﻿ComboFix 12-09-18.07 - User 19.09.2012  20:10:08.6.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1250.420.1029.18.3000.1830 [GMT 2:00]
Spuštěný z: c:\users\User\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\User\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\rpcnetp.exe"
"c:\windows\SysWow64\rpcnet.dll"
"c:\windows\SysWow64\rpcnet.exe"
"c:\windows\SysWow64\rpcnetp.dll"
"c:\windows\SysWow64\rpcnetp.exe"
"c:\windows\SysWow64\Upgrd.exe"
.
.
(((((((((((((((((((((((((((((((((((((((   Ostatní výmazy   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\rpcnetp.exe
c:\windows\SysWow64\rpcnet.dll
c:\windows\SysWow64\rpcnet.exe
c:\windows\SysWow64\rpcnetp.dll
c:\windows\SysWow64\rpcnetp.exe
c:\windows\SysWow64\Upgrd.exe
.
c:\windows\System32\autochk.exe . . . je infikován!!
.
.
(((((((((((((((((((((((((((((((((((((((   Ovladače/Služby   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_rpcnet
.
.
(((((((((((((((((((((((((   Soubory vytvořené od 2012-08-19 do 2012-09-19  )))))))))))))))))))))))))))))))
.
.
2012-09-19 18:22 . 2012-09-19 18:22	--------	d-----w-	c:\users\test\AppData\Local\temp
2012-09-19 18:22 . 2012-09-19 18:22	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-09-19 18:22 . 2012-09-19 18:22	--------	d-----w-	c:\users\alca\AppData\Local\temp
2012-09-19 17:57 . 2012-08-23 08:26	9310152	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{731BD63F-C833-449D-B9E6-4D74F940D2BA}\mpengine.dll
2012-09-18 19:52 . 2012-08-23 08:26	9310152	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-16 22:55 . 2012-09-16 22:55	512	----a-w-	C:\Physical0MBR.bin
2012-09-12 12:15 . 2012-08-22 18:12	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-09-12 12:15 . 2012-07-04 20:26	41472	----a-w-	c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 12:15 . 2012-08-02 17:58	574464	----a-w-	c:\windows\system32\d3d10level9.dll
2012-09-12 12:15 . 2012-08-02 16:57	490496	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2012-09-12 12:15 . 2012-08-22 18:12	1913200	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-09-12 12:15 . 2012-08-22 18:12	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-09-12 12:15 . 2012-08-22 18:12	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-10 14:15 . 2012-09-10 14:15	--------	d-----w-	c:\program files (x86)\LogMeIn Hamachi
2012-08-27 10:58 . 2012-08-27 11:07	--------	d-----w-	c:\users\User\.android
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M výpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-12 21:11 . 2011-12-17 15:06	64462936	----a-w-	c:\windows\system32\MRT.exe
2012-09-10 14:19 . 2012-04-21 06:00	696520	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-10 14:19 . 2011-12-21 14:33	73416	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-07 15:04 . 2012-02-19 21:01	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-18 18:15 . 2012-08-15 08:16	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-07-06 20:07 . 2012-08-15 19:10	552960	----a-w-	c:\windows\system32\drivers\bthport.sys
2012-07-04 22:16 . 2012-08-15 08:16	73216	----a-w-	c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 08:16	59392	----a-w-	c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 08:16	136704	----a-w-	c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 08:16	41984	----a-w-	c:\windows\SysWow64\browcli.dll
2012-06-29 04:55 . 2012-08-15 19:07	17809920	----a-w-	c:\windows\system32\mshtml.dll
2012-06-29 04:09 . 2012-08-15 19:07	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-06-29 03:56 . 2012-08-15 19:08	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-06-29 03:49 . 2012-08-15 19:08	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-06-29 03:49 . 2012-08-15 19:08	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-06-29 03:48 . 2012-08-15 19:08	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-06-29 03:47 . 2012-08-15 19:08	237056	----a-w-	c:\windows\system32\url.dll
2012-06-29 03:45 . 2012-08-15 19:08	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-06-29 03:44 . 2012-08-15 19:08	816640	----a-w-	c:\windows\system32\jscript.dll
2012-06-29 03:43 . 2012-08-15 19:08	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-06-29 03:42 . 2012-08-15 19:08	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-06-29 03:40 . 2012-08-15 19:08	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-06-29 03:39 . 2012-08-15 19:08	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-06-29 03:35 . 2012-08-15 19:08	248320	----a-w-	c:\windows\system32\ieui.dll
2012-06-29 00:16 . 2012-08-15 19:08	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-06-29 00:09 . 2012-08-15 19:08	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-06-29 00:08 . 2012-08-15 19:08	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04 . 2012-08-15 19:08	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00 . 2012-08-15 19:08	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-06-25 14:04 . 2012-06-25 14:04	1394248	----a-w-	c:\windows\SysWow64\msxml4.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-09-15_19.51.25   )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-16 14:12 . 2012-09-19 17:48	20460              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-19 18:26	44066              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-16 13:59 . 2012-09-19 18:26	14198              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-146033841-32980914-428312729-1000_UserData.bin
