Prosím o kontrolu logu po infekci

[mirotin]

Dobrý večer, Eset Online Scanner odhalil a dal do karantény celkem 9 infikovaných souborů.
Protože je start Vist poslední 4 dny zpomalený (neobvykle dlouho se načítají ikony na plochu a stratuje Microsoft Securty Essentials) projel jsem PC Combofixem s následujícím logem - mohu poprosit o odbornou kontrolu, zda je již vše v pořádku?
Děkuji předem a hezký zbytek soboty.

ComboFix 12-09-27.03 - Admin 29.09.2012 22:11:09.1.2 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1250.420.1029.18.3006.1504 [GMT 2:00]
Spuštěný z: d:\stßhnutú\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\DealPly
c:\program files (x86)\DealPly\DealPlyTune.dll
C:\reg.reg
c:\users\Admin\AppData\Local\Temp\{78A3E36A-D30D-4494-90AF-B2D41E4C57A1}
c:\users\Admin\AppData\Local\Temp\{CE1F9362-7773-4DE1-B2BB-FABE24F48F77}
c:\windows\SysWow64\tmp6F74.tmp
c:\windows\SysWow64\tmp9DA6.tmp
c:\windows\SysWow64\tmp9DA7.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-28 do 2012-09-29 )))))))))))))))))))))))))))))))
.
.
2012-09-29 20:16 . 2012-09-29 20:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-29 19:58 . 2012-09-29 20:07 -------- d-----w- C:\32788R22FWJFW
2012-09-29 18:36 . 2012-09-29 19:02 -------- d-----w- c:\programdata\SecTaskMan
2012-09-27 20:15 . 2012-09-27 20:15 -------- d-----w- c:\program files (x86)\ESET
2012-09-27 19:08 . 2012-09-27 19:08 -------- d-----w- c:\programdata\Sony
2012-09-27 19:08 . 2012-09-27 19:08 -------- d-----w- c:\program files (x86)\Sony
2012-09-26 19:20 . 2012-09-26 19:20 -------- d-----w- c:\program files (x86)\Philosoft Kft
2012-09-26 19:07 . 2012-09-29 19:58 -------- d-----w- c:\program files (x86)\Ccleaner Professional
2012-09-25 19:49 . 2012-09-25 19:55 -------- d-----w- c:\users\Admin\AppData\Local\SniperV2
2012-09-25 19:47 . 2012-09-25 19:47 -------- d-----w- c:\users\Admin\AppData\Local\SKIDROW
2012-09-25 19:17 . 2012-09-25 19:17 -------- d-----w- c:\windows\Favorites
2012-09-25 19:02 . 2012-09-25 19:02 -------- d-----w- c:\users\Admin\AppData\Roaming\Electronic Arts
2012-09-25 18:58 . 2012-09-25 18:58 -------- d-----w- C:\Games
2012-09-25 18:54 . 2012-09-25 18:54 -------- d-----w- c:\program files (x86)\7-Zip
2012-09-24 20:04 . 2012-09-24 20:04 -------- d-----w- c:\users\Admin\AppData\Roaming\MumboJumbo
2012-09-24 19:50 . 2012-09-24 19:50 -------- d-----w- c:\users\Admin\AppData\Local\MumboJumbo
2012-09-24 19:49 . 2012-09-24 19:49 -------- d-----w- C:\Downloads
2012-09-24 19:47 . 2012-09-24 19:47 -------- d-----w- c:\programdata\Trymedia
2012-09-24 19:40 . 2012-09-24 19:40 -------- d-----w- c:\users\Admin\AppData\Roaming\Rovio
2012-09-22 14:09 . 2012-09-29 19:02 -------- d-----w- c:\users\Admin\AppData\Local\Unity
2012-09-20 17:12 . 2012-09-20 17:12 -------- d-----w- c:\programdata\Premium
2012-09-20 17:12 . 2012-09-20 17:12 -------- d-----w- c:\programdata\InstallMate
2012-09-20 17:07 . 2012-07-04 14:33 2769408 ----a-w- c:\windows\system32\win32k.sys
2012-09-20 17:05 . 2012-09-20 17:05 -------- d-----w- c:\program files (x86)\uTorrent
2012-09-20 17:04 . 2012-09-29 18:03 -------- d-----w- c:\users\Admin\AppData\Roaming\uTorrent
2012-09-20 16:34 . 2012-09-20 16:34 -------- d-----w- c:\program files (x86)\Alcohol Soft
2012-09-20 16:32 . 2012-09-20 16:32 560184 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-09-20 09:31 . 2012-06-08 17:59 12899840 ----a-w- c:\windows\system32\shell32.dll
2012-09-20 09:03 . 2012-09-20 09:03 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-20 09:03 . 2012-09-20 09:03 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-20 09:03 . 2012-09-20 09:03 -------- d-----w- c:\windows\SysWow64\Macromed
2012-09-20 09:03 . 2012-09-20 09:03 -------- d-----w- c:\windows\system32\Macromed
2012-09-20 08:58 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-09-20 08:58 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-09-20 08:58 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-09-20 08:58 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-09-20 08:57 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-09-20 08:57 . 2012-06-02 22:19 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-09-20 08:57 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-09-20 08:57 . 2012-06-02 22:19 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-09-20 08:57 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-09-20 08:57 . 2012-06-02 22:12 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-09-20 08:57 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-09-20 08:57 . 2012-06-02 13:19 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-09-20 08:57 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-09-20 08:57 . 2012-06-02 13:12 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-09-12 09:44 . 2012-09-12 09:47 -------- d-----w- C:\temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-30 22:43 . 2006-11-02 12:35 64462936 ----a-w- c:\windows\system32\mrt.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ai Nap"="c:\program files (x86)\ASUS\AI Suite\AiNap\AiNap.exe" [2008-01-28 1413120]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2010-02-23 1310720]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - 92126131
*Deregistered* - 92126131
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Obsah adresáře 'Naplánované úlohy'
.
2012-09-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-20 09:03]
.
2012-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2166658625-900987667-4122372308-1000Core.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-30 13:54]
.
2012-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2166658625-900987667-4122372308-1000UA.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-30 13:54]
.
.
--------- X64 Entries -----------
.
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 94.138.116.1 94.138.116.10
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Celkový čas: 2012-09-29 22:20:17
ComboFix-quarantined-files.txt 2012-09-29 20:20
.
Před spuštěním: Volných bajtů: 240 158 937 088
Po spuštění: Volných bajtů: 240 320 204 800
.
- - End Of File - - 72436DD6585C81F2B9C423BB830C8FD3
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

