Prosím o kontrolu logu

[Gary545]

Dobrý den, dneska se mi asi pred hodinou stalo, že se mi po instalovani hry, vymazali nekteré soubory ze složky stažené dokumenty a následně se mi změnila i tapeta na ploše. Obavám se policejního viru Dekuji za případnou pomoc

Logfile of random's system information tool 1.09 (written by random/random)
Run by GregoraE at 2013-10-13 13:48:55
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 191 GB (62%) free of 309 GB
Total RAM: 8103 MB (87% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

=========Mozilla firefox=========

ProfilePath - C:\Users\gregorae\AppData\Roaming\Mozilla\Firefox\Profiles\wz4qzafe.default

prefs.js - "browser.startup.homepage" - "seznam.cz"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.117 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files (x86)\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VSAKTUALIZACE"=C:\VSSERVIS\VS_START.exe [2013-08-08 382976]
"tvncontrol"=C:\Program Files (x86)\TightVNC\tvnserver.exe [2010-07-08 815704]
"NtVdmSrv"=C:\Windows\inf\ntvdm.vbe [2013-06-20 1219]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\PROGRAM FILES\WINDOWS SIDEBAR\SIDEBAR.EXE [2010-11-20 1475584]
"Steam"=C:\Program Files (x86)\Steam\Steam.exe [2013-10-09 1813928]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-07-03 3673184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IE Per-User Initialization utility"=C:\Users\gregorae\AppData\Local\JavaUpdater.exe [2013-10-08 648192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\SysWOW64\nvinit.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"DisallowRun"=1
"DisablePersonalDirChange"=1
"NoPublishingWizard"=1
"NoOnlinePrintsWizard"=1
"NoManageMyComputerVerb"=1
"NoHardwareTab"=1
"NoChangeKeyboardNavigationIndicators"=1
"ConfirmFileDelete"=1
"NoWindowsUpdate"=1
"Intellimenus"=1
"ForceClassicControlPanel"=1
"NoSimpleStartMenu"=1
"NoSMBalloonTip"=1
"NoDesktopCleanupWizard"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-10-13 13:48:55 ----D---- C:\rsit
2013-10-13 13:48:55 ----D---- C:\Program Files (x86)\trend micro
2013-10-13 13:43:32 ----D---- C:\Windows\pss
2013-10-13 13:38:40 ----A---- C:\Windows\ntbtlog.txt
2013-10-13 12:50:31 ----D---- C:\Users\gregorae\AppData\Roaming\dclogs
2013-10-13 12:50:11 ----D---- C:\Users\gregorae\AppData\Roaming\NVIDIA
2013-10-13 12:19:39 ----D---- C:\Program Files (x86)\Electronic Arts
2013-10-13 12:05:18 ----D---- C:\ProgramData\Solidshield
2013-10-12 11:06:24 ----D---- C:\Games
2013-10-11 23:42:00 ----A---- C:\Windows\SysWOW64\ieui.dll
2013-10-11 23:41:58 ----A---- C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-11 23:41:58 ----A---- C:\Windows\SysWOW64\iesetup.dll
2013-10-11 23:41:58 ----A---- C:\Windows\SysWOW64\iernonce.dll
2013-10-11 23:41:57 ----A---- C:\Windows\SysWOW64\iesysprep.dll
2013-10-11 23:41:56 ----A---- C:\Windows\SysWOW64\iertutil.dll
2013-10-11 23:41:54 ----A---- C:\Windows\SysWOW64\msfeeds.dll
2013-10-11 23:41:54 ----A---- C:\Windows\SysWOW64\jscript.dll
2013-10-11 23:41:51 ----A---- C:\Windows\SysWOW64\urlmon.dll
2013-10-11 23:41:51 ----A---- C:\Windows\SysWOW64\jscript9.dll
2013-10-11 23:41:49 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2013-10-11 23:41:48 ----A---- C:\Windows\SysWOW64\wininet.dll
2013-10-11 23:41:46 ----A---- C:\Windows\SysWOW64\ieframe.dll
2013-10-11 23:41:37 ----A---- C:\Windows\SysWOW64\mshtml.dll
2013-10-10 09:36:48 ----A---- C:\Windows\SysWOW64\comctl32.dll
2013-10-10 09:36:45 ----A---- C:\Windows\SysWOW64\lpk.dll
2013-10-10 09:36:45 ----A---- C:\Windows\SysWOW64\fontsub.dll
2013-10-10 09:36:45 ----A---- C:\Windows\SysWOW64\dciman32.dll
2013-10-10 09:36:45 ----A---- C:\Windows\SysWOW64\atmfd.dll
2013-10-10 09:36:44 ----A---- C:\Windows\SysWOW64\atmlib.dll
2013-10-10 09:36:39 ----A---- C:\Windows\SysWOW64\WebClnt.dll
2013-10-10 09:36:39 ----A---- C:\Windows\SysWOW64\davclnt.dll
2013-10-10 09:36:37 ----A---- C:\Windows\SysWOW64\mswsock.dll
2013-10-10 09:36:30 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-10 09:36:29 ----A---- C:\Windows\SysWOW64\tdh.dll
2013-10-10 09:36:29 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-10 09:36:28 ----A---- C:\Windows\SysWOW64\ntdll.dll
2013-10-10 09:36:28 ----A---- C:\Windows\SysWOW64\advapi32.dll
2013-10-10 09:36:26 ----A---- C:\Windows\SysWOW64\wow32.dll
2013-10-10 09:36:26 ----A---- C:\Windows\SysWOW64\ntvdm64.dll
2013-10-10 09:36:25 ----A---- C:\Windows\SysWOW64\user.exe
2013-10-10 09:36:25 ----A---- C:\Windows\SysWOW64\setup16.exe
2013-10-10 09:36:25 ----A---- C:\Windows\SysWOW64\instnm.exe
2013-10-10 09:36:15 ----A---- C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-06 11:19:11 ----D---- C:\Users\gregorae\AppData\Roaming\Need For Speed The Run
2013-10-05 21:57:29 ----D---- C:\ProgramData\Adobe
2013-10-05 21:57:21 ----D---- C:\Program Files (x86)\Adobe
2013-10-05 21:56:08 ----D---- C:\Windows\Downloaded Installations
2013-10-01 13:41:53 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-09-28 21:14:00 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-09-28 20:17:16 ----D---- C:\Program Files (x86)\2K Games
2013-09-23 16:13:04 ----D---- C:\Program Files (x86)\The Elder Scrolls V Skyrim
2013-09-16 20:18:18 ----D---- C:\ProgramData\Tunngle
2013-09-16 20:02:30 ----D---- C:\Program Files (x86)\Tunngle
2013-09-16 20:01:28 ----A---- C:\Windows\SysWOW64\Access.dat
2013-09-16 19:52:09 ----D---- C:\Users\gregorae\AppData\Roaming\Tunngle
2013-09-16 19:02:59 ----D---- C:\Program Files (x86)\Killing Floor

