Re: Moc prosím o kontrolu logu
Napsal: 17 led 2013 00:09
Tady je log, vse je jinak v poradku:
ComboFix 13-01-16.01 - Kopec 16.01.2013 23:35:25.4.2 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.4094.2342 [GMT 1:00]
Spuštěný z: c:\users\Kopec\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Kopec\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\tasks\Adobe Flash Player Updater.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-495332829-569502934-1742507144-1000Core.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-495332829-569502934-1742507144-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\tasks\Adobe Flash Player Updater.job
c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-495332829-569502934-1742507144-1000Core.job
c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-495332829-569502934-1742507144-1000UA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-16 do 2013-01-16 )))))))))))))))))))))))))))))))
.
.
2013-01-16 22:42 . 2013-01-16 22:42 -------- d-----w- c:\users\user\AppData\Local\temp
2013-01-16 22:42 . 2013-01-16 22:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-01-16 22:42 . 2013-01-16 22:42 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-01-16 22:42 . 2013-01-16 22:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-31 02:21 . 2012-11-19 00:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8E6C095A-17A0-41F9-88F5-CC2955E0B2C4}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-11 18:02 . 2012-07-31 10:16 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-11 18:02 . 2012-01-12 21:30 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-31 20:10 . 2012-10-31 20:10 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-10-30 22:51 . 2010-04-22 14:05 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2011-03-01 22:41 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2010-04-22 14:05 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2010-04-22 14:05 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2010-04-22 14:05 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2011-03-01 22:41 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2010-04-22 14:04 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2011-03-01 22:41 285328 ----a-w- c:\windows\system32\aswBoot.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SafeQ Client"="c:\program files (x86)\Y Soft\SafeQ Client\Client\SafeQ Client.exe" [2009-12-09 249856]
"CLX3180_Scan2Pc"="c:\windows\Twain_32\Samsung\CLX3180\Scan2pc.exe" [2010-11-12 1998848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AVer HID Receiver.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2010-8-13 155648]
AVerQuick.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2010-8-13 561152]
Translate Client.lnk - c:\program files (x86)\Translate Client\translateclient.exe [2011-11-27 1703936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe
.
R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2007-02-16 22528]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AVerFx2hbtv64;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv64.sys [2009-12-08 512512]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2009-10-15 87336]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-04-21 1315592]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 29720]
R3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2010-06-11 11944]
R3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2010-10-26 12992]
R3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2010-10-26 12992]
R3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [2010-06-23 11944]
R3 Remote Solver for Flow Simulation 2010;Remote Solver for Flow Simulation 2010;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2009-09-11 199464]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-21 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 61976]
R4 NIApplicationWebServer64;NI Application Web Server (64-bit);c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2010-11-08 63648]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\System32\drivers\nipbcfk.sys [2010-03-24 16984]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-02-21 503352]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AESTSr64.exe [2007-09-20 86016]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 AVerRemote;AVerRemote;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [2008-03-13 339968]
S2 AVerScheduleService;AVerScheduleService;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [2008-03-05 380928]
S2 CwIPCSvc;Control Web IPC;c:\program files (x86)\Moravian Instruments\Shared\cwsvc.exe [2010-03-23 62976]
S2 NIApplicationWebServer;NI Application Web Server;c:\program files (x86)\OttoBock\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2010-11-08 47776]
S2 niLXIDiscovery;National Instruments LXI Discovery Service;c:\program files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [2010-06-23 131776]
S2 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files (x86)\OttoBock\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2010-07-30 194224]
S2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [2010-06-23 11944]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [2009-09-17 145448]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-07-14 11576]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 SyncThru Admin 5 Database;SyncThru Admin 5 Database;C:/Program Files (x86)/Samsung Network Printer Utilities/SyncThru Admin 5/postgresql/engine/bin/pg_ctl.exe runservice -N SyncThru Admin 5 Database -D C:/Program Files (x86)/Samsung Network Printer Utilities/SyncThru Admin 5/postgresql/database [x]
