VIRY.CZ

To sice ne, ale smazal jste mi ty obvykle stopy nakazy Navic CF nejak nemazal.


Zkuste ten posledni krok zopkovat v nouzovem rezimu.

ComboFix 14-02-24.02 - Kanister 02.03.2014 9:50.3.2 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1033.18.4063.3376 [GMT 1:00]
Spuštěný z: c:\users\Kanister\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Kanister\Desktop\CFScript
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
- REŽIM S OMEZENOU FUNKČNOSTÍ -
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-02-02 do 2014-03-02 )))))))))))))))))))))))))))))))
.
.
2014-03-02 08:54 . 2014-03-02 08:54 -------- d-----w- c:\users\postgres\AppData\Local\temp
2014-03-02 08:54 . 2014-03-02 08:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-01 20:06 . 2014-03-01 22:47 -------- d-----w- C:\AdwCleaner
2014-03-01 15:13 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A9D1E57B-9643-4088-80C6-39D2F8294A56}\mpengine.dll
2014-03-01 15:05 . 2014-03-01 15:05 -------- d-----w- c:\users\Kanister\AppData\Roaming\Malwarebytes
2014-03-01 15:03 . 2014-03-01 15:03 -------- d-----w- c:\programdata\Malwarebytes
2014-03-01 15:03 . 2014-03-01 15:03 -------- d-----w- c:\users\Kanister\AppData\Local\Programs
2014-02-28 01:14 . 2014-02-28 05:55 -------- d-----w- C:\451e4699395a59716afc8d9380f9
2014-02-27 10:36 . 2014-02-27 10:36 -------- d-----w- c:\windows\Migration
2014-02-17 19:40 . 2014-02-17 19:40 -------- d-----w- c:\program files\Microsoft Silverlight
2014-02-17 19:40 . 2014-02-17 19:40 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2014-02-13 01:10 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-13 01:10 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-13 01:09 . 2014-02-06 11:30 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-02-13 01:09 . 2014-02-06 10:20 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-02-13 01:09 . 2014-02-06 10:17 195584 ----a-w- c:\windows\system32\msrating.dll
2014-02-12 18:50 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-02-12 18:50 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-02-12 18:50 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-12 18:50 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-02-12 18:48 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-02-12 18:48 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-12 18:48 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-02-12 18:48 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2014-02-06 21:27 . 2013-12-18 20:09 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-05 19:56 . 2014-02-05 19:56 -------- d-----w- c:\users\Kanister\AppData\Roaming\HyperLobby
2014-02-05 19:54 . 2014-02-05 19:54 -------- d-----w- c:\program files (x86)\HyperLobby client
2014-02-05 19:38 . 2014-02-16 19:59 -------- d-----w- c:\users\Kanister\AppData\Roaming\TS3Client
2014-02-05 19:36 . 2014-02-05 19:37 -------- d-----w- c:\program files\TeamSpeak 3 Client
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-20 23:18 . 2012-05-05 02:01 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-20 23:18 . 2012-05-05 02:01 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-16 18:01 . 2012-05-04 06:33 88567024 ----a-w- c:\windows\system32\MRT.exe
2013-12-18 05:13 . 2012-05-04 05:12 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-12-03 21:48 . 2013-12-03 21:48 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-03 21:48 . 2013-12-03 21:48 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-03 21:48 . 2013-12-03 21:48 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-03 21:48 . 2013-12-03 21:48 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-03 21:48 . 2013-12-03 21:48 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-03 21:48 . 2013-12-03 21:48 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-03 21:48 . 2013-12-03 21:48 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-03 21:48 . 2013-12-03 21:48 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-03 21:48 . 2013-12-03 21:48 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-03 21:48 . 2013-12-03 21:48 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-03 21:48 . 2013-12-03 21:48 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-03 21:48 . 2013-12-03 21:48 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-03 21:48 . 2013-12-03 21:48 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-03 21:48 . 2013-12-03 21:48 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-03 21:48 . 2013-12-03 21:48 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-03 21:48 . 2013-12-03 21:48 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-03 21:48 . 2013-12-03 21:48 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-03 21:48 . 2013-12-03 21:48 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-03 21:48 . 2013-12-03 21:48 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-03 21:48 . 2013-12-03 21:48 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-03 21:48 . 2013-12-03 21:48 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-03 21:48 . 2013-12-03 21:48 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-03 21:48 . 2013-12-03 21:48 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-03 21:48 . 