A tady je ještě log z RSIT, jak jsem si ráčil všimnout dodatečně, že je vámi vyžadován:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Admin at 2012-09-29 23:01:30
Microsoft® Windows Vista™ Ultimate Service Pack 2
System drive C: has 229 GB (75%) free of 305 GB
Total RAM: 3006 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:01:49, on 29.9.2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\AASP\1.00.59\aaCenter.exe
C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Admin.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASDR - Unknown owner - C:\Windows\SysWOW64\ASDR.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 5621 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
taskeng.exe {5319A421-6D65-417C-AECE-72F3156AC915}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\ASUS\AASP\1.00.59\aaCenter.exe"
taskeng.exe {07CB49BD-E04B-448D-BD91-CAC465D7C95B}
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
C:\Windows\system32\AEADISRV.EXE
C:\Windows\SysWOW64\ASDR.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe /Embedding
"c:\Program Files\Microsoft Security Client\NisSrv.exe"
"C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe"
"C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe"
"C:\Program Files\Windows Media Player\wmpnscfg.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3904.1.886470452\1663908193" --gpu-vendor-id=0x10de --gpu-device-id=0x0402 --gpu-driver-vendor=NVIDIA --gpu-driver-version=8.17.12.9573 --ignored=" --type=renderer " /prefetch:12
"C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="3904.3.1447577565\1096672041" --lang=cs --ignored=" --type=renderer " /prefetch:13
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/Standard/OmniboxSearchSuggest/5/Prerender/PrerenderControl/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V1/SpdyCwnd/cwndDynamic/SpdyImpact/spdy3/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_49/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/last_accessed_socket/ --renderer-print-preview --channel="3904.4.1180108278\1505126446" /prefetch:3
splwow64
taskeng.exe {9B789716-CC92-40D8-AD27-C522181AD63D}
"D:\Stáhnuté\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 640 644 652 65536 648
"C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/Standard/OmniboxSearchSuggest/5/Prerender/PrerenderControl/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V1/SpdyCwnd/cwndDynamic/SpdyImpact/spdy3/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_49/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/last_accessed_socket/ --renderer-print-preview --channel="3904.6.132949734\1339820839" /prefetch:3

