prosím o kontrolu :)

[andulka.safarova]

Dobrý den, pomohl by mi někdo to rozšifrovat? Předem moc děkuji !

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:20:06, on 28.1.2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Anna.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110401090422.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6"
O4 - HKLM\..\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll
O23 - Service: McAfee Application Installer Cleanup (0315681390922571) (0315681390922571mcinstcleanup) - Unknown owner - C:\Windows\TEMP\031568~1.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Úložná technologie Intel(R) Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
O23 - Service: McAfee OOBE Service (McOobeSv) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NTI, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Acer ODD Power Service (ODDPwrSvc) - Acer Incorporated - C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11754 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 33436384
\??\C:\Windows\system32\conhost.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
"C:\Program Files (x86)\Launch Manager\dsiwmis.exe"
"C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe"
"C:\Program Files (x86)\Acer\Registration\GREGsvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc
"C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe"
"C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE
"C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe"
"C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe"
"C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe"
"C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe"
"C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe"
"C:\Program Files\Acer\Acer Updater\UpdaterService.exe"
"C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe"
"C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
atieclxx
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
"c:\PROGRA~1\mcafee.com\agent\mcagent.exe" -Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE3
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
"C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Launch Manager\LManager.exe"
"C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"
"C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe"
"C:\Program Files (x86)\Launch Manager\LMworker.exe"
"C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe"
"C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe"
"C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\servicing\TrustedInstaller.exe
"taskhost.exe"
"C:\Windows\system32\wuauclt.exe"
C:\Windows\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
taskhost.exe C:\Windows\system32\rundll32.exe aepdu.dll,AePduRunUpdate
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Anna\Downloads\hijackthis.log
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe22_ Global\UsGthrCtrlFltPipeMssGthrPipe22 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Users\Anna\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Acer Registration - Data Sending task.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\htes96ov.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL [2009-12-22 294176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110401090422.dll [2010-01-06 78968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [2009-12-14 242152]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\progra~1\mcafee\msk\mskapbho.dll [2009-12-22 245272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110401090422.dll [2010-01-06 73288]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\progra~2\mcafee\sitead~1\mcieplg.dll [2009-12-14 204048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [2009-12-14 242152]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\progra~2\mcafee\sitead~1\mcieplg.dll [2009-12-14 204048]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ODDPwr"=C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe [2010-04-22 223264]
"mwlDaemon"=C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [2010-05-27 349552]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-08-25 161304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-08-25 386584]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-08-25 414744]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-07-13 11046504]
"RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2010-07-13 2103912]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2009-04-09 320000]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-03-11 2107176]
"Acer ePower Management"=C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [2010-06-11 496160]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2010-02-04 1465304]
