problem se services.exe

[kip33]

Ahoj, vypada to, ze vse funguje normalne s tim rozdilem, ze avg nevyhazuje kazdych 10 minut nejake okno
Se slozkou qoobox nejak nemuzu nic delat, winrar pise ze nelze precist obsah slozky BackEnv.

nove logy:
- RSIT:

RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : nikol.kundratova [Práva správce]
Mód : Kontrola -- Datum : 01/15/2013 17:17:53

¤¤¤ Škodlivé procesy: : 1 ¤¤¤
[SUSP PATH] CrossLoopService.exe -- C:\Users\nikol.kundratova\AppData\Local\CrossLoop\CrossLoopService.exe -> SMAZÁNO [TermProc]

¤¤¤ ¤¤¤ Záznamy Registrů: : 8 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NALEZENO
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> NALEZENO
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> NALEZENO
[HJ] HKLM\[...]\System : EnableLUA (0) -> NALEZENO
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ Zvláštní soubory / Složky: ¤¤¤
[ZeroAccess][FOLDER] U : C:\Windows\Installer\{5648413c-eb53-4e91-6c43-0041d6c19826}\U --> NALEZENO
[ZeroAccess][FOLDER] L : C:\Windows\Installer\{5648413c-eb53-4e91-6c43-0041d6c19826}\L --> NALEZENO

¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤

¤¤¤ Nákaza : ZeroAccess ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK5055GSXN +++++
--- User ---
[MBR] 0c821c6a1fc22330af98450051ce2b68
[BSP] dbfb206885cff68b713a9afd107e6b0e : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 400 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 821248 | Size: 238470 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 489207808 | Size: 238069 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[3]_S_01152013_02d1717.txt >>
RKreport[2]_S_01112013_02d2050.txt ; RKreport[3]_S_01152013_02d1717.txt


- GMER:
GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-15 17:31:32
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GC00 465,76GB
Running: gmer.exe; Driver: C:\Users\NIKOL~1.KUN\AppData\Local\Temp\pwddykog.sys


---- Kernel code sections - GMER 2.0 ----

.text C:\Windows\system32\drivers\USBPORT.SYS!DllUnload fffff88004793d64 12 bytes {MOV RAX, 0xfffffa8006dee2a0; JMP RAX}