S2 SyncThru Admin 5;SyncThru 5.0 management application;c:\program files (x86)\Samsung Network Printer Utilities\SyncThru Admin 5\syncthru5.exe [2011-03-14 204800]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-05 27512]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [2009-11-05 34160]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="c:\program files (x86)\SigmaTel\C-Major Audio\WDM\sttray64.exe" [BU]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-05 2345848]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 2320752]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\Kopec\AppData\Roaming\Mozilla\Firefox\Profiles\6mabmi0j.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 4
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SyncThru Admin 5 Database]
"ImagePath"="C:/Program Files (x86)/Samsung Network Printer Utilities/SyncThru Admin 5/postgresql/engine/bin/pg_ctl.exe runservice -N \"SyncThru Admin 5 Database\" -D \"C:/Program Files (x86)/Samsung Network Printer Utilities/SyncThru Admin 5/postgresql/database\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SyncThru Admin 5 Database]
"ImagePath"="C:/Program Files (x86)/Samsung Network Printer Utilities/SyncThru Admin 5/postgresql/engine/bin/pg_ctl.exe runservice -N \"SyncThru Admin 5 Database\" -D \"C:/Program Files (x86)/Samsung Network Printer Utilities/SyncThru Admin 5/postgresql/database\""
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\lkcitdl.exe
c:\windows\SysWOW64\lkads.exe
c:\windows\SysWOW64\lktsrv.exe
c:\program files (x86)\OttoBock\National Instruments\Shared\Security\nidmsrv.exe
c:\program files (x86)\OttoBock\National Instruments\Shared\NI WebServer\SystemWebServer.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\Samsung Network Printer Utilities\SyncThru Admin 5\jre\bin\java.exe
c:\program files (x86)\Samsung Network Printer Utilities\SyncThru Admin 5\postgresql\engine\bin\pg_ctl.exe
c:\program files (x86)\Samsung Network Printer Utilities\SyncThru Admin 5\postgresql\engine\bin\postgres.exe
c:\program files (x86)\Samsung Network Printer Utilities\SyncThru Admin 5\postgresql\engine\bin\postgres.exe
c:\program files (x86)\Samsung Network Printer Utilities\SyncThru Admin 5\postgresql\engine\bin\postgres.exe
c:\program files (x86)\Samsung Network Printer Utilities\SyncThru Admin 5\postgresql\engine\bin\postgres.exe
c:\program files (x86)\Samsung Network Printer Utilities\SyncThru Admin 5\postgresql\engine\bin\postgres.exe
c:\program files (x86)\Samsung Network Printer Utilities\SyncThru Admin 5\postgresql\engine\bin\postgres.exe
c:\program files (x86)\Samsung Network Printer Utilities\SyncThru Admin 5\postgresql\engine\bin\postgres.exe
c:\program files (x86)\Samsung Network Printer Utilities\SyncThru Admin 5\postgresql\engine\bin\postgres.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Celkový čas: 2013-01-16 23:50:49 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-01-16 22:50
ComboFix2.txt 2013-01-15 20:52
ComboFix3.txt 2012-07-18 22:48
ComboFix4.txt 2012-07-17 21:55
.
Před spuštěním: 2 337 669 120
Po spuštění: 2 038 386 688
.
- - End Of File - - 63036CE62D8B0B38D004ABB8BFD84E24
ComboFix 13-01-16.01 - Kopec 16.01.2013 23:35:25.4.2 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.4094.2342 [GMT 1:00]
Spuštěný z: c:\users\Kopec\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Kopec\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\tasks\Adobe Flash Player Updater.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-495332829-569502934-1742507144-1000Core.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-495332829-569502934-1742507144-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\tasks\Adobe Flash Player Updater.job
c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-495332829-569502934-1742507144-1000Core.job
c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-495332829-569502934-1742507144-1000UA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-16 do 2013-01-16 )))))))))))))))))))))))))))))))
.
.
2013-01-16 22:42 . 2013-01-16 22:42 -------- d-----w- c:\users\user\AppData\Local\temp
2013-01-16 22:42 . 2013-01-16 22:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-01-16 22:42 . 2013-01-16 22:42 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-01-16 22:42 . 2013-01-16 22:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-31 02:21 . 2012-11-19 00:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8E6C095A-17A0-41F9-88F5-CC2955E0B2C4}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-11 18:02 . 2012-07-31 10:16 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-11 18:02 . 2012-01-12 21:30 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-31 20:10 . 2012-10-31 20:10 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-10-30 22:51 . 2010-04-22 14:05 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2011-03-01 22:41 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2010-04-22 14:05 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2010-04-22 14:05 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2010-04-22 14:05 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2011-03-01 22:41 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2010-04-22 14:04 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2011-03-01 22:41 285328 ----a-w- c:\windows\system32\aswBoot.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SafeQ Client"="c:\program files (x86)\Y Soft\SafeQ Client\Client\SafeQ Client.exe" [2009-12-09 249856]
"CLX3180_Scan2Pc"="c:\windows\Twain_32\Samsung\CLX3180\Scan2pc.exe" [2010-11-12 1998848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AVer HID Receiver.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2010-8-13 155648]
AVerQuick.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2010-8-13 561152]
Translate Client.lnk - c:\program files (x86)\Translate Client\translateclient.exe [2011-11-27 1703936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe
.
