Nefunguje změna výchozích programů

[kubik0963]

ComboFix hlásí to co vždycky.
Log z OTL

All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename
Prefs.js: "http://search.avg.com/route/?d=4dd6808a ... &lng=cs&q=" removed from keyword.URL
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared deleted successfully.
File C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared not found.
C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4\Components folder moved successfully.
C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4\Chrome folder moved successfully.
C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4 folder moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender_298 deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender_298 not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender_298 deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender_298 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1582215509-3924301347-2066994143-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1582215509-3924301347-2066994143-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\blogspot.com\fbcheatcodes\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1582215509-3924301347-2066994143-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1582215509-3924301347-2066994143-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Starting removal of ActiveX control {917623D1-D8E5-11D2-BE8B-00104B06BDE3}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{917623D1-D8E5-11D2-BE8B-00104B06BDE3}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{917623D1-D8E5-11D2-BE8B-00104B06BDE3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{917623D1-D8E5-11D2-BE8B-00104B06BDE3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{917623D1-D8E5-11D2-BE8B-00104B06BDE3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{917623D1-D8E5-11D2-BE8B-00104B06BDE3}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\avgsecuritytoolbar\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C}\ not found.
File {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88FED34C-F0CA-4636-A375-3CB6248B04CD}\ not found.
File {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ not found.
File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\avgsecuritytoolbar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C}\ deleted successfully.
File {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\gopher\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79eac9e4-baf9-11ce-8c82-00aa004ba90b}\ not found.
File {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ab818af-3673-11e0-ae9f-001060d1f819}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ab818af-3673-11e0-ae9f-001060d1f819}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ab818af-3673-11e0-ae9f-001060d1f819}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ab818af-3673-11e0-ae9f-001060d1f819}\ not found.
File H:\CDCheck.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a9a2034-ee7d-11df-9c38-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a9a2034-ee7d-11df-9c38-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a9a2034-ee7d-11df-9c38-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a9a2034-ee7d-11df-9c38-806e6f6e6963}\ not found.
File E:\autorun.exe not found.
C:\Users\Taťka\AppData\Roaming\AVG10\cfgall folder moved successfully.
C:\Users\Taťka\AppData\Roaming\AVG10 folder moved successfully.
C:\Users\Taťka\AppData\Local\AVG Security Toolbar\cache\update folder moved successfully.
C:\Users\Taťka\AppData\Local\AVG Security Toolbar\cache folder moved successfully.
C:\Users\Taťka\AppData\Local\AVG Security Toolbar folder moved successfully.
C:\Users\Taťka\AppData\Roaming\AVG\Track Eraser folder moved successfully.
C:\Users\Taťka\AppData\Roaming\AVG\System Information folder moved successfully.
C:\Users\Taťka\AppData\Roaming\AVG\Rescue\Tweak Manager folder moved successfully.
C:\Users\Taťka\AppData\Roaming\AVG\Rescue\Track Eraser folder moved successfully.
C:\Users\Taťka\AppData\Roaming\AVG\Rescue\Strartup Manager folder moved successfully.
C:\Users\Taťka\AppData\Roaming\AVG\Rescue\ServiceManager folder moved successfully.
C:\Users\Taťka\AppData\Roaming\AVG\Rescue\PC Tuneup 2011 folder moved successfully.
C:\Users\Taťka\AppData\Roaming\AVG\Rescue\Internet Optimizer folder moved successfully.
C:\Users\Taťka\AppData\Roaming\AVG\Rescue\AVG Registry Cleaner folder moved successfully.
C:\Users\Taťka\AppData\Roaming\AVG\Rescue\AVG Disk Cleaner folder moved successfully.
C:\Users\Taťka\AppData\Roaming\AVG\Rescue folder moved successfully.
C:\Users\Taťka\AppData\Roaming\AVG\Registry Defrag\Reports folder moved successfully.
C:\Users\Taťka\AppData\Roaming\AVG\Registry Defrag folder moved successfully.
C:\Users\Taťka\AppData\Roaming\AVG\Registry Cleaner\User Reports folder moved successfully.
C:\Users\Taťka\AppData\Roaming\AVG\Registry Cleaner folder moved successfully.
C:\Users\Taťka\AppData\Roaming\AVG\PC Tuneup 2011\User Reports folder moved successfully.
C:\Users\Taťka\AppData\Roaming\AVG\PC Tuneup 2011\Logs folder moved successfully.
C:\Users\Taťka\AppData\Roaming\AVG\PC Tuneup 2011\Disk Doctor\User Reports folder moved successfully.
C:\Users\Taťka\AppData\Roaming\AVG\PC Tuneup 2011\Disk Doctor\Logs folder moved successfully.
C:\Users\Taťka\AppData\Roaming\AVG\PC Tuneup 2011\Disk Doctor folder moved successfully.
C:\Users\Taťka\AppData\Roaming\AVG\PC Tuneup 2011\Data folder moved successfully.
C:\Users\Taťka\AppData\Roaming\AVG\PC Tuneup 2011 folder moved successfully.
C:\Users\Taťka\AppData\Roaming\AVG\Integrator folder moved successfully.
C:\Users\Taťka\AppData\Roaming\AVG\File Shredder folder moved successfully.
C:\Users\Taťka\AppData\Roaming\AVG\Disk Defrag\Reports folder moved successfully.
C:\Users\Taťka\AppData\Roaming\AVG\Disk Defrag folder moved successfully.
C:\Users\Taťka\AppData\Roaming\AVG folder moved successfully.
Folder C:\Users\Taťka\AppData\Roaming\AVG10\ not found.
ADS C:\ProgramData\Temp:0B4227B4 deleted successfully.
ADS C:\ProgramData\Temp:1493A0EF deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Taťka
->Temp folder emptied: 1442059085 bytes
->Temporary Internet Files folder emptied: 425843911 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 365862581 bytes
->Google Chrome cache emptied: 232167677 bytes
->Flash cache emptied: 2079 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 70310 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50507 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2 352,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05212011_142536