"SuiteTray"=C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [2010-05-27 337264]
"EgisUpdate"=C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [2010-03-11 201584]
"EgisTecPMMUpdate"=C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [2010-03-11 407920]
"Norton Online Backup"=C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2010-06-01 1155928]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-28 35696]
"BackupManagerTray"=C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [2010-06-28 265984]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-08-25 98304]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2010-03-03 284696]
"LManager"=C:\Program Files (x86)\Launch Manager\LManager.exe [2010-08-10 975952]
"MDS_Menu"=C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]
"ArcadeMovieService"=C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe [2010-06-25 124136]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Acer VCM.lnk - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-08-25 269824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2014-01-28 23:23:05 ----A---- C:\Windows\system32\perfi005.dat
2014-01-28 23:23:05 ----A---- C:\Windows\system32\perfh005.dat
2014-01-28 23:23:05 ----A---- C:\Windows\system32\perfd005.dat
2014-01-28 23:23:05 ----A---- C:\Windows\system32\perfc005.dat
2014-01-28 23:22:43 ----D---- C:\Windows\SYSWOW64\cs
2014-01-28 23:22:42 ----D---- C:\Windows\SYSWOW64\XPSViewer
2014-01-28 23:22:42 ----D---- C:\Windows\SYSWOW64\drivers\cs-CZ
2014-01-28 23:22:42 ----D---- C:\Windows\system32\cs
2014-01-28 23:22:42 ----D---- C:\Windows\cs-CZ
2014-01-28 23:22:41 ----D---- C:\Windows\system32\drivers\cs-CZ
2014-01-28 23:17:56 ----D---- C:\Windows\NAPP_Dism_Log
2014-01-28 18:20:00 ----D---- C:\rsit
2014-01-28 18:20:00 ----D---- C:\Program Files\trend micro
2014-01-28 17:45:46 ----SHD---- C:\$RECYCLE.BIN
2014-01-28 17:45:37 ----A---- C:\ComboFix.txt
2014-01-28 17:35:38 ----A---- C:\Windows\zip.exe
2014-01-28 17:35:38 ----A---- C:\Windows\SWSC.exe
2014-01-28 17:35:38 ----A---- C:\Windows\SWREG.exe
2014-01-28 17:35:38 ----A---- C:\Windows\sed.exe
2014-01-28 17:35:38 ----A---- C:\Windows\PEV.exe
2014-01-28 17:35:38 ----A---- C:\Windows\NIRCMD.exe
2014-01-28 17:35:38 ----A---- C:\Windows\MBR.exe
2014-01-28 17:35:38 ----A---- C:\Windows\grep.exe
2014-01-28 17:34:58 ----D---- C:\Qoobox
2014-01-28 17:34:49 ----D---- C:\Windows\erdnt
2014-01-28 16:51:56 ----A---- C:\Windows\NTIWVEDT.INI
2014-01-28 16:38:44 ----D---- C:\Users\Anna\AppData\Roaming\Mozilla
2014-01-28 16:38:37 ----D---- C:\ProgramData\Mozilla
2014-01-28 16:38:36 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-28 16:38:33 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-01-28 16:37:53 ----D---- C:\Users\Anna\AppData\Roaming\Adobe
2014-01-28 16:37:28 ----A---- C:\Windows\system32\wups2.dll
2014-01-28 16:37:28 ----A---- C:\Windows\system32\wuauclt.exe
2014-01-28 16:37:27 ----A---- C:\Windows\system32\wucltux.dll
2014-01-28 16:37:27 ----A---- C:\Windows\system32\wuaueng.dll
2014-01-28 16:37:15 ----A---- C:\Windows\system32\wuwebv.dll
2014-01-28 16:37:15 ----A---- C:\Windows\system32\wuapp.exe
2014-01-28 16:24:56 ----D---- C:\Users\Anna\AppData\Roaming\Intel Corporation
2014-01-28 16:24:50 ----D---- C:\Users\Anna\AppData\Roaming\Macromedia
2014-01-28 16:24:22 ----D---- C:\Users\Anna\AppData\Roaming\Identities
2014-01-28 16:22:45 ----SD---- C:\Users\Anna\AppData\Roaming\Microsoft
2014-01-28 16:22:45 ----D---- C:\Users\Anna\AppData\Roaming\Media Center Programs
2014-01-28 16:22:37 ----SHD---- C:\ProgramData\Šablony
2014-01-28 16:22:37 ----SHD---- C:\ProgramData\Plocha
2014-01-28 16:22:37 ----SHD---- C:\ProgramData\Oblíbené položky
2014-01-28 16:22:37 ----SHD---- C:\ProgramData\Nabídka Start
2014-01-28 16:22:37 ----SHD---- C:\ProgramData\Dokumenty
2014-01-28 16:22:37 ----SHD---- C:\ProgramData\Data aplikací
2014-01-28 16:22:37 ----D---- C:\Recovery
2014-01-28 15:08:56 ----A---- C:\Windows\SYSWOW64\msxml4r.dll
2014-01-28 15:08:56 ----A---- C:\Windows\SYSWOW64\msxml4a.dll
2014-01-28 15:08:56 ----A---- C:\Windows\SYSWOW64\msxml4.dll
2014-01-28 15:07:38 ----D---- C:\Program Files (x86)\Cyberlink
2014-01-28 15:07:01 ----D---- C:\Program Files (x86)\Acer Arcade Deluxe
2014-01-28 15:07:00 ----D---- C:\ProgramData\Temp
2014-01-28 15:07:00 ----D---- C:\ProgramData\CyberLink
2014-01-28 15:06:05 ----A---- C:\Windows\SYSWOW64\d3dx9_32.dll
2014-01-28 15:06:05 ----A---- C:\Windows\system32\d3dx9_32.dll
2014-01-28 15:06:02 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-01-28 15:05:12 ----D---- C:\Program Files (x86)\Windows Live SkyDrive
2014-01-28 15:05:07 ----D---- C:\Program Files (x86)\Windows Live
2014-01-28 15:04:57 ----D---- C:\Windows\PCHEALTH
2014-01-28 15:03:06 ----D---- C:\Program Files (x86)\Microsoft Office