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2166658625-900987667-4122372308-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2166658625-900987667-4122372308-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2012-09-12 1289704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpu Level Up help]
C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe [2007-11-30 881152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPU Power Monitor]
C:\Program Files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe [2008-01-09 627200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Windows\SysWOW64\qttask.exe [2012-06-01 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-06-17 85160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1584184]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Ai Nap"=C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe [2008-01-28 1413120]
"SoundMAXPnP"=C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [2010-02-23 1310720]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2007-07-20 275360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.ffds"=ff_vfw.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2012-09-29 23:01:30 ----D---- C:\rsit
2012-09-29 23:01:30 ----D---- C:\Program Files\trend micro
2012-09-29 22:41:37 ----SHD---- C:\$RECYCLE.BIN
2012-09-29 22:41:14 ----D---- C:\Program Files (x86)\CCleaner
2012-09-29 22:39:04 ----A---- C:\Windows\IsUninst.exe
2012-09-29 22:26:43 ----D---- C:\Program Files (x86)\Microsoft Security Client
2012-09-29 22:26:40 ----D---- C:\Program Files\Microsoft Security Client
2012-09-29 22:20:18 ----D---- C:\Windows\temp
2012-09-29 22:20:17 ----A---- C:\ComboFix.txt
2012-09-29 22:07:51 ----A---- C:\Windows\zip.exe
2012-09-29 22:07:51 ----A---- C:\Windows\SWSC.exe
2012-09-29 22:07:51 ----A---- C:\Windows\SWREG.exe
2012-09-29 22:07:51 ----A---- C:\Windows\sed.exe
2012-09-29 22:07:51 ----A---- C:\Windows\PEV.exe
2012-09-29 22:07:51 ----A---- C:\Windows\NIRCMD.exe
2012-09-29 22:07:51 ----A---- C:\Windows\MBR.exe
2012-09-29 22:07:51 ----A---- C:\Windows\grep.exe
2012-09-29 21:59:24 ----D---- C:\Qoobox
2012-09-29 21:59:04 ----D---- C:\Windows\erdnt
2012-09-29 21:58:58 ----D---- C:\32788R22FWJFW
2012-09-29 21:44:05 ----A---- C:\TDSSKiller.2.8.10.0_29.09.2012_21.44.05_log.txt
2012-09-29 20:36:19 ----D---- C:\ProgramData\SecTaskMan
2012-09-27 22:15:32 ----D---- C:\Program Files (x86)\ESET
2012-09-27 21:08:36 ----D---- C:\ProgramData\Sony
2012-09-27 21:08:36 ----D---- C:\Program Files (x86)\Sony
2012-09-26 21:20:28 ----D---- C:\Program Files (x86)\Philosoft Kft
2012-09-26 21:07:58 ----D---- C:\Program Files (x86)\Ccleaner Professional
2012-09-25 21:17:01 ----D---- C:\Windows\Favorites
2012-09-25 21:02:52 ----D---- C:\Users\Admin\AppData\Roaming\Electronic Arts
2012-09-25 20:58:52 ----D---- C:\Games
2012-09-25 20:54:50 ----D---- C:\Program Files (x86)\7-Zip
2012-09-24 22:04:53 ----D---- C:\Users\Admin\AppData\Roaming\MumboJumbo
2012-09-24 21:49:43 ----D---- C:\Downloads
2012-09-24 21:47:17 ----D---- C:\ProgramData\Trymedia
2012-09-24 21:40:44 ----D---- C:\Users\Admin\AppData\Roaming\Rovio
2012-09-22 08:08:43 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-09-22 08:08:43 ----A---- C:\Windows\system32\mshtmled.dll
2012-09-22 08:08:42 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2012-09-22 08:08:42 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-09-22 08:08:41 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2012-09-22 08:08:41 ----A---- C:\Windows\system32\jsproxy.dll
2012-09-22 08:08:41 ----A---- C:\Windows\system32\ieUnatt.exe
2012-09-22 08:08:41 ----A---- C:\Windows\system32\ieui.dll
2012-09-22 08:08:40 ----A---- C:\Windows\SYSWOW64\url.dll
2012-09-22 08:08:40 ----A---- C:\Windows\system32\url.dll
2012-09-22 08:08:39 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-09-22 08:08:39 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-09-22 08:08:39 ----A---- C:\Windows\system32\urlmon.dll
2012-09-22 08:08:38 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2012-09-22 08:08:38 ----A---- C:\Windows\system32\msfeeds.dll
2012-09-22 08:08:38 ----A---- C:\Windows\system32\jscript9.dll
