Prosím o kontrolu logu

[Wayfarer]

Dobrý den přeji,

rád bych požádal o kontrolu logu z následujících důvodů:

a) cca před 14 dny při prohlížení běžných ( ne potenciálně nebezpečných ) stránek na internetu, AVG zobrazilo hlášení - že bylo zablokováno - "exploit invisible iframe injection type 1707"

b) v poslední době se velice často, skoro každý den, stává, že při zapnutí PC je AVG nefunkční , po restartu PC AVG funguje normálně, ale často se stává, že opět během doby přestane fungovat - veškeré komponenty nejsou aktivní

c) na systémovém disku jsem objevil txt dokument s názvem "service", ve kterém se po každém spuštění PC zobrazuje :
Just before processing loop...
C:\Program Files (x86)\GIGABYTE\EnergySaver\info.dat
Current = 0
Total = 0
savetime = 0
Type=60,Port=b2,BiosAddr=cfeee660
Current=0.000000,Total=0.000000,MaxVid=1.287500,Rev=0x20
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

v tomto textovém dokumentu po celou dobu kdy je PC v provozu narůstá množství zobrazení písmene "a"
při každém dalším zapnutí se objeví stejné hlášení, ale bez dříve zobrazených písmen "a" a začne jejich zobrazování na novo, jejich množství narůstá úměrně k délce času kdy je PC zapnuté
( nevím jestli je tato informace důležitá, ale mám obavu, zda to není z nějakého důvodu potencionálně nebezpečné, či poukazující na existující problém v mém PC )

d) PC se v poslední době chvílemi ( ne stále ) zpomaluje ( při hrách, prohlížení internetu i otevírání složek v PC - přičemž se nejedná o klasické zpomalení při automatických aktualizacích AVG )

Netuším zda se jedná o něco vážného, co je potřeba v PC opravit, a proto bych Vás rád požádal o pomoc počínaje kontrolou mého logu, který přikládám níže.

Předem Vám děkuji za případnou snahu i vstřícnost a v očekávání Vašich zpráv prozatím zůstávám s pozdravem

Logfile of random's system information tool 1.09 (written by random/random)
Run by Uživatel1 at 2013-06-28 20:09:29
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 69 GB (48%) free of 143 GB
Total RAM: 4094 MB (72% free)