2014-01-28 15:02:13 ----D---- C:\Program Files (x86)\Microsoft
2014-01-28 14:59:15 ----A---- C:\Windows\system32\drivers\btwl2cap.sys
2014-01-28 14:59:15 ----A---- C:\Windows\system32\drivers\btwavdt.sys
2014-01-28 14:59:15 ----A---- C:\Windows\system32\drivers\btwampfl.sys
2014-01-28 14:59:14 ----A---- C:\Windows\system32\drivers\btwrchid.sys
2014-01-28 14:59:14 ----A---- C:\Windows\system32\drivers\btwaudio.sys
2014-01-28 14:58:22 ----D---- C:\Program Files\WIDCOMM
2014-01-28 14:55:31 ----A---- C:\Windows\SYSWOW64\log.txt
2014-01-28 14:55:19 ----A---- C:\Windows\system32\drivers\HECIx64.sys
2014-01-28 14:54:34 ----D---- C:\Program Files (x86)\Acer Crystal Eye webcam
2014-01-28 14:51:18 ----D---- C:\Program Files\Synaptics
2014-01-28 14:51:15 ----N---- C:\Windows\SYSWOW64\agrsmdel.exe
2014-01-28 14:51:15 ----N---- C:\Windows\SYSWOW64\agrsco64.dll
2014-01-28 14:51:13 ----D---- C:\Windows\Options
2014-01-28 14:50:35 ----D---- C:\Windows\SYSWOW64\Atheros_L1e
2014-01-28 14:44:56 ----D---- C:\Program Files\Intel
2014-01-28 14:44:10 ----D---- C:\Program Files (x86)\Launch Manager
2014-01-28 14:42:37 ----A---- C:\Windows\SYSWOW64\CSVer.dll
2014-01-28 14:41:27 ----D---- C:\ProgramData\AmUStor
2014-01-28 14:41:27 ----D---- C:\Program Files (x86)\AmIcoSingLun
2014-01-28 14:39:38 ----D---- C:\Windows\SYSWOW64\RTCOM
2014-01-28 14:39:26 ----D---- C:\Program Files\Realtek
2014-01-28 14:39:26 ----A---- C:\Windows\system32\drivers\RtPCEE3.DAT
2014-01-28 14:39:26 ----A---- C:\Windows\system32\drivers\rtkhdaud.dat
2014-01-28 14:39:26 ----A---- C:\Windows\system32\drivers\RtHdatEx.dat
2014-01-28 14:39:26 ----A---- C:\Windows\system32\drivers\RTHDAEQ1.dat
2014-01-28 14:39:26 ----A---- C:\Windows\system32\drivers\RTEQEX3.dat
2014-01-28 14:39:26 ----A---- C:\Windows\system32\drivers\RTEQEX2.dat
2014-01-28 14:39:26 ----A---- C:\Windows\system32\drivers\RTEQEX1.dat
2014-01-28 14:39:26 ----A---- C:\Windows\system32\drivers\RTEQEX0.dat
2014-01-28 14:39:26 ----A---- C:\Windows\system32\drivers\RTConvEQ.dat
2014-01-28 14:39:24 ----A---- C:\Windows\system32\WavesGUILib.dll
2014-01-28 14:39:24 ----A---- C:\Windows\system32\SRSWOW64.dll
2014-01-28 14:39:24 ----A---- C:\Windows\system32\SRSTSX64.dll
2014-01-28 14:39:24 ----A---- C:\Windows\system32\SRSTSH64.dll
2014-01-28 14:39:24 ----A---- C:\Windows\system32\SRSHP64.dll
2014-01-28 14:39:24 ----A---- C:\Windows\system32\RtPgEx64.dll
2014-01-28 14:39:23 ----A---- C:\Windows\system32\RtlCPAPI64.dll
2014-01-28 14:39:23 ----A---- C:\Windows\system32\RtkCfg64.dll
2014-01-28 14:39:23 ----A---- C:\Windows\system32\RtkAPO64.dll
2014-01-28 14:39:23 ----A---- C:\Windows\system32\RtkApi64.dll
2014-01-28 14:39:23 ----A---- C:\Windows\system32\RTEEP64A.dll
2014-01-28 14:39:23 ----A---- C:\Windows\system32\RTEEL64A.dll
2014-01-28 14:39:23 ----A---- C:\Windows\system32\RTEEG64A.dll
2014-01-28 14:39:23 ----A---- C:\Windows\system32\RTEED64A.dll
2014-01-28 14:39:23 ----A---- C:\Windows\system32\RTCOM64.dll
2014-01-28 14:39:23 ----A---- C:\Windows\system32\RP3DHT64.dll
2014-01-28 14:39:23 ----A---- C:\Windows\system32\RP3DAA64.dll
2014-01-28 14:39:23 ----A---- C:\Windows\system32\RCoInst64.dll
2014-01-28 14:39:23 ----A---- C:\Windows\system32\drivers\RTKVHD64.sys
2014-01-28 14:39:22 ----A---- C:\Windows\system32\MaxxVolumeSDAPO.dll
2014-01-28 14:39:22 ----A---- C:\Windows\system32\MaxxAudioRealtek.dll
2014-01-28 14:39:22 ----A---- C:\Windows\system32\MaxxAudioEQ.dll
2014-01-28 14:39:22 ----A---- C:\Windows\system32\MaxxAudioAPO30.dll
2014-01-28 14:39:22 ----A---- C:\Windows\system32\MaxxAudioAPO20.dll
2014-01-28 14:39:22 ----A---- C:\Windows\system32\FMAPO64.dll
2014-01-28 14:39:21 ----HD---- C:\Program Files (x86)\Temp
2014-01-28 14:39:21 ----D---- C:\Program Files (x86)\Realtek
2014-01-28 14:39:21 ----A---- C:\Windows\system32\AERTAR64.dll
2014-01-28 14:39:21 ----A---- C:\Windows\system32\AERTAC64.dll
2014-01-28 14:39:21 ----A---- C:\Windows\RtlExUpd.dll
2014-01-28 14:37:53 ----D---- C:\Intel
2014-01-28 14:37:52 ----A---- C:\Windows\system32\drivers\iaStor.sys
2014-01-28 14:37:51 ----D---- C:\Program Files (x86)\Intel
2014-01-28 14:37:20 ----A---- C:\Windows\system32\drivers\rdyboost.sys
2014-01-28 14:36:43 ----AD---- C:\book
2014-01-28 14:34:26 ----A---- C:\Windows\system32\PLD_Framework.cmd
2014-01-28 14:34:17 ----A---- C:\Windows\devices.txt
2014-01-28 14:32:40 ----A---- C:\Windows\SYSWOW64\atipblup.dat
2014-01-28 14:32:40 ----A---- C:\Windows\system32\atipblup.dat
2014-01-28 14:32:03 ----D---- C:\Program Files\ATI
2014-01-28 14:32:01 ----D---- C:\Program Files (x86)\ATI Technologies
2014-01-28 14:30:52 ----D---- C:\Windows\SoftwareDistribution
2014-01-28 14:27:39 ----SHD---- C:\System Volume Information
2014-01-28 14:27:39 ----ASH---- C:\pagefile.sys
2014-01-28 14:27:39 ----ASH---- C:\hiberfil.sys