Files\Folders moved on Reboot...
C:\Users\Taťka\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

[stell]

http://screen317.spywareinfoforum.org/SecurityCheck.exe
spust log vloz sem

[kubik0963]

Results of screen317's Security Check version 0.99.11
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
AVG PC Tuneup 2011
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
AVG PC Tuneup 2011
Java(TM) 6 Update 24
Out of date Java installed!
Adobe Flash Player 10.2.159.1
Adobe Reader X (10.0.1) - Czech
Mozilla Firefox (x86 cs..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

[stell]

Odinstalovat
AVG PC Tuneup 2011

stiahnes na plochu
http://jpshortstuff.247fixes.com/SystemLook_x64.exe
do okna vloz text

Kód: Vybrat vše

:filefind
*AVG*
:regfind 
*AVG*
:service 
*AVG*

klik>.LOOOK>>log vloz sem

[kubik0963]

log je tady http://www.ulozto.cz/9072890/systemlook-txt

[stell]

Spust OTL, do okna vloz text a klikni OPRAVIT
Log uz sem nedavaj, a spust combofix.

Kód: Vybrat vše

:OTL
:Files
C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg_igeared.xml
C:\ProgramData\MFAData\pack\avg10infoavi.ctf
C:\ProgramData\MFAData\pack\avg10infooi.ctf
C:\ProgramData\MFAData\pack\avg10infowin.ctf
C:\ProgramData\MFAData\pack\avgcom_mis.mdf
C:\ProgramData\MFAData\pack\avgmfapx.exe
C:\ProgramData\MFAData\pack\avgmfarx.dll
C:\ProgramData\MFAData\pack\avgntdumpx.exe
C:\ProgramData\MFAData\pack\avgrunasx.exe
C:\ProgramData\MFAData\pack\Avgx64.msi
C:\ProgramData\MFAData\pack\bins\poi10avgcom_lic8bc.bin
C:\ProgramData\MFAData\pack\bins\poi10avgcom_mis36rg.bin
C:\ProgramData\MFAData\pack\bins\poi10avgcom_mis7qq.bin
C:\ProgramData\MFAData\pack\bins\w10avga1375af.bin
C:\Sandbox\Taťka\DefaultBox\user\all\AVG10
C:\Users\All Users\MFAData\pack\avg10infoavi.ctf
C:\Users\All Users\MFAData\pack\avg10infooi.ctf
C:\Users\All Users\MFAData\pack\avg10infowin.ctf
C:\Users\All Users\MFAData\pack\avgcom_mis.mdf
C:\Users\All Users\MFAData\pack\avgmfapx.exe
C:\Users\All Users\MFAData\pack\avgmfarx.dll
C:\Users\All Users\MFAData\pack\avgntdumpx.exe
C:\Users\All Users\MFAData\pack\avgrunasx.exe
C:\Users\All Users\MFAData\pack\Avgx64.msi
C:\Users\All Users\MFAData\pack\bins\poi10avgcom_lic8bc.bin
C:\Users\All Users\MFAData\pack\bins\poi10avgcom_mis36rg.bin
C:\Users\All Users\MFAData\pack\bins\poi10avgcom_mis7qq.bin
C:\Users\All Users\MFAData\pack\bins\w10avga1170ep.bin
C:\Users\All Users\MFAData\pack\bins\w10avga1375af.bin
C:\Users\Taťka\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\plugins\avgnpss.dll
C:\Users\Taťka\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\plugins\avgxpl.dll	
C:\Users\Taťka\AppData\Roaming\Microsoft\Windows\Recent\avgremover.log.lnk
C:\Users\Taťka\AppData\Roaming\Microsoft\Windows\Recent\avgremover_msilog.txt.lnk
:commands
[EmptyTemp]
[start explorer]

[kubik0963]