======List of files/folders modified in the last 1 month======

2013-10-13 13:48:55 ----RD---- C:\Program Files (x86)
2013-10-13 13:46:01 ----D---- C:\Windows\Temp
2013-10-13 13:45:22 ----D---- C:\Windows\System32
2013-10-13 13:45:22 ----D---- C:\Windows\inf
2013-10-13 13:43:32 ----D---- C:\Windows
2013-10-13 13:35:24 ----D---- C:\Program Files (x86)\Steam
2013-10-13 13:30:02 ----D---- C:\Windows\Tasks
2013-10-13 13:30:02 ----D---- C:\Windows\rescache
2013-10-13 13:30:00 ----D---- C:\Users\gregorae\AppData\Roaming\vlc
2013-10-13 13:30:00 ----D---- C:\Users\gregorae\AppData\Roaming\uTorrent
2013-10-13 13:29:59 ----D---- C:\Users\gregorae\AppData\Roaming\Skype
2013-10-13 13:29:59 ----D---- C:\Users\gregorae\AppData\Roaming\dvdcss
2013-10-13 13:29:56 ----D---- C:\ProgramData\Spyware Terminator
2013-10-13 13:29:56 ----D---- C:\ProgramData\PMB Files
2013-10-13 13:29:56 ----D---- C:\ProgramData\DAEMON Tools Lite
2013-10-13 13:29:53 ----D---- C:\Call of Duty- Modern Warfare 3
2013-10-13 13:29:50 ----D---- C:\Windows\registration
2013-10-13 13:29:46 ----SHD---- C:\Windows\Installer
2013-10-13 13:29:42 ----RSD---- C:\Windows\assembly
2013-10-13 13:29:42 ----D---- C:\Windows\AppCompat
2013-10-13 13:29:18 ----D---- C:\Users\gregorae\AppData\Roaming\Ubisoft
2013-10-13 13:29:18 ----D---- C:\Users\gregorae\AppData\Roaming\Mozilla
2013-10-13 13:29:14 ----SD---- C:\Users\gregorae\AppData\Roaming\Microsoft
2013-10-13 13:29:13 ----D---- C:\Users\gregorae\AppData\Roaming\Intel
2013-10-13 13:29:13 ----D---- C:\Users\gregorae\AppData\Roaming\GRETECH
2013-10-13 13:29:12 ----D---- C:\Users\gregorae\AppData\Roaming\DAEMON Tools Lite
2013-10-13 13:29:12 ----D---- C:\Users\gregorae\AppData\Roaming\Adobe
2013-10-13 13:28:40 ----HD---- C:\ProgramData
2013-10-13 13:28:33 ----D---- C:\Program Files (x86)\Ubisoft
2013-10-13 13:20:09 ----SHD---- C:\System Volume Information
2013-10-13 13:12:46 ----D---- C:\ProgramData\HappyCloud
2013-10-13 12:53:14 ----D---- C:\Windows\Prefetch
2013-10-12 10:24:41 ----D---- C:\Windows\Microsoft.NET
2013-10-11 23:46:52 ----D---- C:\Windows\winsxs
2013-10-11 23:46:12 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2013-10-11 23:44:40 ----D---- C:\Windows\SysWOW64
2013-10-11 23:44:39 ----D---- C:\Program Files (x86)\Internet Explorer
2013-10-11 23:44:28 ----D---- C:\Windows\AppPatch
2013-10-11 23:43:51 ----D---- C:\ProgramData\Microsoft Help
2013-10-11 23:28:52 ----D---- C:\Program Files (x86)\Common Files\Steam
2013-10-09 20:17:30 ----A---- C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-05 22:15:44 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2013-10-02 21:48:01 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-01 15:10:40 ----D---- C:\Program Files (x86)\Mozilla Firefox.bak
2013-09-28 21:14:41 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2013-09-28 21:14:00 ----D---- C:\Program Files (x86)\Common Files
2013-09-16 20:02:32 ----RSD---- C:\Windows\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys []
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys []
S1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
S1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys []
S1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys []
S2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys []
S2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys []
S2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys []
S2 sp_rsdrv2;Spyware Terminator Driver Filter; C:\Windows\system32\DRIVERS\stflt.sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys []
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys []
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys []
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys []
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
S3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys []
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys []
S3 NETwNs64;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows 7 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys []
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys []
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys []
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\Windows\system32\DRIVERS\tap0901t.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys []
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys []
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys []
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-11-16 735960]
S2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2010-11-02 1515792]
S2 NVSvc;NVIDIA Driver Helper Service; C:\Windows\system32\nvvsvc.exe []
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-05-02 2009704]
S2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2010-11-02 836880]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-07-25 162672]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [2012-09-07 1148664]
S2 tvnserver;TightVNC Server; C:\Program Files (x86)\TightVNC\tvnserver.exe [2010-07-08 815704]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09 257416]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-11-16 23296]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-10-01 118680]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-02 340240]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2013-10-09 565672]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 TunngleService;TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2013-09-03 759192]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []

-----------------EOF-----------------

[Rudy]

Zdravím!
Dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

[Gary545]

Díky

ComboFix 13-10-13.02 - GregoraE 13.10.2013 19:05:37.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8103.6136 [GMT 2:00]
Spuštěný z: c:\users\gregorae\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\gregorae\AppData\Roaming\dclogs
c:\users\gregorae\AppData\Roaming\dclogs\2013-10-13-1.dc
c:\windows\Install
c:\windows\Install\securestore_2_17_1_cs_x86\NetFx20SP1_x86.exe
c:\windows\Install\securestore_2_17_1_cs_x86\SecureStore.msi
c:\windows\Install\securestore_2_17_1_cs_x86\SecureStoreInstall.log
c:\windows\Install\securestore_2_17_1_cs_x86\Setup.exe
c:\windows\Install\securestore_2_17_1_cs_x86\Setup.ini
c:\windows\Install\securestore_2_17_1_cs_x86\vcredist_x86.exe
c:\windows\Install\vcredist_x86\eula.1028.txt
c:\windows\Install\vcredist_x86\eula.1031.txt
c:\windows\Install\vcredist_x86\eula.1033.txt
c:\windows\Install\vcredist_x86\eula.1036.txt
c:\windows\Install\vcredist_x86\eula.1040.txt
c:\windows\Install\vcredist_x86\eula.1041.txt
c:\windows\Install\vcredist_x86\eula.1042.txt
c:\windows\Install\vcredist_x86\eula.2052.txt
c:\windows\Install\vcredist_x86\eula.3082.txt
c:\windows\Install\vcredist_x86\globdata.ini
c:\windows\Install\vcredist_x86\install.exe
c:\windows\Install\vcredist_x86\install.ini
c:\windows\Install\vcredist_x86\install.res.1028.dll
c:\windows\Install\vcredist_x86\install.res.1031.dll
c:\windows\Install\vcredist_x86\install.res.1033.dll
c:\windows\Install\vcredist_x86\install.res.1036.dll
c:\windows\Install\vcredist_x86\install.res.1040.dll
c:\windows\Install\vcredist_x86\install.res.1041.dll
c:\windows\Install\vcredist_x86\install.res.1042.dll
c:\windows\Install\vcredist_x86\install.res.2052.dll
c:\windows\Install\vcredist_x86\install.res.3082.dll
c:\windows\Install\vcredist_x86\vc_red.cab
c:\windows\Install\vcredist_x86\vc_red.msi
c:\windows\Install\vcredist_x86\vcredist.bmp
D:\install.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-09-13 do 2013-10-13 )))))))))))))))))))))))))))))))
.
.
2013-10-13 17:11 . 2013-10-13 17:11 -------- d-----w- c:\users\user\AppData\Local\temp
2013-10-13 17:11 . 2013-10-13 17:11 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-10-13 11:54 . 2013-10-13 11:54 -------- d-----w- c:\users\gregorae\AppData\Local\Macromedia
2013-10-13 11:48 . 2013-10-13 11:48 -------- d-----w- C:\rsit
2013-10-13 11:48 . 2013-10-13 11:48 -------- d-----w- c:\program files (x86)\trend micro
2013-10-13 10:50 . 2013-10-13 10:50 -------- d-----w- c:\users\gregorae\AppData\Roaming\NVIDIA
2013-10-13 10:19 . 2013-10-13 10:19 -------- d-----w- c:\program files (x86)\Electronic Arts
2013-10-13 10:05 . 2013-10-13 10:05 -------- d-----w- c:\programdata\Solidshield
2013-10-12 10:16 . 2013-10-13 17:09 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2C9794CB-6C41-42A5-AC9F-681E41F6D3D6}\offreg.dll
2013-10-12 09:06 . 2013-10-13 11:12 -------- d-----w- C:\Games
2013-10-11 21:49 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2C9794CB-6C41-42A5-AC9F-681E41F6D3D6}\mpengine.dll
2013-10-11 21:42 . 2013-09-21 03:38 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-11 21:42 . 2013-09-21 03:30 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-10-10 07:36 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll
2013-10-08 08:52 . 2013-10-08 08:52 648192 ---ha-w- c:\users\gregorae\AppData\Local\JavaUpdater.exe
2013-10-06 09:19 . 2013-10-13 11:29 -------- d-----w- c:\users\gregorae\AppData\Roaming\Need For Speed The Run
2013-10-05 19:56 . 2013-10-05 19:56 -------- d-----w- c:\windows\Downloaded Installations
2013-09-28 19:14 . 2013-09-28 19:14 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-09-28 19:13 . 2013-10-13 11:28 -------- d-----w- c:\users\gregorae\AppData\Local\2K Games
2013-09-28 18:17 . 2013-09-28 18:17 -------- d-----w- c:\program files (x86)\2K Games
2013-09-23 14:13 . 2013-09-23 14:13 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim
2013-09-16 18:18 . 2013-09-24 20:39 -------- d-----w- c:\programdata\Tunngle
2013-09-16 18:02 . 2013-09-16 18:18 -------- d-----w- c:\program files (x86)\Tunngle
2013-09-16 17:52 . 2013-10-13 11:30 -------- d-----w- c:\users\gregorae\AppData\Roaming\Tunngle
2013-09-16 17:52 . 2009-09-16 06:02 31232 ----a-w- c:\windows\system32\drivers\tap0901t.sys
2013-09-16 17:02 . 2013-09-16 17:50 -------- d-----w- c:\program files (x86)\Killing Floor
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 18:17 . 2012-05-02 10:49 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 18:17 . 2012-05-02 10:49 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-04 14:06 . 2013-09-04 14:06 314016 ----a-w- c:\windows\system32\drivers\atksgt.sys
2013-09-04 14:06 . 2013-09-04 14:06 43680 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2013-09-04 10:55 . 2013-09-03 19:30 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-09-03 19:30 . 2013-09-03 19:13 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-08-29 01:48 . 2013-10-10 07:36 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-18 18:13 . 2013-08-18 18:13 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2013-08-17 14:57 . 2013-08-17 14:57 348160 ----a-w- c:\windows\SysWow64\Msvcr71.dll