HijackThis download failed

======Listing Processes======

\SystemRoot\System32\smss.exe
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /boot
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe /pipeName=e97f6753-7f6b-444c-ac8d-8d7bdc355c2a /coreSdkOptions=286 /logConfFile="C:\ProgramData\AVG2012\temp\c9d7b273-14c0-4b31-80c8-2f7bc904d134-1dc-oopp.tmp" /loggerName=AVG.RS.Core /binaryPath="C:\Program Files (x86)\AVG\AVG2012\" /registryPath="SYSTEM\CurrentControlSet\Services\Avg\Avg2012" /tempPath="C:\ProgramData\AVG2012\temp\"
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Windows\system32\Dwm.exe"
taskeng.exe {91051BE3-EA71-4566-A205-33E11C49B4D1}
C:\Windows\Explorer.EXE
taskeng.exe {6A90F798-1A48-48CB-85E2-D715A9250306}
"C:\Windows\ehome\ehtray.exe"
C:\Windows\ehome\ehmsas.exe -Embedding
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\AVG\AVG2012\avgfws.exe"
"C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe"
"C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe"
"C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe"
"C:\Program Files (x86)\AVG\AVG2012\avgemca.exe"
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe /pipeName=7f77033d-5efb-4b0e-9073-7761b223c96a /coreSdkOptions=18 /logConfFile="C:\ProgramData\AVG2012\temp\5e725506-227f-4b14-bb7f-bb65cb97b96d-970-oopp.tmp" /loggerName=AVG.NS.Core /binaryPath="C:\Program Files (x86)\AVG\AVG2012\" /registryPath="SYSTEM\CurrentControlSet\Services\Avg\Avg2012" /tempPath="C:\ProgramData\AVG2012\temp\"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"X:\Utility\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}]
AVG Do Not Track - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll [2012-10-15 1393272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll [2012-10-15 1968248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}]
AVG Do Not Track - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll [2012-10-15 938104]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-08 3118976]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll [2012-10-15 1417336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}]
DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-08 3118976]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 138240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [2010-03-04 311296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
C:\PROGRA~2\AVG\AVG9\avgtray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2012-11-19 2598520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2011-03-21 1230704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Exetender_298]
C:\Program Files (x86)\Frag Games\GPlayer.exe /schedule 300000 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HydraVisionDesktopManager]
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [2012-07-04 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
C:\PROGRA~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe /m=2 /w /h []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files (x86)\QuickTime\QTTask.exe [2010-11-29 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-01-20 6963744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sclauncher]
C:\Program Files (x86)\SimpleCenter\bin\win\sclauncher.exe [2007-10-11 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1555968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
C:\Program Files\Realtek\Audio\HDA\Skytel.exe [2009-01-20 1833504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-12-19 642808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files (x86)\Steam\Steam.exe [2013-03-29 1631144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1584184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Uživatel1^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE [2010-06-07 1195520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Uživatel1^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registration Assassin.LNK]
D:\GAMEFI~2\ASSASS~1\Register\REGIST~1.EXE -d 804447 -l english -r 7 -g Assassin -c us -i 3538 []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-06-28 20:09:30 ----D---- C:\Program Files\trend micro
2013-06-28 20:09:29 ----D---- C:\rsit
2013-06-12 13:46:37 ----A---- C:\Windows\system32\mshtmled.dll
2013-06-12 13:46:36 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2013-06-12 13:46:36 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2013-06-12 13:46:36 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-06-12 13:46:36 ----A---- C:\Windows\system32\ieui.dll
2013-06-12 13:46:35 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-06-12 13:46:35 ----A---- C:\Windows\SYSWOW64\url.dll
2013-06-12 13:46:35 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-06-12 13:46:35 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2013-06-12 13:46:35 ----A---- C:\Windows\system32\url.dll
2013-06-12 13:46:35 ----A---- C:\Windows\system32\jsproxy.dll
2013-06-12 13:46:35 ----A---- C:\Windows\system32\ieUnatt.exe
2013-06-12 13:46:34 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-06-12 13:46:34 ----A---- C:\Windows\system32\wininet.dll
2013-06-12 13:46:34 ----A---- C:\Windows\system32\urlmon.dll
2013-06-12 13:46:34 ----A---- C:\Windows\system32\msfeeds.dll
2013-06-12 13:46:34 ----A---- C:\Windows\system32\jscript9.dll
2013-06-12 13:46:33 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-06-12 13:46:33 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-06-12 13:46:33 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-06-12 13:46:33 ----A---- C:\Windows\system32\vbscript.dll
2013-06-12 13:46:33 ----A---- C:\Windows\system32\jscript.dll
2013-06-12 13:46:33 ----A---- C:\Windows\system32\iertutil.dll
2013-06-12 13:46:32 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-06-12 13:46:32 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-06-12 13:46:30 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-06-12 13:46:30 ----A---- C:\Windows\system32\mshtml.dll
2013-06-12 13:46:30 ----A---- C:\Windows\system32\ieframe.dll
2013-06-12 12:53:22 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2013-06-12 12:53:22 ----A---- C:\Windows\SYSWOW64\certutil.exe
2013-06-12 12:53:22 ----A---- C:\Windows\system32\crypt32.dll
2013-06-12 12:53:22 ----A---- C:\Windows\system32\certutil.exe
2013-06-12 12:53:21 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2013-06-12 12:53:21 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2013-06-12 12:53:21 ----A---- C:\Windows\SYSWOW64\certenc.dll
2013-06-12 12:53:21 ----A---- C:\Windows\system32\cryptsvc.dll
2013-06-12 12:53:21 ----A---- C:\Windows\system32\cryptnet.dll
2013-06-12 12:53:21 ----A---- C:\Windows\system32\certenc.dll
2013-06-12 12:53:15 ----A---- C:\Windows\SYSWOW64\cryptdlg.dll
2013-06-12 12:53:15 ----A---- C:\Windows\system32\cryptdlg.dll
2013-06-12 12:53:13 ----A---- C:\Windows\system32\drivers\tcpip.sys
2013-06-12 12:53:11 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2013-06-12 12:53:11 ----A---- C:\Windows\SYSWOW64\printcom.dll
2013-06-12 12:53:11 ----A---- C:\Windows\system32\win32spl.dll
2013-06-04 18:39:43 ----D---- C:\Users\Uživatel1\AppData\Roaming\Meridian93
2013-06-03 14:21:42 ----D---- C:\ProgramData\Razer