======List of files/folders modified in the last 1 month======

2014-01-28 23:25:50 ----D---- C:\Windows\SYSWOW64\winrm
2014-01-28 23:25:50 ----D---- C:\Windows\SYSWOW64\WCN
2014-01-28 23:25:50 ----D---- C:\Windows\SYSWOW64\slmgr
2014-01-28 23:25:50 ----D---- C:\Windows\SYSWOW64\en-US
2014-01-28 23:25:50 ----D---- C:\Windows\SYSWOW64\en
2014-01-28 23:25:50 ----D---- C:\Windows\SYSWOW64\DriverStore
2014-01-28 23:25:50 ----D---- C:\Windows\SYSWOW64\drivers\en-US
2014-01-28 23:25:50 ----D---- C:\Windows\system32\winrm
2014-01-28 23:25:50 ----D---- C:\Windows\system32\WCN
2014-01-28 23:25:50 ----D---- C:\Windows\system32\slmgr
2014-01-28 23:25:50 ----D---- C:\Windows\system32\en-US
2014-01-28 23:25:50 ----D---- C:\Windows\system32\en
2014-01-28 23:25:50 ----D---- C:\Windows\system32\drivers\en-US
2014-01-28 23:25:50 ----D---- C:\Windows\system32\Dism
2014-01-28 23:25:50 ----D---- C:\Windows\system32\Boot
2014-01-28 23:25:50 ----D---- C:\Windows\Speech
2014-01-28 23:25:50 ----D---- C:\Windows\servicing
2014-01-28 23:25:50 ----D---- C:\Windows\en-US
2014-01-28 23:22:44 ----D---- C:\Program Files\Windows Sidebar
2014-01-28 23:22:44 ----D---- C:\Program Files\Windows Photo Viewer
2014-01-28 23:22:44 ----D---- C:\Program Files\Windows Media Player
2014-01-28 23:22:44 ----D---- C:\Program Files\Windows Mail
2014-01-28 23:22:44 ----D---- C:\Program Files\Windows Journal
2014-01-28 23:22:44 ----D---- C:\Program Files\Windows Defender
2014-01-28 23:22:44 ----D---- C:\Program Files\Internet Explorer
2014-01-28 23:22:44 ----D---- C:\Program Files\DVD Maker
2014-01-28 23:22:44 ----D---- C:\Program Files\Common Files\System
2014-01-28 23:22:44 ----D---- C:\Program Files (x86)\Windows Sidebar
2014-01-28 23:22:44 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2014-01-28 23:22:44 ----D---- C:\Program Files (x86)\Windows Media Player
2014-01-28 23:22:44 ----D---- C:\Program Files (x86)\Windows Mail
2014-01-28 23:22:44 ----D---- C:\Program Files (x86)\Windows Defender
2014-01-28 23:22:44 ----D---- C:\Program Files (x86)\Internet Explorer
2014-01-28 23:22:43 ----D---- C:\Windows\SYSWOW64\migwiz
2014-01-28 23:22:43 ----D---- C:\Windows\SYSWOW64\migration
2014-01-28 23:22:43 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-01-28 23:22:43 ----D---- C:\Windows\ehome
2014-01-28 23:22:42 ----D---- C:\Windows\SYSWOW64\wbem
2014-01-28 23:22:42 ----D---- C:\Windows\SYSWOW64\Printing_Admin_Scripts
2014-01-28 23:22:42 ----D---- C:\Windows\SYSWOW64\MUI
2014-01-28 23:22:42 ----D---- C:\Windows\SYSWOW64\Dism
2014-01-28 23:22:42 ----D---- C:\Windows\SYSWOW64\com
2014-01-28 23:22:42 ----D---- C:\Windows\system32\oobe
2014-01-28 23:22:42 ----D---- C:\Windows\system32\migwiz
2014-01-28 23:22:42 ----D---- C:\Windows\system32\migration
2014-01-28 23:22:42 ----D---- C:\Windows\PolicyDefinitions
2014-01-28 23:22:42 ----D---- C:\Windows\IME
2014-01-28 23:22:41 ----D---- C:\Windows\system32\wbem
2014-01-28 23:22:41 ----D---- C:\Windows\system32\Printing_Admin_Scripts
2014-01-28 23:22:41 ----D---- C:\Windows\system32\MUI
2014-01-28 23:22:41 ----D---- C:\Windows\system32\drivers\UMDF
2014-01-28 23:22:41 ----D---- C:\Windows\system32\com
2014-01-28 18:20:05 ----D---- C:\Windows\Temp
2014-01-28 18:20:00 ----RD---- C:\Program Files
2014-01-28 18:11:10 ----D---- C:\Windows\Prefetch
2014-01-28 18:03:50 ----D---- C:\Windows\Microsoft.NET
2014-01-28 18:03:37 ----RSD---- C:\Windows\assembly
2014-01-28 17:43:52 ----D---- C:\Windows
2014-01-28 17:43:52 ----A---- C:\Windows\system.ini
2014-01-28 17:43:48 ----D---- C:\Windows\system32\drivers\etc
