Žádám o analýzu logu ComboFix

[Atty]

Zdravím, chtěl bych požádat o analýzu logu z ComboFix. Po jeho použití mi to sice PC na oko odvirovalo, ale vzhledem k tomu, že PC je pomalejší a občas zamrzá po spuštění, předpokládám, že tam je ještě někde něco zakopaného...

ComboFix 10-12-13.02 - Andy 14.12.2010 10:19:53.2.2 - x64 NETWORK
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.2046.1079 [GMT 1:00]
Spuštěný z: c:\users\Andy\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-11-14 do 2010-12-14 )))))))))))))))))))))))))))))))
.

2010-12-14 09:24 . 2010-12-14 09:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-13 20:05 . 2010-12-13 20:15 -------- d-----w- C:\inetpub
2010-12-12 09:34 . 2010-12-12 09:34 -------- d-----w- c:\programdata\LightScribe
2010-12-11 10:54 . 2010-12-11 10:54 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2010-12-11 10:50 . 2010-12-11 10:50 -------- d-----w- c:\users\Andy\SystemRequirementsLab
2010-12-11 10:49 . 2009-07-14 01:05 4240384 ----a-w- c:\windows\SysWow64\GameUXLegacyGDFs.gxbak
2010-12-11 09:26 . 2008-10-15 05:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2010-12-11 09:26 . 2008-10-15 05:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2010-12-11 09:26 . 2008-10-15 05:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2010-12-11 09:26 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2010-12-11 09:26 . 2008-10-15 05:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-12-11 09:26 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2010-12-10 13:48 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{628A5E96-18C3-43E6-84EF-A9576D18CFE8}\mpengine.dll
2010-12-09 17:06 . 2010-12-09 17:06 74895 ----a-w- c:\program files (x86)\Uninstal.exe
2010-12-04 07:00 . 2010-12-04 17:25 -------- d-----w- c:\users\Andy\AppData\Local\HF Designer 1.2
2010-11-24 14:13 . 2010-10-19 08:47 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-24 14:13 . 2010-10-19 08:10 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2010-11-21 15:00 . 2010-11-21 15:00 -------- d-----w- c:\program files (x86)\Application Updater
2010-11-21 15:00 . 2010-11-21 15:00 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2010-11-21 09:48 . 2010-11-21 09:48 -------- d-----w- c:\users\Andy\AppData\Roaming\ABBYY
2010-11-21 09:43 . 2010-11-21 09:43 -------- d-----w- c:\program files (x86)\Common Files\ABBYY
2010-11-21 09:41 . 2010-11-21 09:41 -------- d-----w- c:\users\Andy\AppData\Local\ABBYY
2010-11-21 09:41 . 2010-11-21 09:41 -------- d-----w- c:\programdata\ABBYY
2010-11-14 10:54 . 2010-11-14 10:54 -------- d-----w- c:\users\Andy\048298C9A4D3490B9FF9AB023A9238F3.TMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-06 05:20 . 2010-01-13 20:26 164286 ----a-w- c:\users\Andy\AppData\Roaming\mdbu.bin
2010-10-19 09:41 . 2009-12-27 18:32 270720 ------w- c:\windows\system32\MpSigStub.exe
2010-09-27 20:57 . 2010-09-27 20:57 2826240 ----a-w- c:\windows\SysWow64\GPhotos.scr
2010-09-19 17:41 . 2010-01-09 09:18 107832 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2010-09-19 17:41 . 2010-01-09 09:18 2337865 ----a-w- c:\windows\SysWow64\pbsvc.exe
2005-04-25 06:46 . 2005-11-28 17:55 643072 ----a-w- c:\program files (x86)\xrAI.exe
2005-04-25 06:42 . 2005-11-28 17:55 94208 ----a-w- c:\program files (x86)\xrDO_Light.exe
2005-04-25 06:42 . 2005-11-21 17:23 430080 ----a-w- c:\program files (x86)\Stalker_net.exe
2005-04-25 06:42 . 2005-11-28 17:55 626688 ----a-w- c:\program files (x86)\xrLC.exe
2005-04-25 06:37 . 2005-11-28 17:55 1163264 ----a-w- c:\program files (x86)\xr_3da.exe
2010-07-22 04:34 61518 --sh--w- c:\windows\DpiSca.exe
2010-07-22 01:05 364544 --sh--w- c:\windows\left4dead2.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-12-13_19.36.22 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-12-13 18:58 . 2010-12-13 19:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-12-13 20:30 . 2010-12-14 09:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-12-13 20:30 . 2010-12-14 09:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-12-13 18:58 . 2010-12-13 19:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2010-12-13 20:05 637956 c:\windows\system32\perfh009.dat
+ 2009-07-14 15:18 . 2010-12-13 20:05 655988 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2010-12-13 20:05 111578 c:\windows\system32\perfc009.dat
+ 2009-07-14 15:18 . 2010-12-13 20:05 129268 c:\windows\system32\perfc005.dat
- 2009-07-14 02:34 . 2010-12-13 05:57 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2010-12-13 20:16 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}"= "c:\program files (x86)\IsoBuster\tbIsoB.dll" [2009-10-01 2166296]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files (x86)\free-downloads.net\tbfree.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}]
c:\program files (x86)\Dealio Toolbar\IE\4.1\dealioToolbarIE.dll [BU]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 11:58 333192 ----a-w- c:\program files (x86)\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]
2009-10-01 16:29 2166296 ----a-w- c:\program files (x86)\IsoBuster\tbIsoB.dll