======List of files/folders modified in the last 1 month======

2013-06-28 20:09:30 ----RD---- C:\Program Files
2013-06-28 20:09:30 ----D---- C:\Windows\Prefetch
2013-06-28 20:08:59 ----D---- C:\Windows\Temp
2013-06-28 19:13:37 ----RD---- C:\Program Files (x86)
2013-06-28 17:43:24 ----D---- C:\Windows\System32
2013-06-28 17:43:24 ----D---- C:\Windows\inf
2013-06-28 17:43:24 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-06-28 17:01:43 ----D---- C:\Program Files (x86)\Origin
2013-06-28 16:59:10 ----SHD---- C:\Windows\Installer
2013-06-28 16:58:09 ----SHD---- C:\System Volume Information
2013-06-28 15:55:09 ----D---- C:\Windows\system32\Tasks
2013-06-28 15:42:50 ----D---- C:\Windows\SysWOW64
2013-06-28 15:09:07 ----D---- C:\Windows\system32\drivers\AVG
2013-06-27 19:29:06 ----D---- C:\Windows\system32\catroot2
2013-06-27 14:28:12 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2013-06-26 20:24:22 ----D---- C:\Users\Uživatel1\AppData\Roaming\vlc
2013-06-23 12:45:13 ----D---- C:\Program Files\Google
2013-06-23 12:45:13 ----D---- C:\Program Files (x86)\Google
2013-06-23 09:57:05 ----HD---- C:\ProgramData
2013-06-21 15:11:46 ----D---- C:\Windows\system32\wbem
2013-06-21 15:11:46 ----D---- C:\Windows\PolicyDefinitions
2013-06-21 15:07:29 ----D---- C:\Windows\winsxs
2013-06-19 00:23:18 ----D---- C:\ProgramData\YTD Video Downloader
2013-06-14 18:19:44 ----D---- C:\ProgramData\Meridian93
2013-06-14 17:56:08 ----D---- C:\Users\Uživatel1\AppData\Roaming\spidla
2013-06-14 17:55:49 ----D---- C:\Users\Uživatel1\AppData\Roaming\Špidla Data Processing, s.r.o
2013-06-14 17:55:49 ----D---- C:\ProgramData\Špidla Data Processing, s.r.o
2013-06-14 15:57:23 ----D---- C:\Users\Uživatel1\AppData\Roaming\dvdcss
2013-06-12 22:54:32 ----RSD---- C:\Windows\assembly
2013-06-12 22:54:32 ----D---- C:\Windows\Microsoft.NET
2013-06-12 14:42:52 ----D---- C:\Windows\rescache
2013-06-12 14:35:31 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2013-06-12 14:21:20 ----D---- C:\Windows\SYSWOW64\cs-CZ
2013-06-12 14:21:20 ----D---- C:\Windows\system32\cs-CZ
2013-06-12 14:21:18 ----D---- C:\Windows\SYSWOW64\migration
2013-06-12 14:21:18 ----D---- C:\Windows\system32\drivers
2013-06-12 14:21:18 ----D---- C:\Program Files (x86)\Internet Explorer
2013-06-12 14:21:16 ----D---- C:\Windows\system32\migration
2013-06-12 14:21:14 ----D---- C:\Program Files\Internet Explorer
2013-06-12 13:47:17 ----A---- C:\Windows\system32\mrt.exe
2013-06-12 13:46:55 ----D---- C:\Windows\system32\catroot
2013-06-12 09:11:13 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-06-06 08:05:18 ----D---- C:\Windows\system32\WDI
2013-06-04 16:49:25 ----D---- C:\Users\Uživatel1\AppData\Roaming\Origin
2013-06-04 16:49:25 ----D---- C:\ProgramData\Origin

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6a.sys [2011-05-23 48992]
R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2012-11-08 307040]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2013-04-11 384800]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-12-19 11278336]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-12-19 552960]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdLH6.sys [2012-02-23 92176]
R3 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [2012-12-10 127328]
R3 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
R3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2013-06-28 25640]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-01-20 1699744]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys [2008-12-10 184832]
R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-26 87040]
S0 zwaq;zwaq; C:\Windows\system32\drivers\kggklibq.sys []
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-05-06 122384]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 6144]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 273920]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 11008]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 7040]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 6656]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 7936]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2007-09-17 29184]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys []
S3 WinRing0_1_2_0;WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 46592]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 198656]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 8704]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 438328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-10 65640]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-12-19 240640]
R2 avgfws;AVG Firewall; C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-12-05 2321560]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-11-02 5174392]
R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 27648]
R2 GEST Service;GEST Service for program management.; C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe [2009-02-06 68136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12 256904]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 136176]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe [2008-02-20 354816]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-11-19 489256]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------
Logfile of random's system information tool 1.09 (written by random/random)
Run by Uživatel1 at 2013-06-28 20:09:29
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 69 GB (48%) free of 143 GB
Total RAM: 4094 MB (72% free)