---- User code sections - GMER 2.0 ----

.text C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe[1504] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ee1401 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe[1504] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ee1419 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe[1504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ee1431 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe[1504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ee144a 2 bytes [EE, 76]
.text ... * 9
.text C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe[1504] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ee14dd 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe[1504] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ee14f5 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe[1504] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ee150d 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe[1504] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ee1525 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe[1504] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ee153d 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe[1504] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ee1555 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe[1504] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ee156d 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe[1504] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ee1585 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe[1504] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ee159d 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe[1504] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ee15b5 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe[1504] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ee15cd 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe[1504] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ee16b2 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe[1504] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ee16bd 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\avgfws9.exe[14636] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ee1401 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\avgfws9.exe[14636] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ee1419 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\avgfws9.exe[14636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ee1431 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\avgfws9.exe[14636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ee144a 2 bytes [EE, 76]
.text ... * 9
.text C:\Program Files (x86)\AVG\AVG9\avgfws9.exe[14636] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ee14dd 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\avgfws9.exe[14636] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ee14f5 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\avgfws9.exe[14636] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ee150d 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\avgfws9.exe[14636] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ee1525 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\avgfws9.exe[14636] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ee153d 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\avgfws9.exe[14636] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ee1555 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\avgfws9.exe[14636] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ee156d 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\avgfws9.exe[14636] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ee1585 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\avgfws9.exe[14636] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ee159d 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\avgfws9.exe[14636] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ee15b5 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\avgfws9.exe[14636] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ee15cd 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\avgfws9.exe[14636] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ee16b2 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\avgfws9.exe[14636] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ee16bd 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe[3632] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ee1401 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe[3632] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ee1419 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe[3632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ee1431 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe[3632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ee144a 2 bytes [EE, 76]
.text ... * 9
.text C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe[3632] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ee14dd 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe[3632] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ee14f5 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe[3632] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ee150d 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe[3632] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ee1525 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe[3632] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ee153d 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe[3632] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ee1555 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe[3632] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ee156d 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe[3632] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ee1585 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe[3632] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ee159d 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe[3632] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ee15b5 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe[3632] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ee15cd 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe[3632] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ee16b2 2 bytes [EE, 76]
.text C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe[3632] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ee16bd 2 bytes [EE, 76]
.text C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe[3932] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000076f4c45a 5 bytes JMP 00000001012b12f1
.text C:\Users\nikol.kundratova\AppData\Local\Google\Chrome\Application\chrome.exe[4812] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076f2f991 7 bytes {MOV EDX, 0x661628; JMP RDX}
.text C:\Users\nikol.kundratova\AppData\Local\Google\Chrome\Application\chrome.exe[4812] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076f2fbd5 7 bytes {MOV EDX, 0x661668; JMP RDX}
.text C:\Users\nikol.kundratova\AppData\Local\Google\Chrome\Application\chrome.exe[4812] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076f2fc05 7 bytes {MOV EDX, 0x6615a8; JMP RDX}
.text C:\Users\nikol.kundratova\AppData\Local\Google\Chrome\Application\chrome.exe[4812] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076f2fc1d 7 bytes {MOV EDX, 0x661528; JMP RDX}
.text C:\Users\nikol.kundratova\AppData\Local\Google\Chrome\Application\chrome.exe[4812] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076f2fc35 7 bytes {MOV EDX, 0x661728; JMP RDX}
.text C:\Users\nikol.kundratova\AppData\Local\Google\Chrome\Application\chrome.exe[4812] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076f2fc65 7 bytes {MOV EDX, 0x661768; JMP RDX}
.text C:\Users\nikol.kundratova\AppData\Local\Google\Chrome\Application\chrome.exe[4812] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076f2fce5 7 bytes {MOV EDX, 0x6616e8; JMP RDX}
.text C:\Users\nikol.kundratova\AppData\Local\Google\Chrome\Application\chrome.exe[4812] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076f2fcfd 7 bytes {MOV EDX, 0x6616a8; JMP RDX}
.text C:\Users\nikol.kundratova\AppData\Local\Google\Chrome\Application\chrome.exe[4812] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076f2fd49 7 bytes {MOV EDX, 0x661468; JMP RDX}
.text C:\Users\nikol.kundratova\AppData\Local\Google\Chrome\Application\chrome.exe[4812] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076f2fe41 7 bytes {MOV EDX, 0x6614a8; JMP RDX}
.text C:\Users\nikol.kundratova\AppData\Local\Google\Chrome\Application\chrome.exe[4812] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076f30099 7 bytes {MOV EDX, 0x661428; JMP RDX}
.text C:\Users\nikol.kundratova\AppData\Local\Google\Chrome\Application\chrome.exe[4812] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076f310a5 7 bytes {MOV EDX, 0x6615e8; JMP RDX}
.text C:\Users\nikol.kundratova\AppData\Local\Google\Chrome\Application\chrome.exe[4812] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076f3111d 7 bytes {MOV EDX, 0x661568; JMP RDX}
.text C:\Users\nikol.kundratova\AppData\Local\Google\Chrome\Application\chrome.exe[4812] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076f31321 7 bytes {MOV EDX, 0x6614e8; JMP RDX}
.text C:\Users\nikol.kundratova\AppData\Local\Google\Chrome\Application\chrome.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ee1401 2 bytes [EE, 76]
.text C:\Users\nikol.kundratova\AppData\Local\Google\Chrome\Application\chrome.exe[4812] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ee1419 2 bytes [EE, 76]
.text C:\Users\nikol.kundratova\AppData\Local\Google\Chrome\Application\chrome.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ee1431 2 bytes [EE, 76]
.text C:\Users\nikol.kundratova\AppData\Local\Google\Chrome\Application\chrome.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ee144a 2 bytes [EE, 76]
.text ... * 9
.text C:\Users\nikol.kundratova\AppData\Local\Google\Chrome\Application\chrome.exe[4812] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ee14dd 2 bytes [EE, 76]
.text C:\Users\nikol.kundratova\AppData\Local\Google\Chrome\Application\chrome.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ee14f5 2 bytes [EE, 76]
.text C:\Users\nikol.kundratova\AppData\Local\Google\Chrome\Application\chrome.exe[4812] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ee150d 2 bytes [EE, 76]
.text C:\Users\nikol.kundratova\AppData\Local\Google\Chrome\Application\chrome.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ee1525 2 bytes [EE, 76]
.text C:\Users\nikol.kundratova\AppData\Local\Google\Chrome\Application\chrome.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ee153d 2 bytes [EE, 76]
.text C:\Users\nikol.kundratova\AppData\Local\Google\Chrome\Application\chrome.exe[4812] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ee1555 2 bytes [EE, 76]
.text C:\Users\nikol.kundratova\AppData\Local\Google\Chrome\Application\chrome.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ee156d 2 bytes [EE, 76]
.text C:\Users\nikol.kundratova\AppData\Local\Google\Chrome\Application\chrome.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ee1585 2 bytes [EE, 76]
.text C:\Users\nikol.kundratova\AppData\Local\Google\Chrome\Application\chrome.exe[4812] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ee159d 2 bytes [EE, 76]
.text C:\Users\nikol.kundratova\AppData\Local\Google\Chrome\Application\chrome.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ee15b5 2 bytes [EE, 76]
.text C:\Users\nikol.kundratova\AppData\Local\Google\Chrome\Application\chrome.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ee15cd 2 bytes [EE, 76]
.text C:\Users\nikol.kundratova\AppData\Local\Google\Chrome\Application\chrome.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ee16b2 2 bytes [EE, 76]
.text C:\Users\nikol.kundratova\AppData\Local\Google\Chrome\Application\chrome.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ee16bd 2 bytes [EE, 76]