2014-01-28 17:41:31 ----D---- C:\Windows\SYSWOW64\drivers
2014-01-28 17:41:31 ----D---- C:\Windows\SysWOW64
2014-01-28 17:41:31 ----D---- C:\Windows\AppPatch
2014-01-28 17:41:30 ----D---- C:\Program Files (x86)\Common Files
2014-01-28 17:35:03 ----D---- C:\ProgramData\McAfee
2014-01-28 17:34:58 ----D---- C:\Windows\system32\drivers
2014-01-28 16:42:37 ----D---- C:\Windows\winsxs
2014-01-28 16:41:38 ----D---- C:\Windows\system32\catroot
2014-01-28 16:38:37 ----D---- C:\ProgramData
2014-01-28 16:38:36 ----RD---- C:\Program Files (x86)
2014-01-28 16:37:49 ----D---- C:\Windows\System32
2014-01-28 16:37:45 ----D---- C:\Windows\system32\cs-CZ
2014-01-28 16:37:35 ----D---- C:\Windows\system32\catroot2
2014-01-28 16:37:02 ----D---- C:\Windows\system32\restore
2014-01-28 16:36:58 ----D---- C:\Windows\system32\config
2014-01-28 16:36:47 ----SD---- C:\ProgramData\Microsoft
2014-01-28 16:36:23 ----SHD---- C:\Windows\Installer
2014-01-28 16:26:28 ----D---- C:\Windows\Tasks
2014-01-28 16:26:28 ----D---- C:\Windows\system32\Tasks
2014-01-28 16:24:58 ----D---- C:\Windows\system32\OEM
2014-01-28 16:24:49 ----D---- C:\ProgramData\oem
2014-01-28 16:24:10 ----D---- C:\OEM
2014-01-28 16:22:45 ----RD---- C:\Users
2014-01-28 16:22:37 ----D---- C:\Windows\system32\Recovery
2014-01-28 16:22:37 ----D---- C:\Program Files\Windows NT
2014-01-28 16:22:30 ----D---- C:\Windows\rescache
2014-01-28 16:21:42 ----D---- C:\Windows\system32\wdi
2014-01-28 16:21:27 ----D---- C:\Windows\debug
2014-01-28 15:27:02 ----D---- C:\Windows\inf
2014-01-28 15:27:02 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-01-28 15:21:54 ----D---- C:\Windows\system32\sysprep
2014-01-28 15:21:54 ----D---- C:\Windows\Panther
2014-01-28 15:12:04 ----D---- C:\Windows\Help
2014-01-28 15:10:24 ----D---- C:\Program Files (x86)\Acer
2014-01-28 15:10:01 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-01-28 15:04:57 ----D---- C:\Program Files\Common Files\Microsoft Shared
2014-01-28 15:03:25 ----D---- C:\Program Files\Acer
2014-01-28 14:59:32 ----D---- C:\Windows\system32\DriverStore
2014-01-28 14:58:26 ----SD---- C:\Windows\system32\Microsoft
2014-01-28 14:37:06 ----AD---- C:\Windows\DeployWinRE2
2014-01-28 14:36:30 ----D---- C:\ProgramData\EgisTec IPS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-03-03 540696]
R0 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2010-01-06 528232]
R0 mfewfpk;McAfee Inc. mfewfpk; C:\Windows\system32\drivers\mfewfpk.sys [2010-01-06 279752]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-06-19 213888]
R1 mfenlfk;McAfee NDIS Light Filter; C:\Windows\system32\DRIVERS\mfenlfk.sys [2010-01-06 75288]
R1 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
R1 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
R1 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 TurboB;Turbo Boost UI Monitor driver; C:\Windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-08-25 6856192]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-08-25 264192]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-05-05 125456]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl664.sys [2010-06-03 4171328]
R3 cfwids;McAfee Inc. cfwids; C:\Windows\system32\drivers\cfwids.sys [2010-01-06 62416]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-07-13 2424040]
R3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [2010-08-25 10331840]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
R3 mfeapfk;McAfee Inc. mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [2010-01-06 121504]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2010-01-06 189880]