HijackThis download failed

======Listing Processes======

\SystemRoot\System32\smss.exe
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /boot
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe /pipeName=e97f6753-7f6b-444c-ac8d-8d7bdc355c2a /coreSdkOptions=286 /logConfFile="C:\ProgramData\AVG2012\temp\c9d7b273-14c0-4b31-80c8-2f7bc904d134-1dc-oopp.tmp" /loggerName=AVG.RS.Core /binaryPath="C:\Program Files (x86)\AVG\AVG2012\" /registryPath="SYSTEM\CurrentControlSet\Services\Avg\Avg2012" /tempPath="C:\ProgramData\AVG2012\temp\"
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Windows\system32\Dwm.exe"
taskeng.exe {91051BE3-EA71-4566-A205-33E11C49B4D1}
C:\Windows\Explorer.EXE
taskeng.exe {6A90F798-1A48-48CB-85E2-D715A9250306}
"C:\Windows\ehome\ehtray.exe"
C:\Windows\ehome\ehmsas.exe -Embedding
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\AVG\AVG2012\avgfws.exe"
"C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe"
"C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe"
"C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe"
"C:\Program Files (x86)\AVG\AVG2012\avgemca.exe"
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe /pipeName=7f77033d-5efb-4b0e-9073-7761b223c96a /coreSdkOptions=18 /logConfFile="C:\ProgramData\AVG2012\temp\5e725506-227f-4b14-bb7f-bb65cb97b96d-970-oopp.tmp" /loggerName=AVG.NS.Core /binaryPath="C:\Program Files (x86)\AVG\AVG2012\" /registryPath="SYSTEM\CurrentControlSet\Services\Avg\Avg2012" /tempPath="C:\ProgramData\AVG2012\temp\"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"X:\Utility\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}]
AVG Do Not Track - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll [2012-10-15 1393272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll [2012-10-15 1968248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}]
AVG Do Not Track - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll [2012-10-15 938104]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-08 3118976]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll [2012-10-15 1417336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}]
DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-08 3118976]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 138240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [2010-03-04 311296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
C:\PROGRA~2\AVG\AVG9\avgtray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2012-11-19 2598520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2011-03-21 1230704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Exetender_298]
C:\Program Files (x86)\Frag Games\GPlayer.exe /schedule 300000 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HydraVisionDesktopManager]
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [2012-07-04 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
C:\PROGRA~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe /m=2 /w /h []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files (x86)\QuickTime\QTTask.exe [2010-11-29 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-01-20 6963744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sclauncher]
C:\Program Files (x86)\SimpleCenter\bin\win\sclauncher.exe [2007-10-11 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1555968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
C:\Program Files\Realtek\Audio\HDA\Skytel.exe [2009-01-20 1833504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-12-19 642808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files (x86)\Steam\Steam.exe [2013-03-29 1631144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1584184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Uživatel1^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE [2010-06-07 1195520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Uživatel1^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registration Assassin.LNK]
D:\GAMEFI~2\ASSASS~1\Register\REGIST~1.EXE -d 804447 -l english -r 7 -g Assassin -c us -i 3538 []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-06-28 20:09:30 ----D---- C:\Program Files\trend micro
2013-06-28 20:09:29 ----D---- C:\rsit
2013-06-12 13:46:37 ----A---- C:\Windows\system32\mshtmled.dll
2013-06-12 13:46:36 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2013-06-12 13:46:36 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2013-06-12 13:46:36 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-06-12 13:46:36 ----A---- C:\Windows\system32\ieui.dll
2013-06-12 13:46:35 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-06-12 13:46:35 ----A---- C:\Windows\SYSWOW64\url.dll
2013-06-12 13:46:35 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-06-12 13:46:35 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2013-06-12 13:46:35 ----A---- C:\Windows\system32\url.dll
2013-06-12 13:46:35 ----A---- C:\Windows\system32\jsproxy.dll
2013-06-12 13:46:35 ----A---- C:\Windows\system32\ieUnatt.exe
2013-06-12 13:46:34 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-06-12 13:46:34 ----A---- C:\Windows\system32\wininet.dll
2013-06-12 13:46:34 ----A---- C:\Windows\system32\urlmon.dll
2013-06-12 13:46:34 ----A---- C:\Windows\system32\msfeeds.dll
2013-06-12 13:46:34 ----A---- C:\Windows\system32\jscript9.dll
2013-06-12 13:46:33 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-06-12 13:46:33 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-06-12 13:46:33 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-06-12 13:46:33 ----A---- C:\Windows\system32\vbscript.dll
2013-06-12 13:46:33 ----A---- C:\Windows\system32\jscript.dll
2013-06-12 13:46:33 ----A---- C:\Windows\system32\iertutil.dll
2013-06-12 13:46:32 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-06-12 13:46:32 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-06-12 13:46:30 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-06-12 13:46:30 ----A---- C:\Windows\system32\mshtml.dll
2013-06-12 13:46:30 ----A---- C:\Windows\system32\ieframe.dll
2013-06-12 12:53:22 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2013-06-12 12:53:22 ----A---- C:\Windows\SYSWOW64\certutil.exe
2013-06-12 12:53:22 ----A---- C:\Windows\system32\crypt32.dll
2013-06-12 12:53:22 ----A---- C:\Windows\system32\certutil.exe
2013-06-12 12:53:21 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2013-06-12 12:53:21 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2013-06-12 12:53:21 ----A---- C:\Windows\SYSWOW64\certenc.dll
2013-06-12 12:53:21 ----A---- C:\Windows\system32\cryptsvc.dll
2013-06-12 12:53:21 ----A---- C:\Windows\system32\cryptnet.dll
2013-06-12 12:53:21 ----A---- C:\Windows\system32\certenc.dll
2013-06-12 12:53:15 ----A---- C:\Windows\SYSWOW64\cryptdlg.dll
2013-06-12 12:53:15 ----A---- C:\Windows\system32\cryptdlg.dll
2013-06-12 12:53:13 ----A---- C:\Windows\system32\drivers\tcpip.sys
2013-06-12 12:53:11 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2013-06-12 12:53:11 ----A---- C:\Windows\SYSWOW64\printcom.dll
2013-06-12 12:53:11 ----A---- C:\Windows\system32\win32spl.dll
2013-06-04 18:39:43 ----D---- C:\Users\Uživatel1\AppData\Roaming\Meridian93
2013-06-03 14:21:42 ----D---- C:\ProgramData\Razer