2013-08-17 14:57 . 2013-08-17 14:57 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2013-08-17 14:57 . 2013-08-17 14:57 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2013-08-17 14:12 . 2013-08-17 14:12 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2013-08-14 01:07 . 2013-08-14 01:07 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-08-14 01:07 . 2013-08-14 01:07 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-08-14 01:07 . 2013-08-14 01:07 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-08-14 01:07 . 2013-08-14 01:07 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-08-14 01:07 . 2013-08-14 01:07 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-08-14 01:07 . 2013-08-14 01:07 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-08-14 01:07 . 2013-08-14 01:07 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-08-14 01:07 . 2013-08-14 01:07 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-08-14 01:07 . 2013-08-14 01:07 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-08-14 01:07 . 2013-08-14 01:07 216064 ----a-w- c:\windows\system32\msls31.dll
2013-08-14 01:07 . 2013-08-14 01:07 204800 ----a-w- c:\windows\SysWow64\webcheck.dll
2013-08-14 01:07 . 2013-08-14 01:07 197120 ----a-w- c:\windows\system32\msrating.dll
2013-08-14 01:07 . 2013-08-14 01:07 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-08-14 01:07 . 2013-08-14 01:07 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-08-14 01:07 . 2013-08-14 01:07 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-08-14 01:07 . 2013-08-14 01:07 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-08-14 01:07 . 2013-08-14 01:07 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-08-14 01:07 . 2013-08-14 01:07 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-08-14 01:07 . 2013-08-14 01:07 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-08-14 01:07 . 2013-08-14 01:07 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-08-14 01:07 . 2013-08-14 01:07 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-08-14 01:07 . 2013-08-14 01:07 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-08-14 01:07 . 2013-08-14 01:07 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-08-14 01:07 . 2013-08-14 01:07 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-08-14 01:07 . 2013-08-14 01:07 81408 ----a-w- c:\windows\system32\icardie.dll
2013-08-14 01:07 . 2013-08-14 01:07 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-08-14 01:07 . 2013-08-14 01:07 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-08-14 01:07 . 2013-08-14 01:07 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-08-14 01:07 . 2013-08-14 01:07 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-08-14 01:07 . 2013-08-14 01:07 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-08-14 01:07 . 2013-08-14 01:07 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-08-14 01:07 . 2013-08-14 01:07 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-08-14 01:07 . 2013-08-14 01:07 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-08-14 01:07 . 2013-08-14 01:07 441856 ----a-w- c:\windows\system32\html.iec
2013-08-14 01:07 . 2013-08-14 01:07 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-08-14 01:07 . 2013-08-14 01:07 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-08-14 01:07 . 2013-08-14 01:07 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-08-14 01:07 . 2013-08-14 01:07 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-08-14 01:07 . 2013-08-14 01:07 235008 ----a-w- c:\windows\system32\url.dll
2013-08-14 01:07 . 2013-08-14 01:07 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-08-14 01:07 . 2013-08-14 01:07 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-08-14 01:07 . 2013-08-14 01:07 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-08-14 01:07 . 2013-08-14 01:07 149504 ----a-w- c:\windows\system32\occache.dll
2013-08-14 01:07 . 2013-08-14 01:07 144896 ----a-w- c:\windows\system32\wextract.exe
2013-08-14 01:07 . 2013-08-14 01:07 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-08-14 01:07 . 2013-08-14 01:07 13824 ----a-w- c:\windows\system32\mshta.exe
2013-08-14 01:07 . 2013-08-14 01:07 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-08-14 01:07 . 2013-08-14 01:07 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-08-14 01:07 . 2013-08-14 01:07 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-08-14 01:07 . 2013-08-14 01:07 102912 ----a-w- c:\windows\system32\inseng.dll
2013-08-14 01:06 . 2013-08-14 01:06 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-14 01:06 . 2013-08-14 01:06 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-14 01:06 . 2013-08-14 01:06 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-08-14 01:06 . 2013-08-14 01:06 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-08-14 01:06 . 2013-08-14 01:06 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-14 01:06 . 2013-08-14 01:06 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-14 01:06 . 2013-08-14 01:06 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-14 01:06 . 2013-08-14 01:06 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-14 01:06 . 2013-08-14 01:06 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-08-14 01:06 . 2013-08-14 01:06 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-08-14 01:06 . 2013-08-14 01:06 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-08-14 01:06 . 