R3 mfefirek;McAfee Inc. mfefirek; C:\Windows\system32\drivers\mfefirek.sys [2010-01-06 440688]
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2010-04-28 18432]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-03-11 316464]
R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2010-04-28 17408]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 551936]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 79360]
S3 btwampfl;Bluetooth AMP USB Filter; C:\Windows\system32\drivers\btwampfl.sys [2010-06-25 342056]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2010-06-25 102952]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys [2010-06-25 135720]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2010-06-25 39464]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-06-25 21544]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 E1G60;Intel(R) PRO/1000 NDIS 6 Adapter Driver; C:\Windows\system32\DRIVERS\E1G6032E.sys [2009-06-10 145792]
S3 mfeavfk01;McAfee Inc.; C:\Windows\system32\drivers\mfeavfk01.sys []
S3 mferkdet;McAfee Inc. mferkdet; C:\Windows\system32\drivers\mferkdet.sys [2010-01-06 93840]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-08-25 203264]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2010-06-25 952096]
R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-06-11 821792]
R2 GREGService;GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
R2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-09-30 262144]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2009-12-15 355440]
R2 McMPFSvc;McAfee Personal Firewall; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2009-12-15 355440]
R2 mcmscsvc;McAfee Services; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2009-12-15 355440]
R2 McNaiAnn;McAfee VirusScan Announcer; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2009-12-15 355440]
R2 McNASvc;McAfee Network Agent; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2009-12-15 355440]
R2 McOobeSv;McAfee OOBE Service; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2009-12-15 355440]
R2 McProxy;McAfee Proxy Service; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2009-12-15 355440]
R2 McShield;McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [2010-01-06 199032]
R2 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-01-06 244840]
R2 mfevtp;McAfee Validation Trust Protection Service; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-01-06 148520]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2009-12-15 355440]
R2 NOBU;Norton Online Backup; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-06-01 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2010-04-17 144640]
R2 ODDPwrSvc;Acer ODD Power Service; C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2010-04-22 171040]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [2010-02-03 244904]
R2 RS_Service;Raw Socket Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-30 260640]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
R2 Updater Service;Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]
S2 0315681390922571mcinstcleanup;McAfee Application Installer Cleanup (0315681390922571); C:\Windows\TEMP\031568~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service []
S3 McODS;McAfee Scanner; C:\Program Files\mcafee\VirusScan\mcods.exe [2009-12-31 509416]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-12-05 119408]
S3 MWLService;MyWinLocker Service; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2010-04-17 50432]