---- Devices - GMER 2.0 ----

Device \Driver\aw61db9g \Device\Scsi\aw61db9g1Port2Path0Target0Lun0
Device \Driver\aw61db9g \Device\Scsi\aw61db9g1
Device \FileSystem\Ntfs \Ntfs
Device \FileSystem\fastfat \Fat
Device \Driver\usbehci \Device\USBPDO-1 ws\system32\drivers\kbdclass.sys
Device \Driver\vmlitestor \Device\RaidPort0 ws\system32\drivers\kbdclass.sys
Device \Driver\cdrom \Device\CdRom0 ws\system32\drivers\kbdclass.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{3AFEC9E3-0BC7-484D-A597-BAA66A2DFC52} ws\system32\drivers\kbdclass.sys
Device \Driver\cdrom \Device\CdRom1 ws\system32\drivers\kbdclass.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{29826BF0-0E7B-447B-91D1-050F94F99451} ws\system32\drivers\kbdclass.sys
Device \Driver\usbehci \Device\USBFDO-0 ws\system32\drivers\kbdclass.sys
Device \Driver\usbehci \Device\USBFDO-1 ws\system32\drivers\kbdclass.sys
Device \Driver\volmgr \Device\HarddiskVolume1 ws\system32\drivers\kbdclass.sys
Device \Driver\volmgr \Device\FtControl ws\system32\drivers\kbdclass.sys
Device \Driver\volmgr \Device\HarddiskVolume2 ws\system32\drivers\kbdclass.sys
Device \Driver\volmgr \Device\VolMgrControl ws\system32\drivers\kbdclass.sys
Device \Driver\volmgr \Device\HarddiskVolume3 ws\system32\drivers\kbdclass.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{3B688101-06D6-4E7E-876B-C3E189051211} ws\system32\drivers\kbdclass.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{5854C12F-5D2F-4E7A-A713-6A5775D8A793} ws\system32\drivers\kbdclass.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export ws\system32\drivers\kbdclass.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{6AA20926-F88B-44E7-AE5A-D74B64281C9F} ws\system32\drivers\kbdclass.sys
Device \Driver\usbehci \Device\USBPDO-0
Device \Driver\vmlitestor \Device\ScsiPort1
Device \Driver\aw61db9g \Device\ScsiPort2