2013-12-03 21:48 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-03 21:48 . 2013-12-03 21:48 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-03 21:48 . 2013-12-03 21:48 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-03 21:48 . 2013-12-03 21:48 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-03 21:48 . 2013-12-03 21:48 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-03 21:48 . 2013-12-03 21:48 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-03 21:48 . 2013-12-03 21:48 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-03 21:48 . 2013-12-03 21:48 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-03 21:48 . 2013-12-03 21:48 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-03 21:48 . 2013-12-03 21:48 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-03 21:48 . 2013-12-03 21:48 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-03 21:48 . 2013-12-03 21:48 413696 ----a-w- c:\windows\system32\html.iec
2013-12-03 21:48 . 2013-12-03 21:48 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 21:48 . 2013-12-03 21:48 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-03 21:48 . 2013-12-03 21:48 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-03 21:48 . 2013-12-03 21:48 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-03 21:48 . 2013-12-03 21:48 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-03 21:48 . 2013-12-03 21:48 235520 ----a-w- c:\windows\system32\url.dll
2013-12-03 21:48 . 2013-12-03 21:48 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-03 21:48 . 2013-12-03 21:48 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-03 21:48 . 2013-12-03 21:48 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-03 21:48 . 2013-12-03 21:48 101376 ----a-w- c:\windows\system32\inseng.dll
2013-12-03 21:48 . 2013-12-03 21:48 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-03 21:48 . 2013-12-03 21:48 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-03 21:48 . 2013-12-03 21:48 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-03 21:48 . 2013-12-03 21:48 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-03 21:48 . 2013-12-03 21:48 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-03 21:48 . 2013-12-03 21:48 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-03 21:48 . 2013-12-03 21:48 135680 ----a-w- c:\windows\system32\iepeers.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Kanister\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Kanister\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Kanister\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-01-20 43848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-01-20 152392]
.
c:\users\Kanister\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Kanister\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 APNMCP;Ask Update Service;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 SaiH0461;SaiH0461;c:\windows\system32\DRIVERS\SaiH0461.sys;c:\windows\SYSNATIVE\DRIVERS\SaiH0461.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2014-03-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 23:18]
.
2014-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-10 01:04]
.
2014-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-10 01:04]
.
2014-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-94059724-516300671-438323755-1000Core.job
- c:\users\Kanister\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-04 04:58]
.
2014-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-94059724-516300671-438323755-1000UA.job
- c:\users\Kanister\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-04 04:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Kanister\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Kanister\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Kanister\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Kanister\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-01-30 14:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 14:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 14:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-01-30 14:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-01-30 14:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-01-30 14:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
TCP: DhcpNameServer = 10.0.0.138 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-PokerStars.net - c:\program files (x86)\PokerStars.NET\PokerStarsUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\users\Kanister\AppData\Roaming\Dropbox\bin\Dropbox.exe
.
**************************************************************************
.
Celkový čas: 2014-03-02 10:00:35 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-03-02 09:00
ComboFix2.txt 2014-03-02 06:55
ComboFix3.txt 2014-02-28 01:01
.
Před spuštěním: 30 990 819 328 bytes free
Po spuštění: 30 973 009 920 bytes free
.
- - End Of File - - 1077AFE6EAE98A5DC0C86F058689E570
A36C5E4F47E84449FF07ED3517B43A31





////
Po spusteni mi to hlasi, ze Combo fix je po trial dobe, takze bezi v omezenem rezimu & druha vec nesla mi vypnout ESET v nouzovem rezime, on pusten nebyl, ale hlasilo mi to, ze ano!?
Snad to pomohlo.