ComboFix funguje.
Log z ComboFix

ComboFix 11-05-19.02 - Taťka 21.05.2011 16:56:55.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4057.2808 [GMT 2:00]
Spuštěný z: c:\users\Taťka\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\DelUS.bat
c:\program files (x86)\FunWebProducts
c:\windows\SysWow64\CONFIG.exe
c:\windows\SysWow64\Temp
c:\windows\SysWow64\Temp\metin2kr_r999_4.fastresume
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-21 do 2011-05-21 )))))))))))))))))))))))))))))))
.
.
2011-05-21 15:04 . 2011-05-21 15:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-20 15:34 . 2011-05-18 10:37 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9047F27B-00F6-459C-8E15-808A13A1CE5E}\mpengine.dll
2011-05-19 18:31 . 2011-05-19 18:31 -------- d-----w- c:\users\Taťka\AppData\Roaming\TeamViewer
2011-05-19 18:31 . 2011-05-19 18:32 -------- d-----w- c:\program files (x86)\TeamViewer
2011-05-19 15:49 . 2011-05-19 15:49 -------- d-----w- c:\programdata\Frag Games
2011-05-19 14:46 . 2011-05-19 14:46 -------- d-----w- c:\programdata\Samsung
2011-05-19 14:45 . 2010-07-04 17:11 25960 ----a-w- c:\windows\system32\FsExService64.exe
2011-05-19 14:45 . 2010-06-14 07:32 16448 ----a-w- c:\windows\system32\drivers\TFsExDisk.sys
2011-05-19 14:39 . 2011-05-19 14:39 -------- d-----w- c:\users\Taťka\AppData\Local\Downloaded Installations
2011-05-17 16:52 . 2011-05-17 16:52 -------- d-----w- c:\program files (x86)\Easy CD-DA Extractor 11
2011-05-17 16:42 . 2011-05-17 16:42 -------- d-----w- c:\windows\Easy CD-DA Extractor 11.6
2011-05-14 15:54 . 2011-05-14 15:54 -------- d-----w- c:\users\Taťka\AppData\Roaming\langmaster.sz
2011-05-14 14:46 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-14 14:46 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-11 19:46 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 19:46 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 19:46 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-11 15:40 . 2011-05-11 15:40 -------- d-----w- c:\programdata\HP Product Assistant
2011-05-11 15:39 . 2011-05-11 15:39 -------- d-----w- c:\windows\SysWow64\spool
2011-05-11 15:39 . 2011-05-11 15:39 -------- d-----w- c:\program files (x86)\Common Files\HP
2011-05-10 16:52 . 2011-05-18 16:27 -------- d-----w- c:\programdata\Skype Extras
2011-05-10 16:51 . 2011-05-10 16:51 -------- d-----w- c:\program files (x86)\Common Files\Skype
2011-05-09 19:15 . 2011-05-09 19:15 -------- d-----w- c:\program files (x86)\Preme for Windows 7
2011-05-09 19:15 . 2011-05-09 19:15 -------- d-----w- c:\users\Taťka\AppData\Roaming\Preme for Windows 7
2011-05-03 03:20 . 2011-05-03 03:20 -------- d-----w- c:\windows\Easy CD-DA Extractor 11.0.3
2011-04-30 19:09 . 2011-04-30 19:09 -------- d-----w- c:\users\Taťka\AppData\Roaming\Total Immersion
2011-04-30 19:09 . 2011-04-30 19:09 -------- d-----w- c:\program files (x86)\Total Immersion
2011-04-28 03:16 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-28 03:16 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-04-28 03:16 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-04-28 03:16 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2011-04-27 14:59 . 2011-04-27 14:59 -------- d-----r- C:\Sandbox
2011-04-27 14:57 . 2011-05-08 08:39 -------- d-----w- c:\program files\Sandboxie
2011-04-23 07:16 . 2011-04-23 07:16 -------- d-----w- c:\users\Taťka\AppData\Roaming\Nokia Ovi Suite
2011-04-21 18:11 . 2011-04-23 07:06 -------- d-----w- c:\program files (x86)\Zrychleni Pocitace
