PROSÍM O KONTROLU LOGU

Zpráva

kolda27 · #16 Příspěvek od **kolda27** » 11 dub 2013 20:59

ComboFix 13-04-11.01 - Roman 11.04.2013 21:43:15.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4078.2521 [GMT 2:00]
Spuštěný z: c:\users\Roman\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Windows Live\Messenger\msacm32.dll
c:\programdata\Browsee2Save
c:\programdata\Browsee2Save\5148a2877a47a.dll
c:\programdata\Browsee2Save\5148a2877a47a.tlb
c:\programdata\Browsee2Save\settings.ini
c:\programdata\Browsee2Save\uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Browsee2Save
c:\programdata\Microsoft\Windows\Start Menu\Programs\Browsee2Save\Browsee2Save.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Browsee2Save\Uninstall.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SSeauraccho-NewwTab
c:\programdata\Microsoft\Windows\Start Menu\Programs\SSeauraccho-NewwTab\SSeauraccho-NewwTab.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SSeauraccho-NewwTab\Uninstall.lnk
c:\programdata\SSeauraccho-NewwTab
c:\programdata\SSeauraccho-NewwTab\5148a2cae6cf4.dll
c:\programdata\SSeauraccho-NewwTab\5148a2cae6cf4.tlb
c:\programdata\SSeauraccho-NewwTab\settings.ini
c:\programdata\SSeauraccho-NewwTab\uninstall.exe
c:\programy\Advanced Parental Control\BackProcessAPC.exe
c:\users\Roman\AppData\Roaming\system32
c:\users\Roman\AppData\Roaming\Uninstal.exe
c:\windows\SysWow64\ijl11.dll
c:\windows\SysWow64\update
c:\windows\SysWow64\update\diablo121016.cl
c:\windows\SysWow64\update\diakgcn121016.cl
c:\windows\SysWow64\update\libcurl-4.dll
c:\windows\SysWow64\update\libeay32.dll
c:\windows\SysWow64\update\libidn-11.dll
c:\windows\SysWow64\update\libusb-1.0.dll
c:\windows\SysWow64\update\phatk121016.cl
c:\windows\SysWow64\update\poclbm121016.cl
c:\windows\SysWow64\update\pthreadGC2.dll
c:\windows\SysWow64\update\sbs_wminet_utils.dat
c:\windows\SysWow64\update\ssleay32.dll
c:\windows\SysWow64\update\zlib1.dll
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
c:\windows\wininit.ini
.
Nakažená kopie c:\windows\SysWow64\kernel32.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18015_none_fc397506a14b161f\kernel32.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_IlvMoneyDRIVER53
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-03-11 do 2013-04-11 )))))))))))))))))))))))))))))))
.
.
2013-04-11 19:50 . 2013-04-11 19:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-11 19:04 . 2013-04-11 19:04 -------- d-----w- c:\users\Roman\AppData\Roaming\Apple Computer
2013-04-08 17:07 . 2013-04-08 17:07 -------- d-----w- c:\windows\Logs
2013-04-07 18:13 . 2013-04-11 19:10 -------- d-----w- c:\users\Roman\AppData\Local\Warframe
2013-04-07 17:48 . 2013-04-11 19:02 -------- d-----w- c:\program files\trend micro
2013-04-05 10:53 . 2013-03-19 04:50 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{26A57D91-A265-420C-8D1F-30C3369C703B}\mpengine.dll
2013-04-05 10:39 . 2013-04-05 10:39 800768 ----a-w- c:\windows\system32\usp10.dll
2013-04-05 10:38 . 2013-04-05 10:38 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-04-05 10:38 . 2013-04-05 10:38 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-04-05 10:38 . 2013-04-05 10:38 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-04-05 10:38 . 2013-04-05 10:38 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-04-05 10:38 . 2013-04-05 10:38 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-04-05 10:38 . 2013-04-05 10:38 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-04-05 10:38 . 2013-04-05 10:38 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-04-05 10:37 . 2013-04-05 10:37 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-04-05 10:37 . 2013-04-05 10:37 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-04-05 10:37 . 2013-04-05 10:37 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-04-05 10:37 . 2013-04-05 10:37 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-04-05 10:37 . 2013-04-05 10:37 2560 ----a-w- c:\windows\system32\drivers\cs-CZ\wdf01000.sys.mui
2013-04-05 10:37 . 2013-04-05 10:37 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2013-04-05 10:37 . 2013-04-05 10:37 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2013-04-05 10:37 . 2013-04-05 10:37 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2013-04-05 10:37 . 2013-04-05 10:37 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2013-04-05 10:35 . 2013-04-05 10:35 503808 ----a-w- c:\windows\system32\srcore.dll
2013-04-05 10:35 . 2013-04-05 10:35 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2013-04-05 10:35 . 2013-04-05 10:35 67072 ----a-w- c:\windows\splwow64.exe
2013-04-05 10:35 . 2013-04-05 10:35 559104 ----a-w- c:\windows\system32\spoolsv.exe