======List of files/folders modified in the last 1 month======

2013-06-28 20:09:30 ----RD---- C:\Program Files
2013-06-28 20:09:30 ----D---- C:\Windows\Prefetch
2013-06-28 20:08:59 ----D---- C:\Windows\Temp
2013-06-28 19:13:37 ----RD---- C:\Program Files (x86)
2013-06-28 17:43:24 ----D---- C:\Windows\System32
2013-06-28 17:43:24 ----D---- C:\Windows\inf
2013-06-28 17:43:24 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-06-28 17:01:43 ----D---- C:\Program Files (x86)\Origin
2013-06-28 16:59:10 ----SHD---- C:\Windows\Installer
2013-06-28 16:58:09 ----SHD---- C:\System Volume Information
2013-06-28 15:55:09 ----D---- C:\Windows\system32\Tasks
2013-06-28 15:42:50 ----D---- C:\Windows\SysWOW64
2013-06-28 15:09:07 ----D---- C:\Windows\system32\drivers\AVG
2013-06-27 19:29:06 ----D---- C:\Windows\system32\catroot2
2013-06-27 14:28:12 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2013-06-26 20:24:22 ----D---- C:\Users\Uživatel1\AppData\Roaming\vlc
2013-06-23 12:45:13 ----D---- C:\Program Files\Google
2013-06-23 12:45:13 ----D---- C:\Program Files (x86)\Google
2013-06-23 09:57:05 ----HD---- C:\ProgramData
2013-06-21 15:11:46 ----D---- C:\Windows\system32\wbem
2013-06-21 15:11:46 ----D---- C:\Windows\PolicyDefinitions
2013-06-21 15:07:29 ----D---- C:\Windows\winsxs
2013-06-19 00:23:18 ----D---- C:\ProgramData\YTD Video Downloader
2013-06-14 18:19:44 ----D---- C:\ProgramData\Meridian93
2013-06-14 17:56:08 ----D---- C:\Users\Uživatel1\AppData\Roaming\spidla
2013-06-14 17:55:49 ----D---- C:\Users\Uživatel1\AppData\Roaming\Špidla Data Processing, s.r.o
2013-06-14 17:55:49 ----D---- C:\ProgramData\Špidla Data Processing, s.r.o
2013-06-14 15:57:23 ----D---- C:\Users\Uživatel1\AppData\Roaming\dvdcss
2013-06-12 22:54:32 ----RSD---- C:\Windows\assembly
2013-06-12 22:54:32 ----D---- C:\Windows\Microsoft.NET
2013-06-12 14:42:52 ----D---- C:\Windows\rescache
2013-06-12 14:35:31 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2013-06-12 14:21:20 ----D---- C:\Windows\SYSWOW64\cs-CZ
2013-06-12 14:21:20 ----D---- C:\Windows\system32\cs-CZ
2013-06-12 14:21:18 ----D---- C:\Windows\SYSWOW64\migration
2013-06-12 14:21:18 ----D---- C:\Windows\system32\drivers
2013-06-12 14:21:18 ----D---- C:\Program Files (x86)\Internet Explorer
2013-06-12 14:21:16 ----D---- C:\Windows\system32\migration
2013-06-12 14:21:14 ----D---- C:\Program Files\Internet Explorer
2013-06-12 13:47:17 ----A---- C:\Windows\system32\mrt.exe
2013-06-12 13:46:55 ----D---- C:\Windows\system32\catroot
2013-06-12 09:11:13 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-06-06 08:05:18 ----D---- C:\Windows\system32\WDI
2013-06-04 16:49:25 ----D---- C:\Users\Uživatel1\AppData\Roaming\Origin
2013-06-04 16:49:25 ----D---- C:\ProgramData\Origin

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6a.sys [2011-05-23 48992]
R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2012-11-08 307040]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2013-04-11 384800]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-12-19 11278336]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-12-19 552960]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdLH6.sys [2012-02-23 92176]
R3 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [2012-12-10 127328]
R3 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
R3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2013-06-28 25640]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-01-20 1699744]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys [2008-12-10 184832]
R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-26 87040]
S0 zwaq;zwaq; C:\Windows\system32\drivers\kggklibq.sys []
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-05-06 122384]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 6144]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 273920]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 11008]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 7040]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 6656]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 7936]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2007-09-17 29184]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys []
S3 WinRing0_1_2_0;WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 46592]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 198656]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 8704]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 438328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-10 65640]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-12-19 240640]
R2 avgfws;AVG Firewall; C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-12-05 2321560]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-11-02 5174392]
R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 27648]
R2 GEST Service;GEST Service for program management.; C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe [2009-02-06 68136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12 256904]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 136176]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe [2008-02-20 354816]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-11-19 489256]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[Rudy]

Zdravím!
Poprosím o log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[Wayfarer]

Dobré odpoledne,

pár vteřin po stažení combofixu došlo k výpadku internetu na mém PC ( proto jsem nemohl reagovat okamžitě ) Po kontaktování internetového poskytovatele služeb ( UPC kabel ) mi bylo po řadě testů a navádění jejich podporou po telefonu řečeno, že problém není v modemu ani u nich, ale v našem systému z důvodu nějakého poškození, které nejsou schopni řešit telefonicky. Ale dle jejich mínění bude nejlepší, prý než chybu hledat, rovnou přeinstalovat systém, čemuž bych se raději vyhnul, pokud by bylo i jiné řešení.
Sehnal jsem si notebook a připojení k síti tak obnovil. Nevím, zda stažení combofixu mohlo mít nějaký vliv na změny v systému, nebo jestli jen spíše shodou okolností se začíná hroutit PC právě ve stejnou dobu, kdy se snažíme o opravné kroky .....