Diky

Vy jste asi nestahnul novy CF, jak jsem chtel, ze?
To ze v nouzaku hlasi, ze je Eset zapnuty se stava, ale jak pisete, AV v nouzaku nebezi, alespon ne ta cast, ktera by programu branila v praci.

Kdyz ja uz ho mel stahly z prvniho dobrodruzstvi. Omlouvam se, preskocil jsem, jdu na to znovaaaa.

ComboFix, stejne jako ostatni aplikace, ktere samy mazou (tedy i bez skriptu), se vyviji, aktualizuji, proto je treba mit vzdy aktualni verzi

Hlasim asi problem ... Combofix bezi a zasekl se na "dokoncena faze 23" a vypada to, ze 10min se nic nedeje.

Zkuste to zase v nouzaku. Pokud to bylo v nouzaku, zkuste to v normalnim rezimu. Jestli se to sekne zase, dejte novy log z RSIT.

ComboFix 14-02-24.02 - Kanister 02.03.2014 11:42:17.5.2 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1033.18.4063.3048 [GMT 1:00]
Spuštěný z: c:\users\Kanister\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Kanister\Desktop\CFScript
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
- REŽIM S OMEZENOU FUNKČNOSTÍ -
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-02-02 do 2014-03-02 )))))))))))))))))))))))))))))))
.
.
2014-03-02 10:46 . 2014-03-02 10:46 -------- d-----w- c:\users\postgres\AppData\Local\temp
2014-03-02 10:46 . 2014-03-02 10:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-01 20:06 . 2014-03-01 22:47 -------- d-----w- C:\AdwCleaner
2014-03-01 15:13 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A9D1E57B-9643-4088-80C6-39D2F8294A56}\mpengine.dll
2014-03-01 15:05 . 2014-03-01 15:05 -------- d-----w- c:\users\Kanister\AppData\Roaming\Malwarebytes
2014-03-01 15:03 . 2014-03-01 15:03 -------- d-----w- c:\programdata\Malwarebytes
2014-03-01 15:03 . 2014-03-01 15:03 -------- d-----w- c:\users\Kanister\AppData\Local\Programs
2014-02-28 01:14 . 2014-02-28 05:55 -------- d-----w- C:\451e4699395a59716afc8d9380f9
2014-02-27 10:36 . 2014-02-27 10:36 -------- d-----w- c:\windows\Migration
2014-02-17 19:40 . 2014-02-17 19:40 -------- d-----w- c:\program files\Microsoft Silverlight
2014-02-17 19:40 . 2014-02-17 19:40 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2014-02-13 01:10 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-13 01:10 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-13 01:09 . 2014-02-06 11:30 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-02-13 01:09 . 2014-02-06 10:20 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-02-13 01:09 . 2014-02-06 10:17 195584 ----a-w- c:\windows\system32\msrating.dll
2014-02-12 18:50 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-02-12 18:50 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-02-12 18:50 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-12 18:50 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-02-12 18:48 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-02-12 18:48 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-12 18:48 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-02-12 18:48 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2014-02-06 21:27 . 2013-12-18 20:09 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-05 19:56 . 2014-02-05 19:56 -------- d-----w- c:\users\Kanister\AppData\Roaming\HyperLobby
2014-02-05 19:54 . 2014-02-05 19:54 -------- d-----w- c:\program files (x86)\HyperLobby client
2014-02-05 19:38 . 2014-02-16 19:59 -------- d-----w- c:\users\Kanister\AppData\Roaming\TS3Client
2014-02-05 19:36 . 2014-02-05 19:37 -------- d-----w- c:\program files\TeamSpeak 3 Client
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-20 23:18 . 2012-05-05 02:01 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-20 23:18 . 2012-05-05 02:01 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-16 18:01 . 2012-05-04 06:33 88567024 ----a-w- c:\windows\system32\MRT.exe
2013-12-18 05:13 . 2012-05-04 05:12 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-12-03 21:48 . 2013-12-03 21:48 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-03 21:48 . 2013-12-03 21:48 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-03 21:48 . 2013-12-03 21:48 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-03 21:48 . 2013-12-03 21:48 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-03 21:48 . 2013-12-03 21:48 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-03 21:48 . 2013-12-03 21:48 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-03 21:48 . 2013-12-03 21:48 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-03 21:48 . 2013-12-03 21:48 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-03 21:48 . 2013-12-03 21:48 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-03 21:48 . 2013-12-03 21:48 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-03 21:48 . 2013-12-03 21:48 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-03 21:48 . 2013-12-03 21:48 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-03 21:48 . 2013-12-03 21:48 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-03 21:48 . 2013-12-03 21:48 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-03 21:48 . 2013-12-03 21:48 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-03 21:48 . 2013-12-03 21:48 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-03 21:48 . 2013-12-03 21:48 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-03 21:48 . 2013-12-03 21:48 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-03 21:48 . 