2013-04-05 10:35 . 2013-04-05 10:35 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-05 10:34 . 2013-04-05 10:34 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2013-04-05 10:34 . 2013-04-05 10:34 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2013-04-05 10:34 . 2013-04-05 10:34 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2013-04-05 10:34 . 2013-04-05 10:34 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-04-05 10:34 . 2013-04-05 10:34 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-04-05 10:34 . 2013-04-05 10:34 209920 ----a-w- c:\windows\system32\profsvc.dll
2013-04-05 10:34 . 2013-04-05 10:34 3216384 ----a-w- c:\windows\system32\msi.dll
2013-04-05 10:34 . 2013-04-05 10:34 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2013-04-05 10:32 . 2013-04-05 10:32 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
2013-04-03 13:29 . 2013-04-03 13:29 -------- d-----w- c:\users\Roman\AppData\Local\SWTORPerf
2013-03-30 08:53 . 2013-03-30 08:53 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-30 08:53 . 2013-03-30 08:53 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-30 08:53 . 2013-03-30 08:53 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-30 08:48 . 2013-03-30 08:48 838216 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2013-03-30 08:48 . 2013-03-30 08:48 78920 ----a-w- c:\windows\system32\RtNicProp64.dll
2013-03-28 17:18 . 2013-04-01 07:07 -------- d-----w- c:\programdata\WarThunder
2013-03-28 17:18 . 2013-03-28 17:18 -------- d-----w- c:\users\Roman\AppData\Local\WarThunder
2013-03-27 14:30 . 2013-03-27 14:30 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-03-26 16:17 . 2013-04-11 16:15 -------- d-----w- c:\programdata\LJW
2013-03-26 11:56 . 2013-03-26 11:56 418632 ----a-w- c:\windows\system32\drivers\asmtxhci.sys
2013-03-26 11:56 . 2013-03-26 11:56 139592 ----a-w- c:\windows\system32\drivers\asmthub3.sys
2013-03-26 11:55 . 2013-03-26 11:55 32896 ----a-w- c:\windows\system32\drivers\amdkmpfd.sys
2013-03-26 10:09 . 2013-03-26 10:09 11904 ----a-w- c:\windows\system32\drivers\amdide64.sys
2013-03-26 10:06 . 2013-03-26 10:06 1721576 ----a-w- c:\windows\system32\drivers\wdfcoinstaller01009.dll
2013-03-26 10:06 . 2013-03-26 10:06 15344 ----a-w- c:\windows\system32\drivers\wacomrouterfilter.sys
2013-03-26 10:06 . 2013-03-26 10:06 110080 ----a-w- c:\windows\system32\DelayAPO.dll
2013-03-26 09:59 . 2013-03-26 09:59 -------- d-----w- c:\users\Roman\AppData\Roaming\ExpressFiles
2013-03-26 09:31 . 2013-03-26 09:31 -------- d-----w- c:\programdata\Uniblue
2013-03-26 09:03 . 2013-03-26 09:03 -------- d-----w- c:\users\Roman\AppData\Roaming\Fighters
2013-03-26 09:00 . 2013-03-26 09:00 -------- d-----w- c:\programdata\Fighters
2013-03-25 08:35 . 2013-03-25 08:35 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-24 18:41 . 2007-12-07 01:08 108032 ----a-w- c:\windows\system32\E_ILMCDE.DLL
2013-03-24 18:41 . 2005-02-02 11:05 8704 ----a-w- c:\windows\system32\E_GCINST.DLL
2013-03-24 18:41 . 2007-12-07 01:01 81408 ----a-w- c:\windows\system32\E_IBCBCDE.DLL
2013-03-24 07:58 . 2010-11-26 17:02 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2013-03-24 07:52 . 2013-03-24 07:52 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-24 07:52 . 2013-03-24 07:52 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-24 07:52 . 2013-03-24 07:52 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-24 07:52 . 2013-03-24 07:52 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-24 07:50 . 2013-03-24 07:50 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-03-24 07:50 . 2013-03-24 07:50 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-03-24 07:50 . 2013-03-24 07:50 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-03-24 07:50 . 2013-03-24 07:50 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-03-24 07:50 . 2013-03-24 07:50 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-03-24 07:50 . 2013-03-24 07:50 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-03-24 07:50 . 2013-03-24 07:50 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-03-24 07:50 . 2013-03-24 07:50 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-03-24 07:50 . 2013-03-24 07:50 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-03-24 07:47 . 2013-03-24 07:47 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-03-24 07:46 . 2013-03-24 07:46 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-03-24 07:46 . 2013-03-24 07:46 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-03-24 07:46 . 2013-03-24 07:46 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-03-24 07:46 . 2013-03-24 07:46 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-03-24 07:45 . 2013-03-24 07:45 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-03-24 07:45 . 2013-03-24 07:45 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-03-24 07:45 . 2013-03-24 07:45 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-03-24 07:45 . 2013-03-24 07:45 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-03-24 07:26 . 2013-03-24 07:26 -------- d-----w- c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-03-22 09:42 . 2013-03-22 09:42 -------- d-----w- c:\programdata\SUPERSetup