---- Modules - GMER 2.0 ----

Module \SystemRoot\System32\Drivers\aw61db9g.SYS fffff88004c00000-fffff88004c45000 (282624 bytes)

---- Threads - GMER 2.0 ----

Thread C:\Windows\System32\spoolsv.exe [1456:1880] 000007fef92d10c8
Thread C:\Windows\System32\spoolsv.exe [1456:1900] 000007fef9296144
Thread C:\Windows\System32\spoolsv.exe [1456:1904] 000007fef9085fd0
Thread C:\Windows\System32\spoolsv.exe [1456:1912] 000007fef9073438
Thread C:\Windows\System32\spoolsv.exe [1456:1916] 000007fef90863ec
Thread C:\Windows\System32\spoolsv.exe [1456:1936] 000007fef9645e5c
Thread C:\Windows\System32\spoolsv.exe [1456:1940] 000007fef9a55074
Thread C:\Windows\System32\spoolsv.exe [1456:1088] 000007fef9338760
Thread C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [1256:2176] 000007fefb722a7c
Thread C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [1256:2336] 000007fefba76204
Thread C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [1776:2204] 000007fefb722a7c
Thread C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [1776:348] 0000000010004360
Thread C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [1776:532] 0000000010004360
Thread C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [1776:1280] 0000000010004360
Thread C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [1776:2144] 0000000010004360
Thread C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [1776:2092] 0000000010004360
Thread C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [1776:2508] 0000000002c81220
Thread C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [1776:2516] 0000000003c212b0
Thread C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [1776:2524] 00000000045b12b0
Thread C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [1776:2548] 00000000045e15f0
Thread C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [1776:2712] 0000000004b34150
Thread C:\Program Files\TOSHIBA\TECO\Teco.exe [2096:2216] 000007fefb722a7c
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:2976] 000000007312c59c
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:2488] 000000006e904d5c
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:2496] 0000000073bb24e9
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:3372] 000000006e904733
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:3376] 000000006e905695
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:3404] 000000006e906056
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:3408] 000000006e908230
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:2036] 000000007312c59c
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:2020] 000000007312c59c
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:2032] 000000006b6b3250
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:1660] 000000006ba74dd0
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:1644] 000000006b6b3250
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:2392] 000000007312c59c
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:4004] 000000007312c59c
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:3300] 000000007312c59c
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:2612] 000000007312c59c
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:2620] 000000006c62786a
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:2888] 00000000699c78e9
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:2464] 000000006991ff70
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:1652] 000000006b6b3250
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:1684] 000000006ba74dd0
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:1804] 000000006b6b3250
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:1924] 000000006b6b3250
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:2692] 000000006b6b3250
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:2332] 000000006b6b3250
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:2764] 000000006b6b3250
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:2504] 000000006ba74dd0
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:2780] 000000006ba74dd0
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:2820] 000000006b6b3250
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:1752] 000000006b6b3250
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:3296] 000000006ba74dd0
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:3056] 000000006b6b3250
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:3472] 0000000069bac920
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:1800] 0000000069bac920
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:1028] 0000000069bac920
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:1120] 0000000069bac920
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:1048] 0000000069bac920
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:1268] 000000006b6b3250
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:2480] 000000007312c59c
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:5072] 00000000723432fb
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:6332] 000000007312c59c
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:7000] 000000007312c59c
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:7132] 0000000070a862ee
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:6800] 000000007312c59c
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:6556] 0000000069a62acd
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:7032] 0000000072528066
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:6756] 000000007312c59c
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:6920] 000000007312c59c
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:4032] 000000007312c59c
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:5036] 000000006991ff70
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:1604] 000000006b6b3250
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:6960] 000000006b6b3250
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:6808] 000000006ba74dd0
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:7052] 000000006b6b3250
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:6688] 000000006b6b3250
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:2604] 0000000069bac920
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:6848] 000000006b6b3250
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:6680] 000000007312c59c
Thread C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944:7980] 000000007312c59c
Thread C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2684:3352] 000000006c62786a
Thread C:\Windows\system32\TODDSrv.exe [4172:4232] 000007fefee4a808
Thread C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [4244:4284] 000007fefee4a808
Thread C:\Program Files\TOSHIBA\TECO\TecoService.exe [4352:4384] 000007fefee4a808
Thread C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [20780:21616] 00000000100529b0
Thread C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [20780:19620] 0000000010057f60
Thread C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [20780:17292] 0000000010080c10
Thread C:\Program Files (x86)\AVG\AVG9\avgam.exe [3108:19372] 00000000100529b0
Thread C:\Program Files (x86)\AVG\AVG9\avgam.exe [3108:20920] 0000000010057f60
Thread C:\Program Files (x86)\AVG\AVG9\avgam.exe [3108:19484] 0000000010080c10
---- Processes - GMER 2.0 ----