-----------------EOF-----------------

[Rudy]

Zdravím!
Log vypadá OK. Nějaký problém?

[andulka.safarova]

Ahoj, měla jsem policejní virus a držela jsem se postupu tady na fóru a jen jsem se chtěla ujistit, zda je vše OK, chci moc poděkovat za všechny tipy, které zde zveřejňujete a za pomoc, bez vašich rad bych byla v pěkné kaši
díky, s pozdravem Anna

[Rudy]

Ještě poprosím o log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

RSIT některé položky neodhalí.

[andulka.safarova]

ComboFix 14-01-29.01
Microsoft Windows 7 Home Premium
Spuštěný z: c:\users\Anna\Downloads\ComboFix.exe
AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-12-28 do 2014-01-28 )))))))))))))))))))))))))))))))
.
.
2014-01-28 22:22 . 2014-01-28 22:22 -------- d-----w- c:\windows\SysWow64\cs
2014-01-28 22:22 . 2014-01-28 22:22 -------- d-----w- c:\windows\SysWow64\XPSViewer
2014-01-28 22:22 . 2014-01-28 22:22 -------- d-----w- c:\windows\SysWow64\wbem\cs-CZ
2014-01-28 22:22 . 2014-01-28 22:22 -------- d-----w- c:\windows\SysWow64\drivers\cs-CZ
2014-01-28 22:22 . 2014-01-28 22:22 -------- d-----w- c:\windows\system32\cs
2014-01-28 22:22 . 2014-01-28 22:22 -------- d-----w- c:\windows\cs-CZ
2014-01-28 22:22 . 2014-01-28 22:22 -------- d-----w- c:\windows\system32\wbem\cs-CZ
2014-01-28 22:22 . 2014-01-28 22:22 -------- d-----w- c:\windows\system32\drivers\UMDF\cs-CZ
2014-01-28 22:22 . 2014-01-28 22:22 -------- d-----w- c:\windows\system32\drivers\cs-CZ
2014-01-28 22:22 . 2014-01-28 22:22 3584 ----a-w- c:\windows\system32\Spool\prtprocs\x64\cs-CZ\LXKPTPRC.DLL.mui
2014-01-28 22:17 . 2014-01-28 22:17 -------- d-----w- c:\windows\NAPP_Dism_Log
2014-01-28 22:00 . 2014-01-28 22:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-28 17:20 . 2014-01-28 17:25 -------- d-----w- c:\program files\trend micro
2014-01-28 17:20 . 2014-01-28 17:20 -------- d-----w- C:\rsit
2014-01-28 15:38 . 2014-01-28 15:38 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2014-01-28 15:37 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2014-01-28 15:37 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2014-01-28 15:37 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2014-01-28 15:37 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2014-01-28 15:37 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2014-01-28 15:37 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-01-28 14:08 . 2010-03-29 14:09 82432 ----a-w- c:\windows\SysWow64\msxml4r.dll
2014-01-28 14:08 . 2010-03-29 14:09 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll
2014-01-28 14:08 . 2010-03-29 14:09 1233920 ----a-w- c:\windows\SysWow64\msxml4.dll
2014-01-28 14:07 . 2014-01-28 14:07 -------- d-----w- c:\program files (x86)\Cyberlink
2014-01-28 14:07 . 2014-01-28 14:10 -------- d-----w- c:\program files (x86)\Acer Arcade Deluxe
2014-01-28 14:07 . 2014-01-28 14:09 -------- d-----w- c:\programdata\CyberLink
2014-01-28 14:06 . 2006-11-29 12:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2014-01-28 14:06 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2014-01-28 14:06 . 2014-01-28 14:06 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2014-01-28 14:05 . 2014-01-28 14:05 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive
2014-01-28 14:05 . 2014-01-28 14:06 -------- d-----w- c:\program files (x86)\Windows Live
2014-01-28 14:04 . 2014-01-28 14:04 -------- d-----w- c:\windows\PCHEALTH
2014-01-28 14:04 . 2014-01-28 14:04 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2014-01-28 14:03 . 2010-06-08 22:14 1821696 ----a-w- c:\programdata\Microsoft\OEMOffice14\Office14\Word.cs-cz\WordMUI.msi
2014-01-28 13:59 . 2010-06-25 02:13 342056 ----a-w- c:\windows\system32\drivers\btwampfl.sys
2014-01-28 13:59 . 2010-06-25 02:12 39464 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2014-01-28 13:59 . 2010-06-25 02:12 135720 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2014-01-28 13:59 . 2010-06-25 02:12 21544 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2014-01-28 13:59 . 2010-06-25 02:12 102952 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2014-01-28 13:58 . 2014-01-28 13:58 -------- d-----w- c:\program files\WIDCOMM
2014-01-28 13:55 . 2014-01-28 13:55 -------- d-----w- c:\program files (x86)\Common Files\postureAgent
2014-01-28 13:55 . 2009-09-17 11:54 56344 ----a-w- c:\windows\system32\drivers\HECIx64.sys
2014-01-28 13:54 . 2014-01-28 13:54 -------- d-----w- c:\program files (x86)\Acer Crystal Eye webcam