2013-08-14 01:06 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-14 01:06 . 2013-08-14 01:06 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-14 01:06 . 2013-08-14 01:06 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-08-14 01:06 . 2013-08-14 01:06 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-08-14 01:06 . 2013-08-14 01:06 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-08-14 01:06 . 2013-08-14 01:06 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-14 01:06 . 2013-08-14 01:06 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-14 01:06 . 2013-08-14 01:06 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-08-14 01:06 . 2013-08-14 01:06 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-08-14 01:06 . 2013-08-14 01:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-14 01:06 . 2013-08-14 01:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-14 01:06 . 2013-08-14 01:06 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-14 01:06 . 2013-08-14 01:06 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-14 01:06 . 2013-08-14 01:06 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-08-14 01:06 . 2013-08-14 01:06 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-08-14 01:06 . 2013-08-14 01:06 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-08-14 01:06 . 2013-08-14 01:06 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-08-14 01:06 . 2013-08-14 01:06 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-14 01:06 . 2013-08-14 01:06 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-14 01:06 . 2013-08-14 01:06 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-08-14 01:06 . 2013-08-14 01:06 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-08-14 01:06 . 2013-08-14 01:06 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-08-14 01:06 . 2013-08-14 01:06 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-08-14 01:06 . 2013-08-14 01:06 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-08-14 01:06 . 2013-08-14 01:06 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-08-14 01:06 . 2013-08-14 01:06 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-08-14 01:06 . 2013-08-14 01:06 194560 ----a-w- c:\windows\system32\d3d10_1.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-10-09 1813928]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-07-03 3673184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VSAKTUALIZACE"="c:\vsservis\VS_START.exe" [2013-08-08 382976]
"tvncontrol"="c:\program files (x86)\TightVNC\tvnserver.exe" [2010-07-08 815704]
"NtVdmSrv"="c:\windows\inf\ntvdm.vbe" [2013-06-20 1219]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)
"NoPublishingWizard"= 1 (0x1)
"NoOnlinePrintsWizard"= 1 (0x1)
"NoHardwareTab"= 1 (0x1)
"NoChangeKeyboardNavigationIndicators"= 1 (0x1)
"ConfirmFileDelete"= 1 (0x1)
"NoSimpleStartMenu"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3980190197-1444705627-759596693-9824\Scripts\Logon\0\0]
"Script"=\\fnkv.local\NETLOGON\map-u.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3980190197-1444705627-759596693-9824\Scripts\Logon\1\0]
"Script"=nahradni_provoz_unis.cmd
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys;c:\windows\SYSNATIVE\DRIVERS\stflt.sys [x]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [x]
S2 tvnserver;TightVNC Server;c:\program files (x86)\TightVNC\tvnserver.exe;c:\program files (x86)\TightVNC\tvnserver.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2013-10-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 18:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2716216]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-02 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-02 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-02 418328]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-11-02 1933584]
"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2012-09-06 2777296]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2012-09-06 3673808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = proxy.fnkv.local:2222
uInternet Settings,ProxyOverride = *.fnkv.cz;*.fnkv.local;172.25.*;*.cuni.cz;helpdesk.dynn.cz;intran;snzr.ksrzis.cz;training.nextrials.com;isis.parexel.com;www.fisheracts.com;socpos.mpsv.cz;www.demogismm.net;ghdmp1.phri.hhsc.ca;edc.phri.ca;www2.clinicalresearch.nl;old.anopress.cz;prism.nextrials.com;www.sits.ucr.uu.se;portal.agmednet.net;www.citibank.cz;*.customer.teliacarrier.com;https://s.ica.cz;https://q.ica.cz;gtw-ws01.sukl.cz:4540;gtw-ws02.sukl.cz:4540;*.mesh.com;<local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\gregorae\AppData\Roaming\Mozilla\Firefox\Profiles\wz4qzafe.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3980190197-1444705627-759596693-9824\Software\SecuROM\License information*]
"datasecu"=hex:04,52,79,37,1c,4d,41,0b,89,a4,4e,70,c4,43,ac,77,ab,e1,f4,e3,ba,
15,47,5b,c4,b5,74,9d,f5,41,a0,70,02,f0,7d,63,d5,a8,3b,2b,71,3d,95,ee,de,62,\
"rkeysecu"=hex:ca,f1,08,4a,62,2f,7a,b4,25,23,2a,40,ed,cc,6b,07
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-10-13 19:14:05
ComboFix-quarantined-files.txt 2013-10-13 17:14
.
Před spuštěním: Volných bajtů: 209 046 667 264
Po spuštění: Volných bajtů: 209 531 654 144
.
- - End Of File - - 9367C528C36B94A5764B443711BF01AA
A36C5E4F47E84449FF07ED3517B43A31