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-16 14:28 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-04-16 14:28 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-03-31 03:06 . 2011-03-31 03:06 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-03-31 03:06 . 2011-03-31 03:06 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-03-31 03:06 . 2011-03-31 03:06 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-03-31 03:06 . 2011-03-31 03:06 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-03-31 03:06 . 2011-03-31 03:06 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-03-31 03:06 . 2011-03-31 03:06 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-03-31 03:06 . 2011-03-31 03:06 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-03-31 03:06 . 2011-03-31 03:06 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-03-31 03:06 . 2011-03-31 03:06 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-03-31 03:06 . 2011-03-31 03:06 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-03-31 03:06 . 2011-03-31 03:06 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-03-31 03:06 . 2011-03-31 03:06 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-03-31 03:06 . 2011-03-31 03:06 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-03-31 03:06 . 2011-03-31 03:06 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-03-31 03:06 . 2011-03-31 03:06 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-03-31 03:06 . 2011-03-31 03:06 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-03-31 03:06 . 2011-03-31 03:06 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-03-31 03:06 . 2011-03-31 03:06 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-03-31 03:06 . 2011-03-31 03:06 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-03-31 03:06 . 2011-03-31 03:06 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-03-31 03:06 . 2011-03-31 03:06 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-03-31 03:06 . 2011-03-31 03:06 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-03-31 03:06 . 2011-03-31 03:06 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-03-31 03:06 . 2011-03-31 03:06 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-31 03:06 . 2011-03-31 03:06 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-03-31 03:06 . 2011-03-31 03:06 222208 ----a-w- c:\windows\system32\msls31.dll
2011-03-31 03:06 . 2011-03-31 03:06 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-03-31 03:06 . 2011-03-31 03:06 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-03-31 03:06 . 2011-03-31 03:06 12288 ----a-w- c:\windows\system32\mshta.exe
2011-03-31 03:06 . 2011-03-31 03:06 114176 ----a-w- c:\windows\system32\admparse.dll
2011-03-31 03:06 . 2011-03-31 03:06 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-03-31 03:06 . 2011-03-31 03:06 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-03-31 03:06 . 2011-03-31 03:06 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-31 03:06 . 2011-03-31 03:06 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-03-31 03:06 . 2011-03-31 03:05 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-03-31 03:05 . 2011-03-31 03:05 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-03-31 03:05 . 2011-03-31 03:05 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-03-31 03:05 . 2011-03-31 03:05 448512 ----a-w- c:\windows\system32\html.iec
2011-03-31 03:05 . 2011-03-31 03:05 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-03-31 03:05 . 2011-03-31 03:05 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-03-31 03:05 . 2011-03-31 03:05 160256 ----a-w- c:\windows\system32\wextract.exe
2011-03-31 03:05 . 2011-03-31 03:05 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-03-15 18:01 . 2011-03-15 18:01 99384 ----a-w- c:\users\Taťka\AppData\Roaming\inst.exe
2011-03-15 18:01 . 2011-03-15 18:01 99384 ----a-w- c:\users\Taťka\AppData\Roaming\inst.exe
2011-03-15 18:01 . 2011-03-15 18:01 82816 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2011-03-15 18:01 . 2011-03-15 18:01 82816 ----a-w- c:\users\Taťka\AppData\Roaming\pcouffin.sys
2011-03-15 18:01 . 2011-03-15 18:01 82816 ----a-w- c:\users\Taťka\AppData\Roaming\pcouffin.sys