2012-09-22 08:08:37 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-09-22 08:08:37 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-09-22 08:08:37 ----A---- C:\Windows\system32\wininet.dll
2012-09-22 08:08:36 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-09-22 08:08:36 ----A---- C:\Windows\system32\vbscript.dll
2012-09-22 08:08:36 ----A---- C:\Windows\system32\jscript.dll
2012-09-22 08:08:36 ----A---- C:\Windows\system32\iertutil.dll
2012-09-22 08:08:35 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-09-22 08:08:34 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-09-22 08:08:32 ----A---- C:\Windows\system32\mshtml.dll
2012-09-22 08:08:31 ----A---- C:\Windows\system32\ieframe.dll
2012-09-22 08:08:30 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-09-20 19:12:59 ----D---- C:\ProgramData\Premium
2012-09-20 19:12:48 ----D---- C:\ProgramData\InstallMate
2012-09-20 19:07:06 ----A---- C:\Windows\system32\win32k.sys
2012-09-20 19:05:42 ----D---- C:\Program Files (x86)\uTorrent
2012-09-20 19:04:45 ----D---- C:\Users\Admin\AppData\Roaming\uTorrent
2012-09-20 18:41:27 ----A---- C:\Windows\AISLP.INI
2012-09-20 18:34:44 ----D---- C:\Program Files (x86)\Alcohol Soft
2012-09-20 18:32:29 ----A---- C:\Windows\system32\drivers\sptd.sys
2012-09-20 11:33:54 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2012-09-20 11:33:53 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2012-09-20 11:33:53 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2012-09-20 11:33:53 ----A---- C:\Windows\system32\msxml6.dll
2012-09-20 11:33:53 ----A---- C:\Windows\system32\msxml3.dll
2012-09-20 11:33:46 ----A---- C:\Windows\system32\schannel.dll
2012-09-20 11:33:46 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2012-09-20 11:33:45 ----A---- C:\Windows\SYSWOW64\schannel.dll
2012-09-20 11:33:45 ----A---- C:\Windows\SYSWOW64\secur32.dll
2012-09-20 11:33:45 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2012-09-20 11:33:45 ----A---- C:\Windows\system32\ncrypt.dll
2012-09-20 11:33:42 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2012-09-20 11:33:42 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2012-09-20 11:33:42 ----A---- C:\Windows\system32\cryptsvc.dll
2012-09-20 11:33:42 ----A---- C:\Windows\system32\cryptnet.dll
2012-09-20 11:33:42 ----A---- C:\Windows\system32\crypt32.dll
2012-09-20 11:33:41 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2012-09-20 11:33:35 ----A---- C:\Windows\SYSWOW64\localspl.dll
2012-09-20 11:33:35 ----A---- C:\Windows\system32\localspl.dll
2012-09-20 11:33:29 ----A---- C:\Windows\SYSWOW64\netapi32.dll
2012-09-20 11:33:29 ----A---- C:\Windows\system32\netapi32.dll
2012-09-20 11:31:21 ----A---- C:\Windows\system32\shell32.dll
2012-09-20 11:31:20 ----A---- C:\Windows\SYSWOW64\shell32.dll
2012-09-20 11:03:39 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2012-09-20 11:03:36 ----D---- C:\Windows\SYSWOW64\Macromed
2012-09-20 11:03:29 ----D---- C:\Windows\system32\Macromed
2012-09-20 10:58:15 ----A---- C:\Windows\system32\wups2.dll
2012-09-20 10:58:15 ----A---- C:\Windows\system32\wuauclt.exe
2012-09-20 10:58:14 ----A---- C:\Windows\system32\wucltux.dll
2012-09-20 10:58:14 ----A---- C:\Windows\system32\wuaueng.dll
2012-09-20 10:57:59 ----A---- C:\Windows\SYSWOW64\wups.dll
2012-09-20 10:57:59 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2012-09-20 10:57:59 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2012-09-20 10:57:59 ----A---- C:\Windows\system32\wups.dll
2012-09-20 10:57:59 ----A---- C:\Windows\system32\wudriver.dll
2012-09-20 10:57:59 ----A---- C:\Windows\system32\wuapi.dll
2012-09-20 10:57:51 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2012-09-20 10:57:51 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2012-09-20 10:57:51 ----A---- C:\Windows\system32\wuwebv.dll
2012-09-20 10:57:51 ----A---- C:\Windows\system32\wuapp.exe
2012-09-12 11:44:31 ----D---- C:\temp
2012-09-12 11:44:31 ----A---- C:\Windows\comip.ini
2012-09-03 19:47:50 ----A---- C:\Windows\Clony2.ini
2012-08-30 22:03:48 ----A---- C:\Windows\system32\drivers\NisDrvWFP.sys
2012-08-30 22:03:48 ----A---- C:\Windows\system32\drivers\MpFilter.sys

