ComboFix 13-01-12.01 - Iveta 12.01.2013  23:01:21.1.1 - x86
Sputn z: c:\users\Iveta\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Ostatn vmazy   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
D:\autorun.inf
.
.
(((((((((((((((((((((((((   Soubory vytvoen od 2012-12-13 do 2013-01-13  )))))))))))))))))))))))))))))))
.
.
2013-01-13 05:08 . 2013-01-13 05:08	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-12 20:59 . 2013-01-12 21:01	--------	d-----w-	c:\program files\trend micro
2013-01-12 20:59 . 2013-01-12 21:12	--------	d-----w-	C:\rsit
2013-01-12 20:47 . 2013-01-12 20:50	--------	d-----w-	c:\program files\CrystalDiskInfo
2013-01-12 19:10 . 2013-01-12 19:10	60872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{3B7B0794-B975-4137-8C87-6D5F13E2CE7A}\offreg.dll
2013-01-12 18:59 . 2013-01-12 18:59	--------	d-----w-	c:\users\Iveta\AppData\Local\GHISLER
2013-01-12 18:57 . 2013-01-12 18:57	--------	d-----w-	c:\users\Iveta\AppData\Roaming\GHISLER
2013-01-12 10:06 . 2013-01-12 10:06	697864	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-01-12 08:33 . 2013-01-12 10:04	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2013-01-12 08:33 . 2013-01-12 08:39	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2013-01-11 11:22 . 2012-11-08 18:00	6812136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{3B7B0794-B975-4137-8C87-6D5F13E2CE7A}\mpengine.dll
2013-01-09 20:14 . 2012-11-22 04:45	626688	----a-w-	c:\windows\system32\usp10.dll
2013-01-09 20:14 . 2012-11-23 02:56	2345984	----a-w-	c:\windows\system32\win32k.sys
2013-01-09 20:14 . 2012-11-09 04:43	492032	----a-w-	c:\windows\system32\win32spl.dll
2013-01-09 20:11 . 2012-12-07 10:46	43520	----a-w-	c:\windows\system32\csrr.rs
2012-12-21 23:03 . 2012-12-16 14:13	295424	----a-w-	c:\windows\system32\atmfd.dll
2012-12-21 23:03 . 2012-12-16 14:13	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-17 09:06 . 2012-12-17 09:07	--------	d-----w-	c:\users\Iveta\byt Svazck Ova
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M vpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-12 10:06 . 2011-06-09 16:14	74248	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-19 14:02 . 2011-03-30 03:58	48648	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-11-24 12:43 . 2011-03-18 16:36	483952	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-11-12 11:52 . 2012-12-13 07:33	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2012-11-09 04:42 . 2012-12-13 07:32	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-02 05:11 . 2012-12-13 07:33	376832	----a-w-	c:\windows\system32\dpnet.dll
2012-10-27 06:26 . 2012-12-13 07:33	981504	----a-w-	c:\windows\system32\wininet.dll
2012-10-16 07:39 . 2012-11-28 07:57	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
.
.