+ 2011-12-15 15:19 . 2012-09-19 18:16	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-15 15:19 . 2012-09-07 16:21	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-15 15:19 . 2012-09-19 18:16	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-12-15 15:19 . 2012-09-07 16:21	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-19 18:16	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-07 16:21	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-18 17:49 . 2012-09-18 18:53	7914              c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-12-15 15:17 . 2012-09-15 14:17	1881              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2011-12-15 15:17 . 2012-09-19 18:23	1881              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2012-09-19 18:24 . 2012-09-19 18:24	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-15 14:18 . 2012-09-15 15:32	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-19 18:24 . 2012-09-19 18:24	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-09-15 14:18 . 2012-09-15 15:32	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-16 13:41 . 2012-09-16 10:05	405396              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-09-18 14:52	654276              c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-09-14 15:29	654276              c:\windows\system32\perfh009.dat
+ 2009-07-14 15:18 . 2012-09-18 14:52	668572              c:\windows\system32\perfh005.dat
- 2009-07-14 15:18 . 2012-09-14 15:29	668572              c:\windows\system32\perfh005.dat
- 2009-07-14 02:36 . 2012-09-14 15:29	122108              c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-09-18 14:52	122108              c:\windows\system32\perfc009.dat
- 2009-07-14 15:18 . 2012-09-14 15:29	141136              c:\windows\system32\perfc005.dat
+ 2009-07-14 15:18 . 2012-09-18 14:52	141136              c:\windows\system32\perfc005.dat
- 2009-07-14 05:01 . 2012-09-15 14:04	275836              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-09-19 18:23	275836              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-17 00:00 . 2012-09-19 18:23	45145228              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-146033841-32980914-428312729-1000-8192.dat
.
((((((((((((((((((((((((((((((((((   Spouštěcí body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zoner (neodebírat)"="c:\users\User\Dropbox\Dokumenty\Programy\zoner.bat" [2011-11-13 60]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016]
.
c:\users\alca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\alca\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-04 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-10 250568]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-04 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-08 114144]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-06-18 19032]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-06-18 12384]
S0 rpcnetp;rpcnetp;rpcnetp [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-06-06 100864]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-08-29 2369960]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-09-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 14:19]
.
2012-09-16 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df64.exe [2012-06-06 13:14]
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-04 16:10]
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-04 16:10]
.
2012-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-146033841-32980914-428312729-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-16 20:04]
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-146033841-32980914-428312729-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-16 20:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\alca\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\alca\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\alca\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\alca\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-01-08 186904]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 162584]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 386840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 417560]
"combofix"="c:\combofix\CF5247.3XE" [2010-11-20 345088]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://seznam.cz/
mLocal Page = c:\windows\SYSTEM32\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1;mbank.cz
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qlixbhi7.default\
FF - prefs.js: keyword.URL - hxxp://www.google.cz/#hl=cs&source=hp&q=
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\rpcnetp.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Celkový čas: 2012-09-19  20:50:13 - počítač byl restartován
ComboFix-quarantined-files.txt  2012-09-19 18:50
ComboFix2.txt  2012-09-18 18:50
ComboFix3.txt  2012-09-18 16:29
ComboFix4.txt  2012-09-15 20:12
.
Před spuštěním: Volných bajtů: 164 572 651 520
Po spuštění: Volných bajtů: 164 494 876 672
.
- - End Of File - - 69928D9E890843902E08B5E8F5A5AC43
