ComboFix 14-03-10.01 - pc2 13.03.2014   7:08.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1250.420.1029.18.3583.2493 [GMT 1:00]
Sputn z: c:\users\pc2\Desktop\cf.exe.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Vytvoen nov Bod Obnoven
.
.
(((((((((((((((((((((((((((((((((((((((   Ostatn vmazy   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\USB_video_device\Driver\Driver32\Desktop_.ini
c:\windows\Help\drvvfp.chm.981516B7_19F5_4A4C_97A4_5EF09A684662
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
(((((((((((((((((((((((((((((((((((((((   Ovladae/Sluby   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Services
.
.
(((((((((((((((((((((((((   Soubory vytvoen od 2014-02-13 do 2014-03-13  )))))))))))))))))))))))))))))))
.
.
2014-03-13 06:20 . 2011-07-13 03:39	6881616	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{BD0ADA8D-35A0-4744-8714-FDCBA1723A42}\mpengine.dll
2014-03-13 06:17 . 2014-03-13 06:21	--------	d-----w-	c:\users\pc2\AppData\Local\temp
2014-03-13 06:17 . 2014-03-13 06:17	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-03-13 06:14 . 2014-03-13 06:14	62576	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9BDD512C-83AF-44E9-84A7-46B8C7837C04}\offreg.dll
2014-03-13 05:55 . 2014-03-13 06:03	--------	d-----w-	C:\Veronika.KOS
2014-03-13 05:55 . 2014-03-13 05:55	--------	d-----w-	c:\users\pc2\AppData\Local\GHISLER
2014-03-12 19:24 . 2014-03-12 19:24	--------	d-----w-	C:\totalcmd
2014-03-12 19:24 . 2014-03-12 19:24	--------	d-----w-	c:\users\pc2\AppData\Roaming\GHISLER
2014-03-12 19:24 . 2014-02-19 07:50	545	----a-w-	c:\windows\UC.PIF
2014-03-12 19:24 . 2014-02-19 07:50	545	----a-w-	c:\windows\RAR.PIF
2014-03-12 19:24 . 2014-02-19 07:50	545	----a-w-	c:\windows\LHA.PIF
2014-03-12 19:24 . 2014-02-19 07:50	545	----a-w-	c:\windows\ARJ.PIF
2014-03-12 19:19 . 2014-03-12 19:23	--------	d-----w-	c:\users\pc2\AppData\Roaming\TeraCopy
2014-03-12 19:19 . 2014-03-12 19:19	--------	d-----w-	c:\program files\TeraCopy
2014-03-12 13:39 . 2014-03-12 13:39	83456	----a-w-	c:\windows\system32\WKLxIpU.exe
2014-03-12 13:22 . 2014-03-12 13:22	--------	d-----w-	c:\users\pc2\AppData\Roaming\Malwarebytes
2014-03-12 13:22 . 2014-03-12 13:22	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2014-03-12 13:22 . 2014-03-12 13:22	--------	d-----w-	c:\programdata\Malwarebytes
2014-03-12 13:22 . 2013-04-04 13:50	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-03-12 13:22 . 2014-03-12 13:22	--------	d-----w-	c:\users\pc2\AppData\Local\Programs
2014-03-07 13:11 . 2014-02-06 07:08	7947048	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9BDD512C-83AF-44E9-84A7-46B8C7837C04}\mpengine.dll
2014-02-27 13:24 . 2014-02-27 13:24	--------	d-----w-	c:\windows\Migration
2014-02-14 14:08 . 2013-12-21 07:56	523776	----a-w-	c:\windows\system32\vbscript.dll
2014-02-14 05:57 . 2013-12-06 02:02	2048	----a-w-	c:\windows\system32\msxml3r.dll
2014-02-14 05:57 . 2013-12-06 02:02	1237504	----a-w-	c:\windows\system32\msxml3.dll
2014-02-14 05:57 . 2013-12-24 23:09	1987584	----a-w-	c:\windows\system32\d3d10warp.dll
2014-02-14 05:57 . 2013-11-26 08:16	3419136	----a-w-	c:\windows\system32\d2d1.dll
2014-02-14 05:57 . 2013-12-04 01:54	594944	----a-w-	c:\windows\system32\RMActivate_isv.exe
2014-02-14 05:57 . 2013-12-04 01:54	572416	----a-w-	c:\windows\system32\RMActivate.exe
2014-02-14 05:57 . 2013-12-04 01:54	508928	----a-w-	c:\windows\system32\RMActivate_ssp_isv.exe
2014-02-14 05:57 . 2013-12-04 02:03	87040	----a-w-	c:\windows\system32\secproc_ssp_isv.dll
2014-02-14 05:57 . 2013-12-04 02:03	87040	----a-w-	c:\windows\system32\secproc_ssp.dll
2014-02-14 05:57 . 2013-12-04 02:03	423936	----a-w-	c:\windows\system32\secproc_isv.dll
2014-02-14 05:57 . 2013-12-04 02:03	428032	----a-w-	c:\windows\system32\secproc.dll
2014-02-14 05:57 . 2013-12-04 02:02	390144	----a-w-	c:\windows\system32\msdrm.dll