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2009-12-31 10:53 2349080 ----a-w- c:\program files (x86)\free-downloads.net\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files (x86)\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
"{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}"= "c:\program files (x86)\IsoBuster\tbIsoB.dll" [2009-10-01 2166296]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files (x86)\free-downloads.net\tbfree.dll" [2009-12-31 2349080]
"{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}"= "c:\program files (x86)\Dealio Toolbar\IE\4.1\dealioToolbarIE.dll" [BU]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CLASSES_ROOT\clsid\{01398b87-61af-4ffb-9ab5-1a1c5fb39a9c}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2010-04-29 321328]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files (x86)\Eset\nod32kui.exe" [2009-12-27 949376]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"ContentTransferWMDetector.exe"="c:\program files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-11 98304]
"UpdateReminder"="c:\program files (x86)\Eset\UpdateReminder.exe" [2010-07-14 409600]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="f:\itunes\iTunesHelper.exe" [2010-07-21 141608]
"Bonus.SSR.FR10"="i:\programy\Scan to word2\Bonus.ScreenshotReader.exe" [2009-10-07 939272]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2010-10-22 524288]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-5-10 4554752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-29 834544]
R2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-09-29 809736]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-11 202752]
R2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2010-10-22 386560]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-07 135664]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-05-07 92008]
R2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-05-10 130560]
R2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-05-10 1858048]
R2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-05-10 483328]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2009-12-11 6228480]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2009-12-11 160256]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-06-25 13352]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-03-10 29720]
R3 Ph3xIB64;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB64.sys [2009-06-10 1627520]
R3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\DRIVERS\s1039bus.sys [2009-11-19 127600]
R3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1039mdfl.sys [2009-11-19 19568]
R3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1039mdm.sys [2009-11-19 161904]
R3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1039mgmt.sys [2009-11-19 141424]
R3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1039nd5.sys [2009-11-19 34416]
R3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1039obex.sys [2009-11-19 137328]
R3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1039unic.sys [2009-11-19 158320]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S3 netr28ux;RT2870 USB Wireless LAN Card Driver pro systém Windows Vista;c:\windows\system32\DRIVERS\netr28ux.sys [2009-06-10 867328]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-06-25 34032]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 12:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-07 17:54]

2010-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-07 17:54]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 2185032]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files (x86)\Free Download Manager\dlall.htm
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\gdetsblu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1700389&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://aktualne.cz
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - i:\programy\Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: AniWeather: {4176DFF4-4698-11DE-BEEB-45DA55D89593} - %profile%\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com
FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
FF - Ext: FastestFox: smarterwiki@wikiatic.com - %profile%\extensions\smarterwiki@wikiatic.com
FF - Ext: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
FF - Ext: Pearl Crescent Page Saver Basic: {c151d79e-e61b-4a90-a887-5a46d38fba99} - %profile%\extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: SearchPreview: {EF522540-89F5-46b9-B6FE-1829E2B572C6} - %profile%\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
FF - Ext: FireGestures: firegestures@xuldev.org - %profile%\extensions\firegestures@xuldev.org
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Ext: NASA Night Launch: nasanightlaunch@example.com - %profile%\extensions\nasanightlaunch@example.com
FF - Ext: Facicons: {DDABDBA1-2377-4A30-A027-25697B99E254} - %profile%\extensions\{DDABDBA1-2377-4A30-A027-25697B99E254}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)
WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)


.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-3198304380-3630592984-2943549327-1001\Software\SecuROM\License information*]
"datasecu"=hex:8f,0d,10,2c,3e,6e,85,16,a1,69,5c,10,46,bf,4e,8b,23,3c,79,fe,cb,
37,fa,8c,4d,6b,c6,89,ef,b6,be,1b,4b,cf,7e,d7,05,0b,4a,0b,41,65,bc,ab,23,70,\
"rkeysecu"=hex:69,9d,b4,49,2b,14,56,8c,2a,fe,26,b4,27,e7,0e,58

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-12-14 10:26:58
ComboFix-quarantined-files.txt 2010-12-14 09:26
ComboFix2.txt 2010-12-13 19:38

Před spuštěním: 2 015 805 440
Po spuštění: 2 102 652 928

- - End Of File - - CC73455494055E16C4BD143CDBDED989

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Folder::
c:\program files (x86)\AskBarDis
c:\program files (x86)\Common Files\Spigot

Registry::
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[Atty]

Děkuji za Váš čas

Provedl jsem vše, jak jste napsal. Je tu ještě něco, co bych měl udělat?

[Rudy]

Pokud nastala změna chování PC, pak ne. Nemáte zač!