Library ? (*** suspicious ***) @ C:\Windows\system32\csrss.exe [504] 000007fefd030000
Library ? (*** suspicious ***) @ C:\Windows\System32\spoolsv.exe [1456] 000007fefb270000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2944] 0000000073190000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2684] 000000006efe0000
Library ? (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [4640] 000007fef4ef0000
Library ? (*** suspicious ***) @ C:\Windows\system32\SearchIndexer.exe [5524] 000007fefb3a0000
Library ? (*** suspicious ***) @ C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [5704] 000007fefe2f0000
Library ? (*** suspicious ***) @ C:\Windows\system32\svchost.exe [6288] 000007fefee30000
Library ? (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [7056] 000007fef3a50000
Library ? (*** suspicious ***) @ [20576] 0000000001300000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [20780] 000000006d740000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\AVG\AVG9\avgam.exe [3108] 0000000075ae0000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [3932] 000000006ea00000

---- Registry - GMER 2.0 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\111111111111
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\111111111111@2cd2e762f401 0xC9 0x83 0x67 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x60 0xC0 0x62 0x86 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x8F 0xD6 0x3B 0xB1 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x03 0xCE 0x2B 0x14 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\111111111111 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\111111111111@2cd2e762f401 0xC9 0x83 0x67 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x60 0xC0 0x62 0x86 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x8F 0xD6 0x3B 0xB1 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x03 0xCE 0x2B 0x14 ...

---- EOF - GMER 2.0 ----



Díky. radek

[kip33]

Ahoj, vymazal jsem to co našel RK a níže je log z CF.

díky.

r.