======List of files/folders modified in the last 1 month======

2012-09-29 23:01:30 ----RD---- C:\Program Files
2012-09-29 22:48:48 ----D---- C:\Windows\System32
2012-09-29 22:48:48 ----D---- C:\Windows\inf
2012-09-29 22:48:48 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-09-29 22:44:12 ----D---- C:\ProgramData\NVIDIA
2012-09-29 22:43:47 ----D---- C:\Windows
2012-09-29 22:42:52 ----D---- C:\Windows\system32\catroot
2012-09-29 22:41:55 ----D---- C:\Users\Admin\AppData\Roaming\Winamp
2012-09-29 22:41:14 ----RD---- C:\Program Files (x86)
2012-09-29 22:26:51 ----SHD---- C:\Windows\Installer
2012-09-29 22:26:45 ----D---- C:\Windows\system32\drivers
2012-09-29 22:17:56 ----N---- C:\Windows\system.ini
2012-09-29 22:17:52 ----D---- C:\Windows\system32\drivers\etc
2012-09-29 22:16:16 ----D---- C:\Windows\SysWOW64
2012-09-29 22:14:15 ----D---- C:\Windows\SYSWOW64\drivers
2012-09-29 22:14:15 ----D---- C:\Windows\AppPatch
2012-09-29 22:14:14 ----D---- C:\Program Files (x86)\Common Files
2012-09-29 21:02:37 ----D---- C:\Windows\Prefetch
2012-09-29 20:38:22 ----SHD---- C:\System Volume Information
2012-09-29 20:36:19 ----D---- C:\ProgramData
2012-09-29 19:50:20 ----D---- C:\Windows\system32\FxsTmp
2012-09-28 16:37:42 ----D---- C:\Windows\system32\WDI
2012-09-27 22:15:35 ----SD---- C:\Windows\Downloaded Program Files
2012-09-27 21:26:28 ----D---- C:\Windows\system32\catroot2
2012-09-27 21:08:36 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-09-26 21:20:30 ----SD---- C:\Users\Admin\AppData\Roaming\Microsoft
2012-09-26 21:10:48 ----D---- C:\Windows\Logs
2012-09-26 21:10:48 ----D---- C:\Windows\Debug
2012-09-26 20:40:17 ----A---- C:\Windows\WINCMD.INI
2012-09-25 21:08:23 ----RSD---- C:\Windows\assembly
2012-09-25 20:58:43 ----D---- C:\Windows\SYSWOW64\directx
2012-09-24 22:04:53 ----D---- C:\ProgramData\MumboJumbo
2012-09-22 08:35:04 ----D---- C:\Windows\SYSWOW64\migration
2012-09-22 08:35:04 ----D---- C:\Windows\system32\migration
2012-09-22 08:35:04 ----D---- C:\Program Files (x86)\Internet Explorer
2012-09-22 08:35:03 ----D---- C:\Program Files\Internet Explorer
2012-09-22 08:09:35 ----D---- C:\Windows\winsxs
2012-09-20 20:52:27 ----D---- C:\Windows\Microsoft.NET
2012-09-20 20:30:03 ----D---- C:\Windows\rescache
2012-09-20 20:11:24 ----D---- C:\Windows\SYSWOW64\cs-CZ
2012-09-20 20:11:24 ----D---- C:\Windows\system32\cs-CZ
2012-09-20 18:32:25 ----D---- C:\Windows\system32\Tasks
2012-09-20 11:03:59 ----D---- C:\ProgramData\Adobe
2012-09-20 11:03:40 ----D---- C:\Windows\Tasks
2012-08-31 00:43:50 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 fvevol;BitLocker Drive Encryption Filter Driver; C:\Windows\System32\DRIVERS\fvevol.sys [2009-04-11 160744]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2012-08-30 228768]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-09-20 560184]
R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2007-12-18 14392]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-12-18 34472]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2010-02-23 472064]
R3 Dot4;Ovladač MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 145408]
R3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 19968]
R3 Dot4Scan;Ovladač třídy skeneru standardu IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Scan.sys [2008-01-21 13824]
R3 dot4usb;Filtr Dot4USB Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 42496]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2006-11-01 15680]
R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2007-01-15 12288]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2012-02-09 13624128]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys [2010-06-23 318568]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-08-09 36352]
S1 EIO;EIO; \??\C:\Windows\system32\drivers\EIO64.sys [2006-06-14 15360]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 6144]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 273920]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 11008]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 7040]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 6656]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 7936]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver; C:\Windows\system32\DRIVERS\Rtnic64.sys [2006-09-18 55640]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 46592]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 108544]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 8704]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 438328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [2010-02-23 111616]
R2 ASDR;ASDR; C:\Windows\SysWOW64\ASDR.exe [2007-03-20 61440]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 27648]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2012-09-12 22072]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-11-20 151144]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-11-20 240232]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-20 250288]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]