2013-03-19 20:30 . 2013-03-19 20:30 6066296 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-03-19 17:40 . 2013-03-19 17:40 -------- d-----w- c:\programdata\BetterSoft
2013-03-19 17:39 . 2013-03-19 17:48 -------- d-----w- c:\program files (x86)\Solibo Ltd
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-11 18:07 . 2012-04-03 09:27 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-11 18:07 . 2012-01-15 20:15 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-05 10:52 . 2013-04-05 10:52 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2013-04-05 10:52 . 2013-04-05 10:52 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-05 10:52 . 2013-04-05 10:52 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-05 10:52 . 2013-04-05 10:52 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-05 10:52 . 2013-04-05 10:52 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-05 10:52 . 2013-04-05 10:52 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-05 10:52 . 2013-04-05 10:52 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-05 10:36 . 2013-04-05 10:36 340992 ----a-w- c:\windows\system32\schannel.dll
2013-04-05 10:36 . 2013-04-05 10:36 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-03-30 08:48 . 2012-08-01 12:19 108104 ----a-w- c:\windows\system32\RTNUninst64.dll
2013-03-24 07:50 . 2013-03-24 07:50 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-03-11 23:10 . 2012-01-15 20:31 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-03-04 13:53 . 2012-12-31 23:09 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-03-03 12:02 . 2012-01-16 17:02 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-03-03 12:02 . 2012-01-16 17:02 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-02-19 08:38 . 2013-02-19 08:37 2048 ----a-w- c:\windows\SysWow64\winver.exe
2013-02-19 08:37 . 2013-02-19 08:37 833024 ----a-w- c:\windows\SysWow64\user32.dll
2013-02-19 08:37 . 2013-02-19 08:37 410624 ----a-w- c:\windows\SysWow64\systemcpl.dll
2013-02-19 08:37 . 2013-02-19 08:37 113543 ----a-w- c:\windows\SysWow64\slmgr.vbs
2013-01-15 17:49 . 2012-01-28 16:16 26432 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-08-28 12:28 . 2012-12-22 17:52 699536 ----a-w- c:\program files (x86)\4zUninstall VideoDownloadConverter.dll
2012-08-28 12:28 . 2012-12-22 17:52 172464 ----a-w- c:\program files (x86)\4zres.dll
2012-08-04 16:47 . 2012-12-22 17:54 699536 ----a-w- c:\program files (x86)\60Uninstall Robot Boom.dll
2012-08-04 16:47 . 2012-12-22 17:54 172440 ----a-w- c:\program files (x86)\60res.dll
2006-05-03 10:06 163328 --sh--r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30 216064 --sh--r- c:\windows\SysWOW64\nbDX.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2010-11-20 . E573BD9AB55C8E333C202B9E255F972E . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2013-02-19 . 2C9CC9F492CA596B1B9FC1AE5E916356 . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18643048]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-04-19 393216]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-03-29 1631144]
"Jet Screenshot"="c:\programy\Jet Screenshot\jetScreenshot.exe" [2013-01-11 1954056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2011-12-12 103896]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-03-30 345312]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-06-25 1073352]
"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2012-12-25 4474832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-02-08 8704]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 cpuz135;cpuz135; [x]
R3 EagleX64;EagleX64; [x]
R3 FairplayKD;FairplayKD; [x]
R3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-04-05 19456]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2012-07-05 33224]
R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-08-31 14648]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2013-01-10 42184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-04-05 57856]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-11-26 745368]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2012-07-05 21904]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-29 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;l:\game booster 3\Driver\WinRing0x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 amdide64;amdide64;c:\windows\system32\DRIVERS\amdide64.sys [2013-03-26 11904]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys [2013-03-26 32896]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2013-01-09 52856]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-30 28600]