((((((((((((((((((((((((((((((((((   Spoutc body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznmka* przdn zznamy a legitimn vchoz daje nejsou zobrazeny. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
2011-05-31 21:21	351448	----a-w-	c:\progra~1\SITERA~1\SiteRank.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"OfficeSubscriptionAgent"="c:\program files\Common Files\Microsoft Shared\OFFICE14\osaui.exe" [2011-11-16 932160]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\Iveta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Kooperativa - PDF Server.lnk - c:\program files\Kooperativa\KoopPxBN\KoopPDFServerSA.exe [2011-2-17 10335744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u msoidssp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Iveta^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Kooperativa - PDF Server.lnk]
path=c:\users\Iveta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kooperativa - PDF Server.lnk
backup=c:\windows\pss\Kooperativa - PDF Server.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51	919008	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-27 20:51	35768	----a-w-	c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-30 18:06	59280	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-01-27 19:54	136176	----atw-	c:\users\Iveta\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 17:33	421776	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileBroadband]
2011-07-14 14:45	279552	----a-w-	c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 16:36	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17	1174016	----a-w-	c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteRanker]
2011-09-12 06:06	320000	----a-w-	c:\program files\SiteRanker\SiteRankTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 12:06	254696	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 eISISPostgreSQL;eISIS PostgreSQL Database Server;c:\eisis\servers\postgresql\bin\pg_ctl.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Sluba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [x]
R4 SQLAgent$SQL_SMSGALAXY;SQL Server Agent (SQL_SMSGALAXY);c:\program files\Microsoft SQL Server\MSSQL10_50.SQL_SMSGALAXY\MSSQL\Binn\SQLAGENT.EXE [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [x]
S1 aswKbd;aswKbd; [x]
S2 eISISTomcat;eISIS Tomcat;c:\eisis\servers\tomcat\bin\tomcat5.exe [x]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe [x]
S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [x]
S2 MSSQL$SQL_SMSGALAXY;SQL Server (SQL_SMSGALAXY);c:\program files\Microsoft SQL Server\MSSQL10_50.SQL_SMSGALAXY\MSSQL\Binn\sqlservr.exe [x]
S2 osubsvc;Agent odbr systmu Microsoft Office 2010;c:\program files\Common Files\Microsoft Shared\OFFICE14\osa.exe [x]
S2 VmbService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [x]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 NETw1v32;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw1v32.sys [x]
S3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService	REG_MULTI_SZ   	HPSLPSVC
.
Obsah adrese 'Naplnovan lohy'
.
2013-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-27 19:54]
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-27 19:54]
.
2013-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1613761464-336836081-531166385-1000Core.job
- c:\users\Iveta\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-17 19:54]
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1613761464-336836081-531166385-1000UA.job
- c:\users\Iveta\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-17 19:54]
.
.
------- Doplkov sken -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: WikiKomente Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
Trusted Zone: cpp.cz\sus
Trusted Zone: vodafone.cz\prm
TCP: DhcpNameServer = 192.168.0.254
TCP: Interfaces\{2E4C059D-12FC-41BD-8D98-C7F7C1CBD4D4}: NameServer = 62.129.50.20,85.135.32.100
DPF: {2AA033AA-412B-4248-9DAF-59868A7BDD7F} - hxxps://prm.vodafone.cz/prmportal/21229/applets/SiebelAx_Configurator.cab
DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} - hxxps://portal.allianz.cz/+CSCOL+/csvrloader32.cab
DPF: {3F736969-E75E-48F8-99F2-7CB5105ABD15} - hxxps://prm.vodafone.cz/prmportal/21238/applets/SiebelAx_HI_Client.cab
DPF: {77DBDF9B-E26A-4FB8-A9FC-735CDE187FB4} - hxxps://prm.vodafone.cz/prmportal/21229/applets/SiebelAx_HI_Client.cab
FF - ProfilePath - c:\users\Iveta\AppData\Roaming\Mozilla\Firefox\Profiles\khn1m22l.default\
FF - prefs.js: browser.search.selectedEngine - Centrum.cz Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.centrum.cz/index.php?toolbar=centrum-1.0.0&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: SiteRanker: siteranker@siteranker.com - c:\program files\SiteRanker\firefox
FF - Ext: Bytemobile Optimization Client: ff-bmboc@bytemobile.com - c:\program files\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
.
- - - - NEPLATN POLOKY ODSTRANN Z REGISTRU - - - -
.
HKCU-Run-Facebook Update - c:\users\Iveta\AppData\Local\Facebook\Update\FacebookUpdate.exe
MSConfigStartUp-Facebook Update - c:\users\Iveta\AppData\Local\Facebook\Update\FacebookUpdate.exe
MSConfigStartUp-GrooveMonitor - c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\msseces.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
--------------------- ZAMKNUT KLE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkov as: 2013-01-13  06:23:30
ComboFix-quarantined-files.txt  2013-01-13 05:23
.
Ped sputnm: Volnch bajt: 160316039168
Po sputn: Volnch bajt: 160229867520
.
- - End Of File - - A39A8EC5F10B6C8871001EEC7187561B