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Collect::
c:\windows\inf\ntvdm.vbe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NtVdmSrv"=-

Regnull::
[HKEY_USERS\S-1-5-21-3980190197-1444705627-759596693-9824\Software\SecuROM\License information*]

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[Gary545]

Mohu se jen zeptat, jestli je nejaká možnost navrátit ty smazané dokumenty o kterém jsem přišel?

[Gary545]

ComboFix 13-10-13.02 - GregoraE 13.10.2013 19:45:54.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8103.6084 [GMT 2:00]
Spuštěný z: c:\users\gregorae\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\gregorae\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
.
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-09-13 do 2013-10-13 )))))))))))))))))))))))))))))))
.
.
2013-10-13 17:50 . 2013-10-13 17:50 -------- d-----w- c:\users\user\AppData\Local\temp
2013-10-13 17:50 . 2013-10-13 17:50 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-10-13 17:50 . 2013-10-13 17:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-13 17:50 . 2013-10-13 17:50 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-10-13 17:50 . 2013-10-13 17:50 -------- d-----w- c:\users\a_durchanek\AppData\Local\temp
2013-10-13 17:05 . 2013-10-13 17:05 -------- d-----w- c:\users\gregorae\AppData\Local\ESET
2013-10-13 11:54 . 2013-10-13 11:54 -------- d-----w- c:\users\gregorae\AppData\Local\Macromedia
2013-10-13 11:48 . 2013-10-13 11:48 -------- d-----w- C:\rsit
2013-10-13 11:48 . 2013-10-13 11:48 -------- d-----w- c:\program files (x86)\trend micro
2013-10-13 10:50 . 2013-10-13 10:50 -------- d-----w- c:\users\gregorae\AppData\Roaming\NVIDIA
2013-10-13 10:19 . 2013-10-13 10:19 -------- d-----w- c:\program files (x86)\Electronic Arts
2013-10-13 10:05 . 2013-10-13 10:05 -------- d-----w- c:\programdata\Solidshield
2013-10-12 09:06 . 2013-10-13 11:12 -------- d-----w- C:\Games
2013-10-11 21:49 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2C9794CB-6C41-42A5-AC9F-681E41F6D3D6}\mpengine.dll
2013-10-11 21:42 . 2013-09-21 03:38 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-11 21:42 . 2013-09-21 03:30 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-10-10 07:36 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll
2013-10-08 08:52 . 2013-10-08 08:52 648192 ---ha-w- c:\users\gregorae\AppData\Local\JavaUpdater.exe
2013-10-06 09:19 . 2013-10-13 11:29 -------- d-----w- c:\users\gregorae\AppData\Roaming\Need For Speed The Run
2013-10-05 19:56 . 2013-10-05 19:56 -------- d-----w- c:\windows\Downloaded Installations
2013-09-28 19:14 . 2013-09-28 19:14 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-09-28 19:13 . 2013-10-13 11:28 -------- d-----w- c:\users\gregorae\AppData\Local\2K Games
2013-09-28 18:17 . 2013-09-28 18:17 -------- d-----w- c:\program files (x86)\2K Games
2013-09-23 14:13 . 2013-09-23 14:13 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim
2013-09-16 18:18 . 2013-09-24 20:39 -------- d-----w- c:\programdata\Tunngle
2013-09-16 18:02 . 2013-09-16 18:18 -------- d-----w- c:\program files (x86)\Tunngle
2013-09-16 17:52 . 2013-10-13 11:30 -------- d-----w- c:\users\gregorae\AppData\Roaming\Tunngle
2013-09-16 17:52 . 2009-09-16 06:02 31232 ----a-w- c:\windows\system32\drivers\tap0901t.sys
2013-09-16 17:02 . 2013-09-16 17:50 -------- d-----w- c:\program files (x86)\Killing Floor
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 18:17 . 2012-05-02 10:49 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 18:17 . 2012-05-02 10:49 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-04 14:06 . 2013-09-04 14:06 314016 ----a-w- c:\windows\system32\drivers\atksgt.sys
2013-09-04 14:06 . 2013-09-04 14:06 43680 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2013-09-04 10:55 . 2013-09-03 19:30 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-09-03 19:30 . 2013-09-03 19:13 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-08-29 01:48 . 2013-10-10 07:36 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-18 18:13 . 2013-08-18 18:13 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2013-08-17 14:57 . 2013-08-17 14:57 348160 ----a-w- c:\windows\SysWow64\Msvcr71.dll
2013-08-17 14:57 . 2013-08-17 14:57 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2013-08-17 14:57 . 2013-08-17 14:57 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2013-08-17 14:12 . 2013-08-17 14:12 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2013-08-14 01:07 . 2013-08-14 01:07 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-08-14 01:07 . 2013-08-14 01:07 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-08-14 01:07 . 2013-08-14 01:07 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-08-14 01:07 . 2013-08-14 01:07 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-08-14 01:07 . 2013-08-14 01:07 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-08-14 01:07 . 2013-08-14 01:07 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-08-14 01:07 . 2013-08-14 01:07 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-08-14 01:07 . 2013-08-14 01:07 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-08-14 01:07 . 2013-08-14 01:07 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-08-14 01:07 . 2013-08-14 01:07 216064 ----a-w- c:\windows\system32\msls31.dll