S1 SASDIFSV;SASDIFSV;c:\programy\Spy\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\programy\Spy\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\programy\Spy\SASCORE64.EXE [2012-07-11 140672]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\programy\PhotoShop\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-30 86752]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\programy\Hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-09 821592]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-06-22 625816]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-12-12 793048]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\Cyberlink\Shared files\RichVideo64.exe [2010-08-19 386344]
S2 SharedReg;Shared Registry;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-03-06 3560288]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2013-03-26 139592]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2013-03-26 418632]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-12-09 283200]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2013-03-30 838216]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys [2013-03-26 15344]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2013-04-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 18:07]
.
2013-04-11 c:\windows\Tasks\GBoxUpdaterTask{9001907E-F3F0-49E5-AED6-EB14E1D64B6D}.job
- c:\programdata\GBox\GBox1.exe [2012-09-12 16:59]
.
2013-04-11 c:\windows\Tasks\schedule!3036567561.job
- c:\programdata\BetterSoft\OptimizerPro\OptimizerPro.exe [2013-03-19 19:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-03-26 6468712]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-03-21 472992]
"EPSON Stylus DX3800 Series"="c:\windows\system32\spool\DRIVERS\x64\3\E_FATIACE.EXE" [2005-02-08 98304]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
SharedReg
SharedReg
SharedReg
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Roman\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Roman\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Search the Web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: Interfaces\{8353EF84-5A9E-4C8C-AF17-5DD08D6C258D}: DhcpNameServer = 212.24.132.132 192.168.1.254
FF - ProfilePath - c:\users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\yl0fkq1p.default-1356962632340\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: 2013-03-19 18:40; vzimhklv@hcfiiyaa.co.uk; c:\users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\yl0fkq1p.default-1356962632340\extensions\vzimhklv@hcfiiyaa.co.uk
FF - ExtSQL: 2013-03-19 18:40; pn3w@eyai-auoi.org; c:\users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\yl0fkq1p.default-1356962632340\extensions\pn3w@eyai-auoi.org
FF - ExtSQL: 2013-04-08 15:18; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{D870E93E-F8F8-2214-D9E6-F09A4DA9A010} - c:\programdata\SSeauraccho-NewwTab\5148a2cae6cf4.dll
BHO-{FDD80893-4C63-9CFC-E2EB-67A1B7C888DC} - c:\programdata\Browsee2Save\5148a2877a47a.dll
Wow6432Node-HKCU-Run-APC - c:\programy\Advanced Parental Control\BackProcessAPC.exe
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-APC - c:\programy\Advanced Parental Control\BackProcessAPC.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{69DFEF64-C99E-4DB0-BC63-CEB3BD218569} - (no file)
AddRemove-{C670DCAE-E392-AA32-6F42-143C7FC4BDFD} - c:\programdata\SSeauraccho-NewwTab\uninstall.exe
.
.
"ImagePath"="\"c:\program files\Cyberlink\Shared files\RichVideo64.exe\"\00Z
[\]^_Č\00\00Č\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~Č\00\00Č\00\00\00\00m\00\00\00\00\00\00\00\00‘’“"
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2919514174-1416075207-1654230562-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:f0,cc,e4,c2,05,28,a7,d5,00,76,57,0d,35,a8,82,ae,43,28,b5,20,4f,9f,17,
c6,21,ae,a6,52,0a,4b,8d,f7,a8,30,67,56,0e,5f,cd,e1,0d,28,ad,1b,c7,bf,bf,41,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
.
[HKEY_USERS\S-1-5-21-2919514174-1416075207-1654230562-1000\Software\SecuROM\License information*]
"datasecu"=hex:fe,92,08,eb,e7,ff,52,2f,21,be,05,06,7a,cb,97,15,24,d2,26,e2,a4,
82,72,77,7d,8a,96,7b,9b,af,e3,20,cd,30,7d,20,2e,13,08,87,41,20,ca,0c,eb,24,\
"rkeysecu"=hex:55,37,f1,0c,94,64,ea,ed,d1,4a,a1,cb,6d,15,a5,cc
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\programy\FRAPS\fraps.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Celkový čas: 2013-04-11 21:58:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-04-11 19:58
.
Před spuštěním: Volných bajtů: 149 341 732 864
Po spuštění: Volných bajtů: 149 078 278 144
.
- - End Of File - - 8FE910E467C46918706186638E4FC205