2011-03-11 06:34 . 2011-04-15 03:03 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 06:34 . 2011-04-15 03:03 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 05:33 . 2011-04-15 03:03 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-11 05:33 . 2011-04-15 03:03 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-08 06:29 . 2011-04-15 03:03 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-08 05:28 . 2011-04-15 03:03 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-03-04 06:19 . 2011-04-28 03:16 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19 . 2011-04-28 03:16 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:24 . 2011-04-15 03:03 183296 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 06:21 . 2011-04-15 03:03 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 05:36 . 2011-04-15 03:03 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-03-03 03:52 . 2011-04-15 03:03 3135488 ----a-w- c:\windows\system32\win32k.sys
2011-02-24 16:11 . 2011-02-24 16:11 79646 ----a-w- c:\users\Taťka\AppData\Roaming\mdbu.bin
2011-02-24 16:11 . 2011-02-24 16:11 79646 ----a-w- c:\users\Taťka\AppData\Roaming\mdbu.bin
2011-02-24 06:15 . 2011-04-15 03:03 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-24 05:38 . 2011-04-15 03:03 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-23 04:56 . 2011-04-15 03:03 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-23 04:56 . 2011-04-15 03:03 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-23 04:56 . 2011-04-15 03:03 411648 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-23 04:55 . 2011-04-15 03:03 167936 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-02-23 04:55 . 2011-04-15 03:03 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-23 04:55 . 2011-04-15 03:03 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-23 04:55 . 2011-04-15 03:03 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-04-18 15146376]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-12 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-12 136176]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-01-09 30192]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-12 136176]
R3 RtsUIR;Realtek IR Driver; [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VBoxNetFlt Service; [x]
R3 vpcuxd;Služba zástupné procedury virtualizace rozhraní USB;c:\windows\system32\DRIVERS\vpcuxd.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2008-10-07 32240]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592]
S2 VFPRadioSupportService;Bluetooth Feature Support;c:\program files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [2009-08-20 145792]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2011-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-12 18:24]
.
2011-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-12 18:24]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"LaunchPad"="c:\program files (x86)\Launch Pad\LaunchPad.exe" [2009-02-20 2963456]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"PowerManager"="c:\program files (x86)\Power Manager\PM.exe" [2009-08-25 2281472]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-21 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-21 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-21 365592]
"ConMgr"="c:\program files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe" [2009-08-20 535392]
"CSRSkype"="c:\program files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe" [2009-08-20 431456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Taťka\AppData\Roaming\Mozilla\Firefox\Profiles\2qkv4zft.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-05-21 17:06:47
ComboFix-quarantined-files.txt 2011-05-21 15:06
.
Před spuštěním: Volných bajtů: 12 890 193 920
Po spuštění: Volných bajtů: 12 613 394 432
.
- - End Of File - - A53D94EE2D9F0096DD7B48AD024F7167