-----------------EOF-----------------

[Rudy]

ComboFix není určen pro laiky. Hodláte si zbořit systém?

Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

File::
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2166658625-900987667-4122372308-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2166658625-900987667-4122372308-1000UA.job

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[mirotin]

Tak tady je nový log, nějaké zamknuté klíče ještě zůstaly:

ComboFix 12-09-27.03 - Admin 29.09.2012 23:35:26.2.2 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1250.420.1029.18.3006.1745 [GMT 2:00]
Spuštěný z: c:\users\Admin\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Admin\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2166658625-900987667-4122372308-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2166658625-900987667-4122372308-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2166658625-900987667-4122372308-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2166658625-900987667-4122372308-1000UA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-28 do 2012-09-29 )))))))))))))))))))))))))))))))
.
.
2012-09-29 21:40 . 2012-09-29 21:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-29 21:01 . 2012-09-29 21:01 -------- d-----w- C:\rsit
2012-09-29 21:01 . 2012-09-29 21:01 -------- d-----w- c:\program files\trend micro
2012-09-29 20:41 . 2012-09-29 20:41 -------- d-----w- c:\program files (x86)\CCleaner
2012-09-29 20:39 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2012-09-29 20:28 . 2012-09-29 20:28 972192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6E0F459F-F9A7-4108-B226-E31304E7EB71}\gapaengine.dll
2012-09-29 20:28 . 2012-08-29 22:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{82AF8334-69B1-4525-9ECC-DA76BCC6978B}\mpengine.dll
2012-09-29 20:26 . 2012-09-29 20:26 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-09-29 20:26 . 2012-09-29 20:26 -------- d-----w- c:\program files\Microsoft Security Client
2012-09-29 18:36 . 2012-09-29 19:02 -------- d-----w- c:\programdata\SecTaskMan
2012-09-27 20:15 . 2012-09-27 20:15 -------- d-----w- c:\program files (x86)\ESET
2012-09-27 19:08 . 2012-09-27 19:08 -------- d-----w- c:\programdata\Sony
2012-09-27 19:08 . 2012-09-27 19:08 -------- d-----w- c:\program files (x86)\Sony
2012-09-26 19:20 . 2012-09-26 19:20 -------- d-----w- c:\program files (x86)\Philosoft Kft
2012-09-26 19:07 . 2012-09-29 19:58 -------- d-----w- c:\program files (x86)\Ccleaner Professional
2012-09-25 19:49 . 2012-09-25 19:55 -------- d-----w- c:\users\Admin\AppData\Local\SniperV2
2012-09-25 19:47 . 2012-09-25 19:47 -------- d-----w- c:\users\Admin\AppData\Local\SKIDROW
2012-09-25 19:17 . 2012-09-25 19:17 -------- d-----w- c:\windows\Favorites
2012-09-25 19:02 . 2012-09-25 19:02 -------- d-----w- c:\users\Admin\AppData\Roaming\Electronic Arts
2012-09-25 18:58 . 2012-09-25 18:58 -------- d-----w- C:\Games
2012-09-25 18:54 . 2012-09-25 18:54 -------- d-----w- c:\program files (x86)\7-Zip
2012-09-24 20:04 . 2012-09-24 20:04 -------- d-----w- c:\users\Admin\AppData\Roaming\MumboJumbo
2012-09-24 19:50 . 2012-09-24 19:50 -------- d-----w- c:\users\Admin\AppData\Local\MumboJumbo
2012-09-24 19:49 . 2012-09-24 19:49 -------- d-----w- C:\Downloads
2012-09-24 19:47 . 2012-09-24 19:47 -------- d-----w- c:\programdata\Trymedia
2012-09-24 19:40 . 2012-09-24 19:40 -------- d-----w- c:\users\Admin\AppData\Roaming\Rovio
2012-09-22 14:09 . 2012-09-29 19:02 -------- d-----w- c:\users\Admin\AppData\Local\Unity
2012-09-20 17:12 . 2012-09-20 17:12 -------- d-----w- c:\programdata\Premium
2012-09-20 17:12 . 2012-09-20 17:12 -------- d-----w- c:\programdata\InstallMate
2012-09-20 17:07 . 2012-07-04 14:33 2769408 ----a-w- c:\windows\system32\win32k.sys