#17 Příspěvek od **Rudy** » 11 dub 2013 21:31

Ještě dosčistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

File::
c:\windows\Tasks\schedule!3036567561.job

Driver::
FairplayKD

Firefox::
FF - ProfilePath - c:\users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\yl0fkq1p.default-1356962632340\
FF - prefs.js: browser.search.defaulturl -
FF - ExtSQL: 2013-03-19 18:40; vzimhklv@hcfiiyaa.co.uk; c:\users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\yl0fkq1p.default-1356962632340\extensions\vzimhklv@hcfiiyaa.co.uk
FF - ExtSQL: 2013-03-19 18:40; pn3w@eyai-auoi.org; c:\users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\yl0fkq1p.default-1356962632340\extensions\pn3w@eyai-auoi.org
FF - ExtSQL: 2013-04-08 15:18; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

Regnull::
[HKEY_USERS\S-1-5-21-2919514174-1416075207-1654230562-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
[HKEY_USERS\S-1-5-21-2919514174-1416075207-1654230562-1000\Software\SecuROM\License information*]

RegLock::
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

kolda27 · #18 Příspěvek od **kolda27** » 12 dub 2013 13:44

Flešku už to normálně otevře, příkazový řádek není zablokovaný...Ještě zkusím přeinstalovat Win a třeba se to i rychleji bude zapínat
Moc díky za pomoc

#19 Příspěvek od **Rudy** » 12 dub 2013 17:42

ComboFix odinstalujte pomocí T-Cleaneru: http://vyosek.ic.cz/pro_usery/T-Cleaner.exe . Před reinstalem můžete ještě zkusit opravu systému: http://forum.viry.cz/viewtopic.php?f=46&t=106339 . Nemáte zač!

VIRY.CZ

PROSÍM O KONTROLU LOGU

Re: PROSÍM O KONTROLU LOGU

Re: PROSÍM O KONTROLU LOGU

Re: PROSÍM O KONTROLU LOGU

Re: PROSÍM O KONTROLU LOGU