2013-12-03 21:48 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-03 21:48 . 2013-12-03 21:48 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-03 21:48 . 2013-12-03 21:48 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-03 21:48 . 2013-12-03 21:48 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-03 21:48 . 2013-12-03 21:48 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-03 21:48 . 2013-12-03 21:48 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-03 21:48 . 2013-12-03 21:48 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-03 21:48 . 2013-12-03 21:48 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-03 21:48 . 2013-12-03 21:48 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-03 21:48 . 2013-12-03 21:48 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-03 21:48 . 2013-12-03 21:48 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-03 21:48 . 2013-12-03 21:48 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-03 21:48 . 2013-12-03 21:48 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-03 21:48 . 2013-12-03 21:48 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-03 21:48 . 2013-12-03 21:48 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-03 21:48 . 2013-12-03 21:48 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-03 21:48 . 2013-12-03 21:48 413696 ----a-w- c:\windows\system32\html.iec
2013-12-03 21:48 . 2013-12-03 21:48 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 21:48 . 2013-12-03 21:48 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-03 21:48 . 2013-12-03 21:48 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-03 21:48 . 2013-12-03 21:48 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-03 21:48 . 2013-12-03 21:48 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-03 21:48 . 2013-12-03 21:48 235520 ----a-w- c:\windows\system32\url.dll
2013-12-03 21:48 . 2013-12-03 21:48 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-03 21:48 . 2013-12-03 21:48 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-03 21:48 . 2013-12-03 21:48 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-03 21:48 . 2013-12-03 21:48 101376 ----a-w- c:\windows\system32\inseng.dll
2013-12-03 21:48 . 2013-12-03 21:48 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-03 21:48 . 2013-12-03 21:48 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-03 21:48 . 2013-12-03 21:48 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-03 21:48 . 2013-12-03 21:48 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-03 21:48 . 2013-12-03 21:48 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-03 21:48 . 2013-12-03 21:48 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-03 21:48 . 2013-12-03 21:48 135680 ----a-w- c:\windows\system32\iepeers.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Kanister\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Kanister\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Kanister\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-01-20 43848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-01-20 152392]
.
c:\users\Kanister\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Kanister\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 APNMCP;Ask Update Service;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 SaiH0461;SaiH0461;c:\windows\system32\DRIVERS\SaiH0461.sys;c:\windows\SYSNATIVE\DRIVERS\SaiH0461.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2014-03-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 23:18]
.
2014-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-10 01:04]
.
2014-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-10 01:04]
.
2014-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-94059724-516300671-438323755-1000Core.job
- c:\users\Kanister\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-04 04:58]
.
2014-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-94059724-516300671-438323755-1000UA.job
- c:\users\Kanister\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-04 04:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Kanister\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Kanister\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Kanister\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Kanister\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-01-30 14:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 14:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 14:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-01-30 14:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-01-30 14:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-01-30 14:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
TCP: DhcpNameServer = 10.0.0.138 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-PokerStars.net - c:\program files (x86)\PokerStars.NET\PokerStarsUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\users\Kanister\AppData\Roaming\Dropbox\bin\Dropbox.exe
.
**************************************************************************
.
Celkový čas: 2014-03-02 12:40:56 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-03-02 11:40
ComboFix2.txt 2014-03-02 09:00
ComboFix3.txt 2014-03-02 06:55
ComboFix4.txt 2014-02-28 01:01
.
Před spuštěním: 31 021 465 600 bytes free
Po spuštění: 30 894 551 040 bytes free
.
- - End Of File - - B788D7B478032A2BB16E1751836D9A53
A36C5E4F47E84449FF07ED3517B43A31