ComboFix 13-01-16.01 - nikol.kundratova 01-16-13 21:29:43.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3894.2233 [GMT 1:00]
Spuštěný z: c:\users\nikol.kundratova\Desktop\ComboFix.exe
AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-16 do 2013-01-16 )))))))))))))))))))))))))))))))
.
.
2013-01-16 20:56 . 2013-01-16 20:56 -------- d-----w- c:\users\nikulisek\AppData\Local\temp
2013-01-16 20:56 . 2013-01-16 20:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-13 14:34 . 2013-01-13 19:29 -------- d-----w- C:\TDSSKiller_Quarantine
2013-01-13 14:29 . 2013-01-13 14:29 208216 ----a-w- c:\windows\system32\drivers\71265714.sys
2013-01-13 14:20 . 2013-01-13 14:21 -------- d-----w- C:\TEMP
2013-01-13 14:16 . 2013-01-13 14:16 -------- d-----w- c:\users\nikol.kundratova\AppData\Roaming\IrfanView
2013-01-13 14:16 . 2013-01-13 14:16 -------- d-----w- c:\program files (x86)\IrfanView
2013-01-11 21:09 . 2013-01-12 21:46 512 ----a-w- C:\PhysicalMBR.bin
2013-01-04 19:04 . 2013-01-04 19:04 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-12-30 09:54 . 2012-12-30 09:54 -------- d-----w- c:\users\Default\AppData\Roaming\IObit
2012-12-28 16:48 . 2006-09-28 15:05 3977496 ----a-w- c:\windows\system32\d3dx9_31.dll
2012-12-28 16:48 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\SysWow64\d3dx9_31.dll
2012-12-23 22:44 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-23 22:44 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-23 22:44 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-23 22:44 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-15 15:24 . 2010-02-17 16:40 282976 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-01-09 19:23 . 2012-04-13 15:20 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 19:23 . 2011-09-02 06:50 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-13 07:23 . 2010-02-17 16:49 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-11-22 03:26 . 2012-12-12 16:08 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-11-14 07:06 . 2012-12-13 07:21 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-13 07:21 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-13 07:21 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-13 07:21 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-13 07:21 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-13 07:21 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-13 07:21 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-13 07:21 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-13 07:21 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-13 07:21 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-13 07:21 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-13 07:21 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-13 07:21 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-13 07:21 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-13 07:21 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-13 07:21 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-13 07:21 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-13 07:21 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 07:21 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-13 07:21 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 07:21 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-13 07:21 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-12 16:09 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 16:09 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-12 16:07 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-12 16:07 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2010-12-05 06:37 2735200 ----a-w- c:\program files (x86)\Zynga\tbZyn0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 11:29 1490312 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files (x86)\Zynga\tbZyn0.dll" [2010-12-05 2735200]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
"OscarEditor"="c:\program files (x86)\G10 MeetingMan\G10-Editor.exe" [2010-06-01 2631168]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-08-03 1086376]
"Facebook Update"="c:\users\nikol.kundratova\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-25 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-08-12 352256]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-11-21 2454840]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2012-01-26 2077536]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Backup.lnk - c:\windows\system32\wscript.exe [2009-7-14 168960]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 CrossLoopService;CrossLoop Service;c:\users\nikol.kundratova\AppData\Local\CrossLoop\CrossLoopService.exe [2010-03-15 560792]
R2 hl_kia;hl_kia;c:\windows\System32\drivers\hl_kia.SYS [2012-05-15 13184]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys [2008-01-02 145024]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-22 225280]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [2005-04-13 30720]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 VMLiteUSB;VMLite USB;c:\windows\system32\Drivers\VMLiteUSB.sys [2010-08-11 150120]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-22 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSErHrw7a;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSwa.sys [2010-06-22 27216]