2014-02-14 05:57 . 2013-12-04 01:54	510976	----a-w-	c:\windows\system32\RMActivate_ssp.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M vpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 13:19 . 2012-03-30 15:17	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 13:19 . 2012-03-30 15:17	692616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-12-18 05:13 . 2010-12-16 10:05	231584	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((   Spoutc body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznmka* przdn zznamy a legitimn vchoz daje nejsou zobrazeny. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-08-28 1486848]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2219184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-25 343168]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
.
c:\users\pc2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R3 ifccsc21;ifccsc21;c:\windows\system32\ifccsc21.exe [x]
R3 RVG6Driver;Kodak Trophy RVG Driver;c:\windows\system32\Drivers\RVG6USB.sys [2010-06-25 159808]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Sluba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-17 1343400]
S0 CORLOG;CORLOG;c:\windows\system32\drivers\corlog.sys [2011-01-24 3104]
S0 CORPCI;CORPCI;c:\windows\system32\drivers\corpci.sys [2011-01-24 10112]
S1 CORSERIAL;CORSERIAL;c:\windows\system32\drivers\corserial.sys [2011-01-24 45880]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
S1 mvcntp;mvcntp;c:\windows\system32\drivers\mvcntp.sys [2011-01-24 111872]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-26 176128]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 137144]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2011-01-12 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-12-21 41336]
S2 MSSQL$DENTIST32;SQL Server (DENTIST32);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 RVGNetworkConfigurationService;RVG Network Configuration Service;c:\program files\Common Files\Trophy\Services\RVGNetworkConfiguration\RVGNetworkConfiguration.exe [2010-04-09 40960]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2011-02-08 5120]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-06-06 211984]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-08-17 1077760]
.
.
--- Ostatn sluby/ovladae v pamti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adrese 'Naplnovan lohy'
.
2014-03-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 13:19]
.
2014-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-849347240-1981523250-842127770-1000Core.job
- c:\users\pc2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-19 09:28]
.
2014-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-849347240-1981523250-842127770-1000UA.job
- c:\users\pc2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-19 09:28]
.
.
------- Doplkov sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATN POLOKY ODSTRANN Z REGISTRU - - - -
.
AddRemove-RVGInstaller - c:\windows\TEMP\DriverRVG\RVG-uninst.exe
AddRemove-STVInstaller - c:\windows\TEMP\DriverSTV\STV-uninst.exe
.
.
.
--------------------- ZAMKNUT KLE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navzan na bc procesy ---------------------
.
- - - - - - - > 'lsass.exe'(548)
c:\program files\Bonjour\mdnsNSP.dll
.
------------------------ Jin sputen procesy ------------------------
.
c:\windows\system32\AUDIODG.EXE
c:\windows\system32\atieclxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\taskhost.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkov as: 2014-03-13  07:26:51 - pota byl restartovn
ComboFix-quarantined-files.txt  2014-03-13 06:26
.
Ped sputnm: Volnch bajt: 442733887488
Po sputn: Volnch bajt: 444916932608
.
- - End Of File - - 7DD36A87982DB83199BD2CFAFE829151
A36C5E4F47E84449FF07ED3517B43A31