2012-09-20 17:05 . 2012-09-20 17:05 -------- d-----w- c:\program files (x86)\uTorrent
2012-09-20 17:04 . 2012-09-29 18:03 -------- d-----w- c:\users\Admin\AppData\Roaming\uTorrent
2012-09-20 16:34 . 2012-09-20 16:34 -------- d-----w- c:\program files (x86)\Alcohol Soft
2012-09-20 16:32 . 2012-09-20 16:32 560184 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-09-20 09:31 . 2012-06-08 17:59 12899840 ----a-w- c:\windows\system32\shell32.dll
2012-09-20 09:03 . 2012-09-20 09:03 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-20 09:03 . 2012-09-20 09:03 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-20 09:03 . 2012-09-20 09:03 -------- d-----w- c:\windows\SysWow64\Macromed
2012-09-20 09:03 . 2012-09-20 09:03 -------- d-----w- c:\windows\system32\Macromed
2012-09-20 08:58 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-09-20 08:58 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-09-20 08:58 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-09-20 08:58 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-09-20 08:57 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-09-20 08:57 . 2012-06-02 22:19 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-09-20 08:57 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-09-20 08:57 . 2012-06-02 22:19 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-09-20 08:57 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-09-20 08:57 . 2012-06-02 22:12 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-09-20 08:57 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-09-20 08:57 . 2012-06-02 13:19 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-09-20 08:57 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-09-20 08:57 . 2012-06-02 13:12 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-09-12 09:44 . 2012-09-12 09:47 -------- d-----w- C:\temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-30 22:43 . 2006-11-02 12:35 64462936 ----a-w- c:\windows\system32\mrt.exe
2012-08-30 20:03 . 2012-08-30 20:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 20:03 . 2012-08-30 20:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ai Nap"="c:\program files (x86)\ASUS\AI Suite\AiNap\AiNap.exe" [2008-01-28 1413120]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2010-02-23 1310720]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-20 250288]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Obsah adresáře 'Naplánované úlohy'
.
2012-09-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-20 09:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 94.138.116.1 94.138.116.10
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\ASUS\AASP\1.00.59\aaCenter.exe
c:\windows\SysWOW64\ASDR.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
.
**************************************************************************
.
Celkový čas: 2012-09-29 23:45:35 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-09-29 21:45
ComboFix2.txt 2012-09-29 20:20
.
Před spuštěním: Volných bajtů: 240 299 110 400
Po spuštění: Volných bajtů: 240 252 776 448
.
- - End Of File - - 76F893939E06764FA34FF1AEF4BC23F6

[Rudy]

Ne všechno lze odemknout. Jinak čisto.

[mirotin]

Dobrý večer ještě jednou, děkuji za konrolu, jen stále přetrvává problém při startu - když naběhne plocha dlouho trvá, než ikony získají svou správnou podobu a navíc se zdá , že se nenačtou aplikace po spuštění - nevidím ikonky vedle hodin krom stavu sítě a ovládání hlasitosti (Microsoft security essentials, SoundMax řízení), takže jejich start musím vynutit ručně, přitom v "po spuštění" jsou fajfkované...
Nevíte, kde by mohl být problém? Díky za Váš čas.

[Rudy]

Zkuste aplikace přeinstalovat.

[mirotin]

Vypadá, že reinstall pomohl. Díky za tip a za pomoc, přeji hezký večer.

[Rudy]

Hezký večer i vám a nemáte zač!