S0 AvgRkx64;avgrkx64.sys;c:\windows\System32\Drivers\avgrkx64.sys [2010-03-05 56008]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-17 834544]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2010-02-17 29976]
S1 AvgLdx64;AVG AVI Loader Driver x64;c:\windows\System32\Drivers\avgldx64.sys [2013-01-15 282976]
S1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;c:\windows\System32\Drivers\avgmfx64.sys [2011-09-13 35664]
S1 AvgTdiA;AVG Network Redirector x64;c:\windows\System32\Drivers\avgtdia.sys [2011-05-06 317520]
S1 VBoxDrv;VBoxDrv;c:\windows\system32\drivers\VBoxDrv.sys [2010-08-11 204328]
S1 vmlitedrv;vmlitedrv;c:\windows\system32\drivers\vmlitedrv.sys [2010-08-03 14952]
S1 VMLiteUSBMon;VMLiteUSBMon;c:\windows\system32\drivers\vmliteusbmon.sys [2010-08-18 135272]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
S2 aksdf;aksdf;c:\windows\system32\DRIVERS\aksdf.sys [2006-12-13 65024]
S2 avg9emc;AVG E-mail Scanner;c:\program files (x86)\AVG\AVG9\avgemc.exe [2010-07-21 921952]
S2 avg9wd;AVG WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2010-06-22 308136]
S2 avgfws9;AVG Firewall;c:\program files (x86)\AVG\AVG9\avgfws9.exe [2010-11-25 2331544]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
S2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files (x86)\Cobian Backup 10\cbVSCService.exe [2010-07-13 67584]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-27 252784]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-10-15 116104]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-09-28 251760]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]
S2 VMLiteService;VMLiteService;c:\program files\VMLite\VMLite Workstation\VMLiteService.exe [2010-08-20 426600]
S3 AVGIDSDriverw7a;AVG9IDSDriver;c:\program files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys [2010-06-22 132688]
S3 AVGIDSFilterw7a;AVG9IDSFilter;c:\program files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys [2010-06-22 35920]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-10-30 244736]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-05 291328]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-10-02 946688]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-05 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-11-10 824688]
S3 VBoxNetAdp;VMLite Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-08-11 146216]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-08-11 165800]
S3 vmlitestor;vmlitestor;c:\windows\system32\DRIVERS\vmlitestor.sys [2010-08-11 177768]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2013-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 19:23]
.
2013-01-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1055271937-468745810-1383888552-1003Core.job
- c:\users\nikol.kundratova\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-25 17:23]
.
2013-01-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1055271937-468745810-1383888552-1003UA.job
- c:\users\nikol.kundratova\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-25 17:23]
.
2013-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1055271937-468745810-1383888552-1001Core.job
- c:\users\nikulisek\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-17 16:33]
.
2013-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1055271937-468745810-1383888552-1001UA.job
- c:\users\nikulisek\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-17 16:33]
.
2013-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1055271937-468745810-1383888552-1003Core.job
- c:\users\nikol.kundratova\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-12 09:37]
.
2013-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1055271937-468745810-1383888552-1003UA.job
- c:\users\nikol.kundratova\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-12 09:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-11-05 709976]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2009-10-15 1050000]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-06 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-06 390168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-06 408600]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2009-08-25 134032]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-01-27 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\avgrssta.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.130.30.81 10.24.16.128
FF - ProfilePath - c:\users\nikol.kundratova\AppData\Roaming\Mozilla\Firefox\Profiles\g3pqavkk.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file)
AddRemove-HASP Device Drivers - c:\windows\system32\UNWISE.EXE
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=hex:51,66,7a,6c,4c,1d,38,12,c2,99,1a,
36,00,8f,58,04,e1,8c,0d,76,4f,1c,0a,03
"{855F3B16-6D32-4FE6-8A56-BBB695989046}"=hex:51,66,7a,6c,4c,1d,38,12,78,38,4c,
81,00,23,88,0a,f5,40,f8,f6,90,c6,d4,52
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"=hex:51,66,7a,6c,4c,1d,38,12,50,ef,00,
7f,a8,d7,1e,0e,c6,dd,65,57,bd,6c,7c,36
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:71,ae,46,6d,76,ba,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-01-16 22:02:01
ComboFix-quarantined-files.txt 2013-01-16 21:02
ComboFix2.txt 2013-01-13 22:23
.
Před spuštěním: Volných bajtů: 31 740 329 984
Po spuštění: Volných bajtů: 31 690 444 800
.
- - End Of File - - C8B92630BFA6F4D9DF3EF02B8DA3CFD7

[kip33]

Super, vše je teď OK. Moc díky a měj se.

radek