSQL: 2012-11-08 13:45; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2012-12-10 11:03; {ea614400-e918-4741-9a97-7a972ff7c30b}; c:\users\RychetskĂ½\AppData\Roaming\Mozilla\Firefox\Profiles\p706qtfs.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
AddRemove-Moorhuhn 2 V1.1 - c:\windows\IsUn0407.exe
AddRemove-Moorhuhn Winter-Edition - c:\windows\IsUn0407.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06020200}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\SysWOW64\SAsrv.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE
c:\program files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
.
**************************************************************************
.
Celkový čas: 2012-12-23 15:32:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-23 14:32
ComboFix2.txt 2012-12-23 09:27
ComboFix3.txt 2012-12-22 12:37
ComboFix4.txt 2012-12-21 19:29
.
Před spuštěním: Volných bajtů: 192 595 087 360
Po spuštění: Volných bajtů: 192 561 864 704
.
- - End Of File - - 1307A945B5341240C4F22DF09734EF09
-
Rudy
- Site Admin
- Příspěvky: 119522
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalé internetové spojení
Log je již OK. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomalé internetové spojení
Jo rychlejší je to od prvního nebo druhého scanu, ale jsem rád, že se to kompletně vyčistilo. Smekám před Vašimi znalostmi, děkuji za rady a přeju pěkné svátky.
-
Rudy
- Site Admin
- Příspěvky: 119522
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalé internetové spojení
Hezké svátky i vám a nemáte zač! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?