V každém případě jsem použil Combofix dle Vašich pokynů a log přikládám níže.

ComboFix 13-06-28.02 - Uživatel1 29.06.2013 13:08:38.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.4094.2832 [GMT 2:00]
Spuštěný z: c:\users\U×ivatel1\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\PFRO.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-05-28 do 2013-06-29 )))))))))))))))))))))))))))))))
.
.
2013-06-29 11:14 . 2013-06-29 11:14 -------- d-----w- c:\users\Uživatel1\AppData\Local\temp
2013-06-29 11:14 . 2013-06-29 11:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-29 11:06 . 2013-06-29 11:06 -------- d-----w- C:\32788R22FWJFW
2013-06-29 00:22 . 2013-06-29 00:22 -------- d-----w- c:\programdata\YTD Video Downloader
2013-06-29 00:18 . 2013-06-29 00:18 -------- d-----w- c:\program files (x86)\GreenTree Applications
2013-06-29 00:02 . 2013-06-29 00:17 -------- d-----w- c:\program files (x86)\You Tube Downloader
2013-06-28 18:09 . 2013-06-28 18:09 -------- d-----w- c:\program files\trend micro
2013-06-28 18:09 . 2013-06-28 18:09 -------- d-----w- C:\rsit
2013-06-12 10:53 . 2013-04-24 04:09 1269248 ----a-w- c:\windows\system32\crypt32.dll
2013-06-04 16:39 . 2013-06-14 15:56 -------- d-----w- c:\users\Uživatel1\AppData\Roaming\Meridian93
2013-06-03 12:22 . 2013-06-03 12:22 -------- d-----w- c:\users\Uživatel1\AppData\Local\Razer
2013-06-03 12:21 . 2013-06-27 17:21 -------- d-----w- c:\programdata\Razer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-29 10:52 . 2010-07-30 17:05 25640 ----a-w- c:\windows\gdrv.sys
2013-06-12 11:47 . 2006-11-02 12:35 75825640 ----a-w- c:\windows\system32\mrt.exe
2013-06-12 07:11 . 2012-03-30 07:04 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 07:11 . 2011-05-17 07:47 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-15 14:17 . 2013-05-16 06:03 901496 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 03:34 . 2013-05-16 06:03 47104 ----a-w- c:\windows\system32\cdd.dll
2013-04-11 01:18 . 2013-04-11 01:18 384800 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2013-04-09 01:55 . 2013-05-16 06:03 2774016 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-20 05:12 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 07:11]
.
2013-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 19:50]
.
2013-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 19:50]
.
.
--------- X64 Entries -----------
.
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKU-Default-Run-Exetender_298 - c:\program files (x86)\Frag Games\GPlayer.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-ArtD - Grafický atelier Černý_Book-Maker - c:\windows\system32\ArtD - Grafický atelier Černý_Book-Maker_uninstaller.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@DACL=(02 0011)
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
@DACL=(02 0011)
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@DACL=(02 0011)
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@DACL=(02 0011)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Celkový čas: 2013-06-29 13:16:10
ComboFix-quarantined-files.txt 2013-06-29 11:16
.
Před spuštěním: Volných bajtů: 71 518 322 688
Po spuštění: Volných bajtů: 71 693 148 160
.
- - End Of File - - F87803B6FA47BB49633CC36264CDE508
5C616939100B85E558DA92B899A0FC36

[Rudy]

Pouhým stažením CF jste nemohl přijít o připojení. Ani spuštění nic nebrání, pečlivě jsem kontroloval RSIT a vy systému není nic, co by ho mohlo v souvislosti se spuštěním CF poškodit.

Otevřte poznámkový blok a zkopírujte do něj:

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

Reboot::

Uložte na plochu jakjo CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[Wayfarer]

Níže zasílám nový log z combofixu ( trvá mi to poněkud déle, neboť musím vše přetahovat flashkou na notebook, kde mi připojení funguje ).