[stell]

Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :


Po skonceni skenu vlož log čo ComboFix vytvorí

[kubik0963]

ComboFix 11-05-19.02 - Taťka 21.05.2011 17:46:51.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4057.2828 [GMT 2:00]
Spuštěný z: c:\users\Taťka\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Taťka\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-21 do 2011-05-21 )))))))))))))))))))))))))))))))
.
.
2011-05-20 15:34 . 2011-05-18 10:37 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9047F27B-00F6-459C-8E15-808A13A1CE5E}\mpengine.dll
2011-05-19 18:31 . 2011-05-19 18:31 -------- d-----w- c:\users\Taťka\AppData\Roaming\TeamViewer
2011-05-19 18:31 . 2011-05-19 18:32 -------- d-----w- c:\program files (x86)\TeamViewer
2011-05-19 15:49 . 2011-05-19 15:49 -------- d-----w- c:\programdata\Frag Games
2011-05-19 14:46 . 2011-05-19 14:46 -------- d-----w- c:\programdata\Samsung
2011-05-19 14:45 . 2010-07-04 17:11 25960 ----a-w- c:\windows\system32\FsExService64.exe
2011-05-19 14:45 . 2010-06-14 07:32 16448 ----a-w- c:\windows\system32\drivers\TFsExDisk.sys
2011-05-19 14:39 . 2011-05-19 14:39 -------- d-----w- c:\users\Taťka\AppData\Local\Downloaded Installations
2011-05-17 16:52 . 2011-05-17 16:52 -------- d-----w- c:\program files (x86)\Easy CD-DA Extractor 11
2011-05-17 16:42 . 2011-05-17 16:42 -------- d-----w- c:\windows\Easy CD-DA Extractor 11.6
2011-05-14 15:54 . 2011-05-14 15:54 -------- d-----w- c:\users\Taťka\AppData\Roaming\langmaster.sz
2011-05-14 14:46 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-14 14:46 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-11 19:46 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 19:46 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 19:46 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-11 15:40 . 2011-05-11 15:40 -------- d-----w- c:\programdata\HP Product Assistant
2011-05-11 15:39 . 2011-05-11 15:39 -------- d-----w- c:\windows\SysWow64\spool
2011-05-11 15:39 . 2011-05-11 15:39 -------- d-----w- c:\program files (x86)\Common Files\HP
2011-05-10 16:52 . 2011-05-18 16:27 -------- d-----w- c:\programdata\Skype Extras
2011-05-10 16:51 . 2011-05-10 16:51 -------- d-----w- c:\program files (x86)\Common Files\Skype
2011-05-09 19:15 . 2011-05-09 19:15 -------- d-----w- c:\program files (x86)\Preme for Windows 7
2011-05-09 19:15 . 2011-05-09 19:15 -------- d-----w- c:\users\Taťka\AppData\Roaming\Preme for Windows 7
2011-05-03 03:20 . 2011-05-03 03:20 -------- d-----w- c:\windows\Easy CD-DA Extractor 11.0.3
2011-04-30 19:09 . 2011-04-30 19:09 -------- d-----w- c:\users\Taťka\AppData\Roaming\Total Immersion
2011-04-30 19:09 . 2011-04-30 19:09 -------- d-----w- c:\program files (x86)\Total Immersion
2011-04-28 03:16 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-28 03:16 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-04-28 03:16 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-04-28 03:16 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2011-04-27 14:59 . 2011-04-27 14:59 -------- d-----r- C:\Sandbox
2011-04-27 14:57 . 2011-05-08 08:39 -------- d-----w- c:\program files\Sandboxie
2011-04-23 07:16 . 2011-04-23 07:16 -------- d-----w- c:\users\Taťka\AppData\Roaming\Nokia Ovi Suite
2011-04-21 18:11 . 2011-04-23 07:06 -------- d-----w- c:\program files (x86)\Zrychleni Pocitace
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-16 14:28 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-04-16 14:28 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-03-31 03:06 . 2011-03-31 03:06 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-03-31 03:06 . 2011-03-31 03:06 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-03-31 03:06 . 2011-03-31 03:06 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-03-31 03:06 . 2011-03-31 03:06 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-03-31 03:06 . 2011-03-31 03:06 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-03-31 03:06 . 2011-03-31 03:06 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-03-31 03:06 . 2011-03-31 03:06 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-03-31 03:06 . 2011-03-31 03:06 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-03-31 03:06 . 2011-03-31 03:06 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-03-31 03:06 . 2011-03-31 03:06 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-03-31 03:06 . 