2013-08-14 01:07 . 2013-08-14 01:07 204800 ----a-w- c:\windows\SysWow64\webcheck.dll
2013-08-14 01:07 . 2013-08-14 01:07 197120 ----a-w- c:\windows\system32\msrating.dll
2013-08-14 01:07 . 2013-08-14 01:07 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-08-14 01:07 . 2013-08-14 01:07 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-08-14 01:07 . 2013-08-14 01:07 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-08-14 01:07 . 2013-08-14 01:07 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-08-14 01:07 . 2013-08-14 01:07 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-08-14 01:07 . 2013-08-14 01:07 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-08-14 01:07 . 2013-08-14 01:07 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-08-14 01:07 . 2013-08-14 01:07 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-08-14 01:07 . 2013-08-14 01:07 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-08-14 01:07 . 2013-08-14 01:07 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-08-14 01:07 . 2013-08-14 01:07 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-08-14 01:07 . 2013-08-14 01:07 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-08-14 01:07 . 2013-08-14 01:07 81408 ----a-w- c:\windows\system32\icardie.dll
2013-08-14 01:07 . 2013-08-14 01:07 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-08-14 01:07 . 2013-08-14 01:07 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-08-14 01:07 . 2013-08-14 01:07 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-08-14 01:07 . 2013-08-14 01:07 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-08-14 01:07 . 2013-08-14 01:07 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-08-14 01:07 . 2013-08-14 01:07 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-08-14 01:07 . 2013-08-14 01:07 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-08-14 01:07 . 2013-08-14 01:07 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-08-14 01:07 . 2013-08-14 01:07 441856 ----a-w- c:\windows\system32\html.iec
2013-08-14 01:07 . 2013-08-14 01:07 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-08-14 01:07 . 2013-08-14 01:07 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-08-14 01:07 . 2013-08-14 01:07 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-08-14 01:07 . 2013-08-14 01:07 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-08-14 01:07 . 2013-08-14 01:07 235008 ----a-w- c:\windows\system32\url.dll
2013-08-14 01:07 . 2013-08-14 01:07 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-08-14 01:07 . 2013-08-14 01:07 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-08-14 01:07 . 2013-08-14 01:07 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-08-14 01:07 . 2013-08-14 01:07 149504 ----a-w- c:\windows\system32\occache.dll
2013-08-14 01:07 . 2013-08-14 01:07 144896 ----a-w- c:\windows\system32\wextract.exe
2013-08-14 01:07 . 2013-08-14 01:07 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-08-14 01:07 . 2013-08-14 01:07 13824 ----a-w- c:\windows\system32\mshta.exe
2013-08-14 01:07 . 2013-08-14 01:07 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-08-14 01:07 . 2013-08-14 01:07 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-08-14 01:07 . 2013-08-14 01:07 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-08-14 01:07 . 2013-08-14 01:07 102912 ----a-w- c:\windows\system32\inseng.dll
2013-08-14 01:06 . 2013-08-14 01:06 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-14 01:06 . 2013-08-14 01:06 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-14 01:06 . 2013-08-14 01:06 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-08-14 01:06 . 2013-08-14 01:06 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-08-14 01:06 . 2013-08-14 01:06 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-14 01:06 . 2013-08-14 01:06 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-14 01:06 . 2013-08-14 01:06 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-14 01:06 . 2013-08-14 01:06 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-14 01:06 . 2013-08-14 01:06 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-08-14 01:06 . 2013-08-14 01:06 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-08-14 01:06 . 2013-08-14 01:06 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-08-14 01:06 . 2013-08-14 01:06 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-14 01:06 . 2013-08-14 01:06 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-14 01:06 . 2013-08-14 01:06 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-08-14 01:06 . 2013-08-14 01:06 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-08-14 01:06 . 2013-08-14 01:06 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-08-14 01:06 . 2013-08-14 01:06 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-14 01:06 . 2013-08-14 01:06 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-14 01:06 . 2013-08-14 01:06 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-08-14 01:06 . 