R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2007-02-16 22528]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AVerFx2hbtv64;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv64.sys [2009-12-08 512512]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2009-10-15 87336]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-04-21 1315592]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 29720]
R3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2010-06-11 11944]
R3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2010-10-26 12992]
R3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2010-10-26 12992]
R3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [2010-06-23 11944]
R3 Remote Solver for Flow Simulation 2010;Remote Solver for Flow Simulation 2010;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2009-09-11 199464]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-21 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 61976]
R4 NIApplicationWebServer64;NI Application Web Server (64-bit);c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2010-11-08 63648]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\System32\drivers\nipbcfk.sys [2010-03-24 16984]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-02-21 503352]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AESTSr64.exe [2007-09-20 86016]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 AVerRemote;AVerRemote;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [2008-03-13 339968]
S2 AVerScheduleService;AVerScheduleService;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [2008-03-05 380928]
S2 CwIPCSvc;Control Web IPC;c:\program files (x86)\Moravian Instruments\Shared\cwsvc.exe [2010-03-23 62976]
S2 NIApplicationWebServer;NI Application Web Server;c:\program files (x86)\OttoBock\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2010-11-08 47776]
S2 niLXIDiscovery;National Instruments LXI Discovery Service;c:\program files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [2010-06-23 131776]
S2 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files (x86)\OttoBock\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2010-07-30 194224]
S2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [2010-06-23 11944]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [2009-09-17 145448]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-07-14 11576]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 SyncThru Admin 5 Database;SyncThru Admin 5 Database;C:/Program Files (x86)/Samsung Network Printer Utilities/SyncThru Admin 5/postgresql/engine/bin/pg_ctl.exe runservice -N SyncThru Admin 5 Database -D C:/Program Files (x86)/Samsung Network Printer Utilities/SyncThru Admin 5/postgresql/database [x]
S2 SyncThru Admin 5;SyncThru 5.0 management application;c:\program files (x86)\Samsung Network Printer Utilities\SyncThru Admin 5\syncthru5.exe [2011-03-14 204800]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-05 27512]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [2009-11-05 34160]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="c:\program files (x86)\SigmaTel\C-Major Audio\WDM\sttray64.exe" [BU]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-05 2345848]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 2320752]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\Kopec\AppData\Roaming\Mozilla\Firefox\Profiles\6mabmi0j.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 4
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SyncThru Admin 5 Database]
"ImagePath"="C:/Program Files (x86)/Samsung Network Printer Utilities/SyncThru Admin 5/postgresql/engine/bin/pg_ctl.exe runservice -N \"SyncThru Admin 5 Database\" -D \"C:/Program Files (x86)/Samsung Network Printer Utilities/SyncThru Admin 5/postgresql/database\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SyncThru Admin 5 Database]
"ImagePath"="C:/Program Files (x86)/Samsung Network Printer Utilities/SyncThru Admin 5/postgresql/engine/bin/pg_ctl.exe runservice -N \"SyncThru Admin 5 Database\" -D \"C:/Program Files (x86)/Samsung Network Printer Utilities/SyncThru Admin 5/postgresql/database\""
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\lkcitdl.exe
c:\windows\SysWOW64\lkads.exe
c:\windows\SysWOW64\lktsrv.exe
c:\program files (x86)\OttoBock\National Instruments\Shared\Security\nidmsrv.exe
c:\program files (x86)\OttoBock\National Instruments\Shared\NI WebServer\SystemWebServer.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\Samsung Network Printer Utilities\SyncThru Admin 5\jre\bin\java.exe
c:\program files (x86)\Samsung Network Printer Utilities\SyncThru Admin 5\postgresql\engine\bin\pg_ctl.exe
c:\program files (x86)\Samsung Network Printer Utilities\SyncThru Admin 5\postgresql\engine\bin\postgres.exe
c:\program files (x86)\Samsung Network Printer Utilities\SyncThru Admin 5\postgresql\engine\bin\postgres.exe
c:\program files (x86)\Samsung Network Printer Utilities\SyncThru Admin 5\postgresql\engine\bin\postgres.exe
c:\program files (x86)\Samsung Network Printer Utilities\SyncThru Admin 5\postgresql\engine\bin\postgres.exe
c:\program files (x86)\Samsung Network Printer Utilities\SyncThru Admin 5\postgresql\engine\bin\postgres.exe
c:\program files (x86)\Samsung Network Printer Utilities\SyncThru Admin 5\postgresql\engine\bin\postgres.exe
c:\program files (x86)\Samsung Network Printer Utilities\SyncThru Admin 5\postgresql\engine\bin\postgres.exe
c:\program files (x86)\Samsung Network Printer Utilities\SyncThru Admin 5\postgresql\engine\bin\postgres.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Celkový čas: 2013-01-16 23:50:49 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-01-16 22:50
ComboFix2.txt 2013-01-15 20:52
ComboFix3.txt 2012-07-18 22:48
ComboFix4.txt 2012-07-17 21:55
.
Před spuštěním: 2 337 669 120
Po spuštění: 2 038 386 688
.
- - End Of File - - 63036CE62D8B0B38D004ABB8BFD84E24
Odinstalujte Combofix
Zase nekdy 