2011-03-31 03:06 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-03-31 03:06 . 2011-03-31 03:06 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-03-31 03:06 . 2011-03-31 03:06 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-03-31 03:06 . 2011-03-31 03:06 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-03-31 03:06 . 2011-03-31 03:06 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-03-31 03:06 . 2011-03-31 03:06 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-03-31 03:06 . 2011-03-31 03:06 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-03-31 03:06 . 2011-03-31 03:06 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-03-31 03:06 . 2011-03-31 03:06 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-03-31 03:06 . 2011-03-31 03:06 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-03-31 03:06 . 2011-03-31 03:06 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-03-31 03:06 . 2011-03-31 03:06 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-03-31 03:06 . 2011-03-31 03:06 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-03-31 03:06 . 2011-03-31 03:06 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-31 03:06 . 2011-03-31 03:06 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-03-31 03:06 . 2011-03-31 03:06 222208 ----a-w- c:\windows\system32\msls31.dll
2011-03-31 03:06 . 2011-03-31 03:06 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-03-31 03:06 . 2011-03-31 03:06 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-03-31 03:06 . 2011-03-31 03:06 12288 ----a-w- c:\windows\system32\mshta.exe
2011-03-31 03:06 . 2011-03-31 03:06 114176 ----a-w- c:\windows\system32\admparse.dll
2011-03-31 03:06 . 2011-03-31 03:06 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-03-31 03:06 . 2011-03-31 03:06 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-03-31 03:06 . 2011-03-31 03:06 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-31 03:06 . 2011-03-31 03:06 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-03-31 03:06 . 2011-03-31 03:05 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-03-31 03:05 . 2011-03-31 03:05 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-03-31 03:05 . 2011-03-31 03:05 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-03-31 03:05 . 2011-03-31 03:05 448512 ----a-w- c:\windows\system32\html.iec
2011-03-31 03:05 . 2011-03-31 03:05 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-03-31 03:05 . 2011-03-31 03:05 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-03-31 03:05 . 2011-03-31 03:05 160256 ----a-w- c:\windows\system32\wextract.exe
2011-03-31 03:05 . 2011-03-31 03:05 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-03-15 18:01 . 2011-03-15 18:01 99384 ----a-w- c:\users\Taťka\AppData\Roaming\inst.exe
2011-03-15 18:01 . 2011-03-15 18:01 99384 ----a-w- c:\users\Taťka\AppData\Roaming\inst.exe
2011-03-15 18:01 . 2011-03-15 18:01 82816 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2011-03-15 18:01 . 2011-03-15 18:01 82816 ----a-w- c:\users\Taťka\AppData\Roaming\pcouffin.sys
2011-03-15 18:01 . 2011-03-15 18:01 82816 ----a-w- c:\users\Taťka\AppData\Roaming\pcouffin.sys
2011-03-11 06:34 . 2011-04-15 03:03 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 06:34 . 2011-04-15 03:03 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 05:33 . 2011-04-15 03:03 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-11 05:33 . 2011-04-15 03:03 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-08 06:29 . 2011-04-15 03:03 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-08 05:28 . 2011-04-15 03:03 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-03-04 06:19 . 2011-04-28 03:16 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19 . 2011-04-28 03:16 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:24 . 2011-04-15 03:03 183296 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 06:21 . 2011-04-15 03:03 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 05:36 . 2011-04-15 03:03 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-03-03 03:52 . 2011-04-15 03:03 3135488 ----a-w- c:\windows\system32\win32k.sys
2011-02-24 16:11 . 2011-02-24 16:11 79646 ----a-w- c:\users\Taťka\AppData\Roaming\mdbu.bin
2011-02-24 16:11 . 2011-02-24 16:11 79646 ----a-w- c:\users\Taťka\AppData\Roaming\mdbu.bin