Je to tam. Tak snad ...

Ne, porad to neni ono.

Dejte novy log z RSIT

Co je prosim RSIT?

Logfile of random's system information tool 1.09 (written by random/random)
Run by Kanister at 2014-03-02 14:14:23
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 29 GB (6%) free of 462 GB
Total RAM: 4063 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:14:38, on 2.3.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal

Running processes:
C:\Users\Kanister\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\Kanister\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kanister\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kanister\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kanister\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kanister\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kanister\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kanister\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kanister\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kanister\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kanister\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kanister\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\Kanister.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-21-94059724-516300671-438323755-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'postgres')
O4 - HKUS\S-1-5-21-94059724-516300671-438323755-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'postgres')
O4 - Startup: Dropbox.lnk = Kanister\AppData\Roaming\Dropbox\bin\Dropbox.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Ask Update Service (APNMCP) - Unknown owner - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8118 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-94059724-516300671-438323755-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-94059724-516300671-438323755-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2014-01-20 43848]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2014-01-20 152392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]

C:\Users\Kanister\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Kanister\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.tscc"=tsccvid.dll
"VIDC.IV50"=Ir50_32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2014-03-02 14:14:24 ----D---- C:\Program Files (x86)\trend micro
2014-03-02 14:14:23 ----D---- C:\rsit
2014-03-02 12:40:56 ----A---- C:\ComboFix.txt
2014-03-02 12:37:19 ----D---- C:\$RECYCLE.BIN
2014-03-02 11:46:18 ----D---- C:\Windows\temp
2014-03-02 10:25:37 ----A---- C:\Windows\NIRCMD.exe
2014-03-01 21:06:09 ----D---- C:\AdwCleaner
2014-03-01 16:05:14 ----D---- C:\Users\Kanister\AppData\Roaming\Malwarebytes
2014-03-01 16:03:44 ----D---- C:\ProgramData\Malwarebytes
2014-02-28 02:14:33 ----D---- C:\451e4699395a59716afc8d9380f9
2014-02-28 01:38:48 ----A---- C:\Windows\zip.exe
2014-02-28 01:38:48 ----A---- C:\Windows\SWSC.exe
2014-02-28 01:38:48 ----A---- C:\Windows\SWREG.exe
2014-02-28 01:38:48 ----A---- C:\Windows\sed.exe
2014-02-28 01:38:48 ----A---- C:\Windows\PEV.exe
2014-02-28 01:38:48 ----A---- C:\Windows\MBR.exe
2014-02-28 01:38:48 ----A---- C:\Windows\grep.exe
2014-02-28 01:38:17 ----D---- C:\Qoobox
2014-02-28 01:38:01 ----D---- C:\Windows\erdnt
2014-02-27 11:39:40 ----A---- C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-27 11:36:22 ----D---- C:\Windows\Migration