ComboFix 13-06-28.02 - Uživatel1 29.06.2013 19:03:48.2.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.4094.2855 [GMT 2:00]
Spuštěný z: c:\users\U×ivatel1\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\U×ivatel1\Desktop\CFScript.txt
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-05-28 do 2013-06-29 )))))))))))))))))))))))))))))))
.
.
2013-06-29 17:09 . 2013-06-29 17:09 -------- d-----w- c:\users\Uživatel1\AppData\Local\temp
2013-06-29 17:09 . 2013-06-29 17:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-29 11:06 . 2013-06-29 17:01 -------- d-----w- C:\32788R22FWJFW
2013-06-29 00:22 . 2013-06-29 00:22 -------- d-----w- c:\programdata\YTD Video Downloader
2013-06-29 00:18 . 2013-06-29 00:18 -------- d-----w- c:\program files (x86)\GreenTree Applications
2013-06-29 00:02 . 2013-06-29 00:17 -------- d-----w- c:\program files (x86)\You Tube Downloader
2013-06-28 18:09 . 2013-06-28 18:09 -------- d-----w- c:\program files\trend micro
2013-06-28 18:09 . 2013-06-28 18:09 -------- d-----w- C:\rsit
2013-06-12 10:53 . 2013-04-24 04:09 1269248 ----a-w- c:\windows\system32\crypt32.dll
2013-06-04 16:39 . 2013-06-14 15:56 -------- d-----w- c:\users\Uživatel1\AppData\Roaming\Meridian93
2013-06-03 12:22 . 2013-06-03 12:22 -------- d-----w- c:\users\Uživatel1\AppData\Local\Razer
2013-06-03 12:21 . 2013-06-27 17:21 -------- d-----w- c:\programdata\Razer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-29 15:42 . 2010-07-30 17:05 25640 ----a-w- c:\windows\gdrv.sys
2013-06-12 11:47 . 2006-11-02 12:35 75825640 ----a-w- c:\windows\system32\mrt.exe
2013-06-12 07:11 . 2012-03-30 07:04 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 07:11 . 2011-05-17 07:47 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-15 14:17 . 2013-05-16 06:03 901496 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 03:34 . 2013-05-16 06:03 47104 ----a-w- c:\windows\system32\cdd.dll
2013-04-11 01:18 . 2013-04-11 01:18 384800 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2013-04-09 01:55 . 2013-05-16 06:03 2774016 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-20 05:12 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 07:11]
.
2013-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 19:50]
.
2013-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 19:50]
.
.
--------- X64 Entries -----------
.
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-ArtD - Grafický atelier Černý_Book-Maker - c:\windows\system32\ArtD - Grafický atelier Černý_Book-Maker_uninstaller.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@DACL=(02 0011)
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
@DACL=(02 0011)
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@DACL=(02 0011)
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@DACL=(02 0011)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Celkový čas: 2013-06-29 19:11:02
ComboFix-quarantined-files.txt 2013-06-29 17:11
ComboFix2.txt 2013-06-29 11:16
.
Před spuštěním: Volných bajtů: 71 442 767 872
Po spuštění: Volných bajtů: 71 389 683 712
.
- - End Of File - - 43BD20C4A1256F2380B35C2B2770A6E5
5C616939100B85E558DA92B899A0FC36

[Rudy]

Musíte to spustit znovu, protože máte v názvu profilu diakritiku. CF pak nepřečte skript. Postup bude stejný, jen CF i skript uložíte na kořenový adresář c:\ a přetažení provedete v průzkumníku windows, nebo v jiném souborovém manažeru.

[Wayfarer]

tak zde je nový pokus:

ComboFix 13-06-28.02 - Uživatel1 29.06.2013 20:39:12.3.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.4094.2564 [GMT 2:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-05-28 do 2013-06-29 )))))))))))))))))))))))))))))))
.
.
2013-06-29 18:44 . 2013-06-29 18:45 -------- d-----w- c:\users\Uživatel1\AppData\Local\temp
2013-06-29 18:44 . 2013-06-29 18:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-29 00:22 . 2013-06-29 00:22 -------- d-----w- c:\programdata\YTD Video Downloader
2013-06-29 00:18 . 2013-06-29 00:18 -------- d-----w- c:\program files (x86)\GreenTree Applications
2013-06-29 00:02 . 2013-06-29 00:17 -------- d-----w- c:\program files (x86)\You Tube Downloader
2013-06-28 18:09 . 2013-06-28 18:09 -------- d-----w- c:\program files\trend micro
2013-06-28 18:09 . 2013-06-28 18:09 -------- d-----w- C:\rsit
2013-06-12 10:53 . 2013-04-24 04:09 1269248 ----a-w- c:\windows\system32\crypt32.dll
2013-06-04 16:39 . 2013-06-14 15:56 -------- d-----w- c:\users\Uživatel1\AppData\Roaming\Meridian93
2013-06-03 12:22 . 2013-06-03 12:22 -------- d-----w- c:\users\Uživatel1\AppData\Local\Razer
2013-06-03 12:21 . 2013-06-27 17:21 -------- d-----w- c:\programdata\Razer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-29 18:45 . 2010-07-30 17:05 25640 ----a-w- c:\windows\gdrv.sys
2013-06-12 11:47 . 2006-11-02 12:35 75825640 ----a-w- c:\windows\system32\mrt.exe
2013-06-12 07:11 . 2012-03-30 07:04 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 07:11 . 2011-05-17 07:47 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-15 14:17 . 2013-05-16 06:03 901496 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 03:34 . 2013-05-16 06:03 47104 ----a-w- c:\windows\system32\cdd.dll
2013-04-11 01:18 . 2013-04-11 01:18 384800 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2013-04-09 01:55 . 2013-05-16 06:03 2774016 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-20 05:12 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 07:11]
.
2013-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 19:50]
.
2013-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 19:50]
.
.
--------- X64 Entries -----------
.
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-ArtD - Grafický atelier Černý_Book-Maker - c:\windows\system32\ArtD - Grafický atelier Černý_Book-Maker_uninstaller.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@DACL=(02 0011)
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
@DACL=(02 0011)
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@DACL=(02 0011)
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@DACL=(02 0011)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\AVG\AVG2012\avgfws.exe
c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe
c:\program files (x86)\GIGABYTE\EnergySaver\GSvr.exe
c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe
.
**************************************************************************
.
Celkový čas: 2013-06-29 20:49:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-06-29 18:49
ComboFix2.txt 2013-06-29 17:11
ComboFix3.txt 2013-06-29 11:16
.
Před spuštěním: Volných bajtů: 71 434 428 416
Po spuštění: Volných bajtů: 71 272 824 832
.
- - End Of File - - 6739D394BE84BF4CD99823F491F80EAC
5C616939100B85E558DA92B899A0FC36