2013-08-14 01:06 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-08-14 01:06 . 2013-08-14 01:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-14 01:06 . 2013-08-14 01:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-14 01:06 . 2013-08-14 01:06 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-14 01:06 . 2013-08-14 01:06 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-14 01:06 . 2013-08-14 01:06 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-08-14 01:06 . 2013-08-14 01:06 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-08-14 01:06 . 2013-08-14 01:06 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-08-14 01:06 . 2013-08-14 01:06 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-08-14 01:06 . 2013-08-14 01:06 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-14 01:06 . 2013-08-14 01:06 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-14 01:06 . 2013-08-14 01:06 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-08-14 01:06 . 2013-08-14 01:06 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-08-14 01:06 . 2013-08-14 01:06 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-08-14 01:06 . 2013-08-14 01:06 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-08-14 01:06 . 2013-08-14 01:06 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-08-14 01:06 . 2013-08-14 01:06 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-08-14 01:06 . 2013-08-14 01:06 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-08-14 01:06 . 2013-08-14 01:06 194560 ----a-w- c:\windows\system32\d3d10_1.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-10-09 1813928]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-07-03 3673184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VSAKTUALIZACE"="c:\vsservis\VS_START.exe" [2013-08-08 382976]
"tvncontrol"="c:\program files (x86)\TightVNC\tvnserver.exe" [2010-07-08 815704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)
"NoPublishingWizard"= 1 (0x1)
"NoOnlinePrintsWizard"= 1 (0x1)
"NoHardwareTab"= 1 (0x1)
"NoChangeKeyboardNavigationIndicators"= 1 (0x1)
"ConfirmFileDelete"= 1 (0x1)
"NoSimpleStartMenu"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3980190197-1444705627-759596693-9824\Scripts\Logon\0\0]
"Script"=\\fnkv.local\NETLOGON\map-u.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3980190197-1444705627-759596693-9824\Scripts\Logon\1\0]
"Script"=nahradni_provoz_unis.cmd
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys;c:\windows\SYSNATIVE\DRIVERS\stflt.sys [x]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [x]
S2 tvnserver;TightVNC Server;c:\program files (x86)\TightVNC\tvnserver.exe;c:\program files (x86)\TightVNC\tvnserver.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2013-10-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 18:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2716216]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-02 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-02 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-02 418328]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-11-02 1933584]
"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2012-09-06 2777296]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2012-09-06 3673808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = proxy.fnkv.local:2222
uInternet Settings,ProxyOverride = *.fnkv.cz;*.fnkv.local;172.25.*;*.cuni.cz;helpdesk.dynn.cz;intran;snzr.ksrzis.cz;training.nextrials.com;isis.parexel.com;www.fisheracts.com;socpos.mpsv.cz;www.demogismm.net;ghdmp1.phri.hhsc.ca;edc.phri.ca;www2.clinicalresearch.nl;old.anopress.cz;prism.nextrials.com;www.sits.ucr.uu.se;portal.agmednet.net;www.citibank.cz;*.customer.teliacarrier.com;https://s.ica.cz;https://q.ica.cz;gtw-ws01.sukl.cz:4540;gtw-ws02.sukl.cz:4540;*.mesh.com;<local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\gregorae\AppData\Roaming\Mozilla\Firefox\Profiles\wz4qzafe.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Celkový čas: 2013-10-13 20:03:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-10-13 18:03
ComboFix2.txt 2013-10-13 17:14
.
Před spuštěním: Volných bajtů: 209 613 824 000
Po spuštění: Volných bajtů: 209 045 991 424
.
- - End Of File - - 4F50CE2C9AFE7FB1E3136DE9C332D4BF
A36C5E4F47E84449FF07ED3517B43A31

[Rudy]

Mohu se jen zeptat, jestli je nejaká možnost navrátit ty smazané dokumenty o kterém jsem přišel?

Bohužel není, pokud je nemáte někde zálohované.

Log již vypadá OK. CF odinstalujte pomocí T-Cleaneru: http://vyosek.ic.cz/pro_usery/T-Cleaner.exe .

[Gary545]

Děkuji moc za pomoc bohužel jsem nestihl zálohovat, jelikož se mi ty dokumenty mazali primo pred ocima Chtěl bych se Vás ještě jen zeptat čím to mohlo být? A jestli je dobré si ještě nějak zabezpečit NTB, kromě NODu a Spyware terminatoru? Díky

[Rudy]

Byl to zřejmě opravdu policejní vir (nová, sofistikovanější varianta). Proti policejnímu viru jsou zatím antiviry krátké, existují stovky variant a stále vznikají nové. Vaš zabezpečení je dostatečné, jen je třeba se nepohybovat v "temných zákoutích" internetu.

[Gary545]

Děkuji moc za informace a vyčištění mého NTB Přeji hezký zbytek večera

[Rudy]

Hezký zbytek večera i vám a nemáte zač!