2011-02-24 06:15 . 2011-04-15 03:03 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-24 05:38 . 2011-04-15 03:03 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-23 04:56 . 2011-04-15 03:03 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-23 04:56 . 2011-04-15 03:03 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-23 04:56 . 2011-04-15 03:03 411648 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-23 04:55 . 2011-04-15 03:03 167936 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-02-23 04:55 . 2011-04-15 03:03 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-23 04:55 . 2011-04-15 03:03 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-23 04:55 . 2011-04-15 03:03 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-21_15.04.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-12 18:48 . 2011-05-21 15:56 49108 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-05-21 14:30 32140 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-05-21 15:56 32140 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-11-12 18:48 . 2011-05-21 15:56 20114 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1582215509-3924301347-2066994143-1001_UserData.bin
+ 2010-11-12 17:19 . 2011-05-21 15:53 8014 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2010-11-12 17:19 . 2011-05-21 14:28 8014 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2011-05-21 14:29 . 2011-05-21 14:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-05-21 15:54 . 2011-05-21 15:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-05-21 14:29 . 2011-05-21 14:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-05-21 15:54 . 2011-05-21 15:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-05-21 14:28 388200 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-05-21 15:53 388200 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-02-05 21:52 . 2011-05-21 15:53 3908116 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1582215509-3924301347-2066994143-1001-8192.dat
- 2011-02-05 21:52 . 2011-05-21 14:28 3908116 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1582215509-3924301347-2066994143-1001-8192.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-04-18 15146376]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-12 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-12 136176]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-01-09 30192]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-12 136176]
R3 RtsUIR;Realtek IR Driver; [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VBoxNetFlt Service; [x]
R3 vpcuxd;Služba zástupné procedury virtualizace rozhraní USB;c:\windows\system32\DRIVERS\vpcuxd.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2008-10-07 32240]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592]
S2 VFPRadioSupportService;Bluetooth Feature Support;c:\program files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [2009-08-20 145792]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2011-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-12 18:24]
.
2011-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-12 18:24]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"LaunchPad"="c:\program files (x86)\Launch Pad\LaunchPad.exe" [2009-02-20 2963456]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"PowerManager"="c:\program files (x86)\Power Manager\PM.exe" [2009-08-25 2281472]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-21 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-21 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-21 365592]
"ConMgr"="c:\program files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe" [2009-08-20 535392]
"CSRSkype"="c:\program files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe" [2009-08-20 431456]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Taťka\AppData\Roaming\Mozilla\Firefox\Profiles\2qkv4zft.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Celkový čas: 2011-05-21 18:00:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-05-21 16:00
ComboFix2.txt 2011-05-21 15:06
.
Před spuštěním: Volných bajtů: 12 637 585 408
Po spuštění: Volných bajtů: 13 731 454 976
.

[stell]

No, ako je na tom pocitac??

[kubik0963]

Pořád hlásí když chci změnit výchozí programy.
Jinak fajn.
Můžu si už nainstalovat AVG.

[stell]

A ta hlaska je len s tou jednou polozkou,??Filmom??
este pockaj s AVG.

[kubik0963]

Ne,hlásí mi všechny soubory.

[stell]

No, pravdepodobne nemas administratorske prava, prava.Kolko uctov tam mas??

[kubik0963]

1