2014-01-28 13:51 . 2014-01-28 13:51 -------- d-----w- c:\program files\Synaptics
2014-01-28 13:51 . 2009-03-27 10:12 14848 ------w- c:\windows\SysWow64\agrsco64.dll
2014-01-28 13:51 . 2009-03-27 10:03 61440 ------w- c:\windows\SysWow64\agrsmdel.exe
2014-01-28 13:51 . 2014-01-28 13:51 -------- d-----w- c:\windows\Options
2014-01-28 13:50 . 2014-01-28 13:50 -------- d-----w- c:\windows\SysWow64\Atheros_L1e
2014-01-28 13:44 . 2014-01-28 13:44 -------- d-----w- c:\program files\Intel
2014-01-28 13:44 . 2014-01-28 13:44 -------- d-----w- c:\program files (x86)\Launch Manager
2014-01-28 13:42 . 2009-11-18 08:03 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2014-01-28 13:41 . 2014-01-28 13:41 -------- d-----w- c:\programdata\AmUStor
2014-01-28 13:41 . 2014-01-28 13:41 -------- d-----w- c:\program files (x86)\AmIcoSingLun
2014-01-28 13:37 . 2014-01-28 13:46 -------- d-----w- C:\Intel
2014-01-28 13:37 . 2010-03-03 18:51 540696 ----a-w- c:\windows\system32\drivers\iaStor.sys
2014-01-28 13:37 . 2014-01-28 13:55 -------- d-----w- c:\program files (x86)\Intel
2014-01-28 13:37 . 2010-06-19 07:05 213888 ----a-w- c:\windows\system32\drivers\rdyboost.sys
2014-01-28 13:36 . 2014-01-28 13:36 -------- d---a-w- C:\book
2014-01-28 13:35 . 2014-01-28 13:35 0 ----a-w- c:\windows\ativpsrm.bin
2014-01-28 13:34 . 2014-01-28 13:34 3 ----a-w- c:\windows\system32\PLD_Framework.cmd
2014-01-28 13:32 . 2014-01-28 13:32 -------- d-----w- c:\program files\ATI
2014-01-28 13:32 . 2014-01-28 13:33 -------- d-----w- c:\program files (x86)\ATI Technologies
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-28 22:22 . 2014-01-28 22:22 2560 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\qwavedrv.sys.mui
2014-01-28 22:21 . 2014-01-28 22:21 5632 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\ndiscap.sys.mui
2014-01-28 22:21 . 2014-01-28 22:21 2560 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\scfilter.sys.mui
2014-01-28 22:21 . 2014-01-28 22:21 50176 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\tcpip.sys.mui
2014-01-28 22:21 . 2014-01-28 22:21 27136 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\bfe.dll.mui
2014-01-28 22:21 . 2014-01-28 22:21 15360 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\pacer.sys.mui
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-04 1465304]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"MDS_Menu"="c:\program files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"ArcadeMovieService"="c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [2010-06-25 124136]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2011-4-1 704032]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-25 1129760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 0315681390922571mcinstcleanup;McAfee Application Installer Cleanup (0315681390922571);c:\windows\TEMP\031568~1.EXE;c:\windows\TEMP\031568~1.EXE [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys;c:\windows\SYSNATIVE\DRIVERS\mfenlfk.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
S2 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [x]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - CFWIDS
*NewlyCreated* - MFEAPFK
*NewlyCreated* - MFEAVFK01
*Deregistered* - mfeavfk01
.
Obsah adresáře 'Naplánované úlohy'
.
2014-01-28 c:\windows\Tasks\Acer Registration - Data Sending task.job
- c:\program files (x86)\Acer\Registration\GREG.exe [2010-04-28 02:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2010-04-22 223264]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 414744]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-13 11046504]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-07-13 2103912]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-06-11 496160]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://acer.msn.com
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\htes96ov.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-01-28 23:01:56
ComboFix-quarantined-files.txt 2014-01-28 22:01
ComboFix2.txt 2014-01-28 16:45
.
Před spuštěním: Volných bajtů: 214 889 951 232
Po spuštění: Volných bajtů: 214 848 557 056
.
- - End Of File - - 271CD814A6D28E2B8B7093B1E5051177

[Rudy]

Pouze několik zamknutých klíčů registry, které odemkneme. Po "policejním" viru ani stopy. Přesuňte Combofix na plochu. Otevřte poznámkvý blok a zkopírujte do něj:

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Uložte na plochu juako CFScript.txt. Pak jej myší přetáhněte nad ikonu Combofix a pusťte. CF se spustí a vykoná příkzy ze skriptu.