[Rudy]

OK, smazáno. Nastala nějaká změna?

[Wayfarer]

otevírání souborů v PC se mi zdá rychlejší, ale po delším provozu (cca 20 min ) se mi dříve stávalo, že se vše zpomalilo, nechávám zatím tedy ještě běžet .....

připojení k internetu na PC zatím žel stále neobnoveno ( bylo by prosím možné s tímto pomoci ? V porovnání s předchozími dotazy, je toto pro mne nyní nejzávažnější problém na PC )

ještě bych se rád zeptal na ty nabíhající áčka ( viz můj první příspěvek ) - tento "problém" také ještě stále trvá

Pokud by Vás cokoli napadlo, s čím bych mohl ještě něco zkusit, rád bych se do toho pustil, naděje na funkční PC je pro mne motivující, moc děkuji předem za jakoukoli radu jak dále .....

[Rudy]

Pokud myslíte toto:

c) na systémovém disku jsem objevil txt dokument s názvem "service", ve kterém se po každém spuštění PC zobrazuje :
Just before processing loop...
C:\Program Files (x86)\GIGABYTE\EnergySaver\info.dat
Current = 0
Total = 0
savetime = 0
Type=60,Port=b2,BiosAddr=cfeee660
Current=0.000000,Total=0.000000,MaxVid=1.287500,Rev=0x20
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

Jedná se o regulérní aplikaci od Gigabyte. Myslím, že není třeba, aby běžela, odinstalujte. Co se týká připojení, zadejte do přík. řádku: netsh int ip reset , odentrujte a restartujte PC.

[Wayfarer]

Aplikaci od Gigabyte jsem odinstaloval .....

Připojení je naneštěstí stále nefunkční .....

[Rudy]

Zkuste přeinstalovat ovladač síť karty.

[Wayfarer]

Nainstaloval jsem novou verzi ovladače síťové karty, žel připojení se ani přesto neobnovilo .....
Mrzí mne, že Vás s tímto takto obtěžuji, ale opravdu si nevím rady co s tím dále ....., kdyby Vás ještě něco napadlo, uvítám jakoukoli snahu o pomoc. Předem děkuji.

[Rudy]

Na zkoušku vypněte antivir a pokuste se připojit.

[Wayfarer]

BINGO !!! Tentokráte po odpojení AVG připojení normálně naskočilo ..... pro odzkoušení, jsem postupně zapojoval různé komponenty AVG a zjistil jsem, že problém s připojením způsobuje Firewall. Měl jsem tam 3 možnosti - povolit vše, blokovat vše, přímé připojení k internetu - celé cca 3 roky co AVG mám na tomto PC jsem to nastavení ( blokovat vše ) nemusel měnit - ale nyní z nějakého důvodu to takto přestalo včera fungovat - zvolil jsem tedy "přímé připojení k internetu" - a připojení funguje dále ..... MOC DĚKUJI !!! Kromě toho nyní veškeré načítání stránek na internetu je přímo bleskové. Vypadá to, že i Vaše celkové včerejší pročištění tomu výrazně napomohlo.

Nejsem si jenom jistý, zda poškození AVG bylo způsobenou vinou samotného AVG, nebo zda to bylo nějaká hrozba zvenčí, která se snažila ochranu neutralizovat. Je potřeba ještě něco pro jistotu zkontrolovat, nebo myslíte, že v tomto stavu jak jste viděl poslední logy už by mohlo být vše jakž takž v normě ? Ještě mám dotaz ohledně Combofixu - je třeba jej odinstalovat ?

Vzhledem k tomu, že v poslední době AVG zlobilo i jinak ( samo se vypínalo apod. ) , asi mi došla už trpělivost a rád bych zvolil jinou placenou verzi dle Vašeho doporučení a pozitivních zkušeností ( myslím, že jsem viděl na Vašich stránkách doporučovat např. NORTON SECURITY ).
Rád si nechám poradit, zatím tedy vyčkám na Vaše vyjádření a ještě jednou moc děkuji za dosavadní pomoc, díky níž je PC opět v provozu.