2014-02-17 20:40:50 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2014-02-13 02:10:19 ----A---- C:\Windows\SysWOW64\vbscript.dll
2014-02-13 02:09:00 ----A---- C:\Windows\SysWOW64\msrating.dll
2014-02-13 02:08:57 ----A---- C:\Windows\SysWOW64\ieui.dll
2014-02-13 02:08:49 ----A---- C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 02:08:49 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 02:08:49 ----A---- C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 02:08:49 ----A---- C:\Windows\SysWOW64\iesetup.dll
2014-02-13 02:08:48 ----A---- C:\Windows\SysWOW64\iernonce.dll
2014-02-13 02:08:48 ----A---- C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-13 02:08:46 ----A---- C:\Windows\SysWOW64\jscript9diag.dll
2014-02-13 02:08:46 ----A---- C:\Windows\SysWOW64\ieapfltr.dll
2014-02-13 02:08:44 ----A---- C:\Windows\SysWOW64\wininet.dll
2014-02-13 02:08:44 ----A---- C:\Windows\SysWOW64\iertutil.dll
2014-02-13 02:08:43 ----A---- C:\Windows\SysWOW64\urlmon.dll
2014-02-13 02:08:38 ----A---- C:\Windows\SysWOW64\ieframe.dll
2014-02-13 02:08:36 ----A---- C:\Windows\SysWOW64\mshtml.dll
2014-02-13 02:08:35 ----A---- C:\Windows\SysWOW64\jscript9.dll
2014-02-12 19:50:05 ----A---- C:\Windows\SysWOW64\msxml3.dll
2014-02-12 19:50:04 ----A---- C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 19:49:13 ----A---- C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 19:49:13 ----A---- C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 19:49:12 ----A---- C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 19:49:09 ----A---- C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 19:49:07 ----A---- C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 19:49:05 ----A---- C:\Windows\SysWOW64\secproc.dll
2014-02-12 19:49:04 ----A---- C:\Windows\SysWOW64\msdrm.dll
2014-02-12 19:49:03 ----A---- C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 19:49:02 ----A---- C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 19:48:36 ----A---- C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 19:48:34 ----A---- C:\Windows\SysWOW64\d2d1.dll
2014-02-06 22:27:46 ----A---- C:\Windows\SysWOW64\javaws.exe
2014-02-06 22:27:41 ----A---- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-06 22:27:41 ----A---- C:\Windows\SysWOW64\javaw.exe
2014-02-06 22:27:41 ----A---- C:\Windows\SysWOW64\java.exe
2014-02-05 20:56:04 ----D---- C:\Users\Kanister\AppData\Roaming\HyperLobby
2014-02-05 20:54:05 ----D---- C:\Program Files (x86)\HyperLobby client
2014-02-05 20:38:41 ----D---- C:\Users\Kanister\AppData\Roaming\TS3Client

======List of files/folders modified in the last 1 month======

2014-03-02 14:14:38 ----D---- C:\Windows\Prefetch
2014-03-02 14:14:24 ----RD---- C:\Program Files (x86)
2014-03-02 12:37:57 ----D---- C:\Users\Kanister\AppData\Roaming\Dropbox
2014-03-02 12:37:25 ----D---- C:\Windows
2014-03-02 12:37:25 ----A---- C:\Windows\system.ini
2014-03-02 11:42:13 ----A---- C:\Windows\ntbtlog.txt
2014-03-01 23:46:24 ----D---- C:\Windows\SysWOW64
2014-03-01 23:46:21 ----D---- C:\ProgramData
2014-03-01 20:18:57 ----D---- C:\Windows\Microsoft.NET
2014-03-01 19:55:41 ----D---- C:\Users\Kanister\AppData\Roaming\vlc
2014-03-01 16:01:42 ----SHD---- C:\Windows\Installer
2014-03-01 15:56:37 ----SHD---- C:\System Volume Information
2014-02-28 02:16:30 ----D---- C:\Windows\inf
2014-02-28 02:16:25 ----D---- C:\Windows\System32
2014-02-28 01:46:47 ----D---- C:\Windows\SysWOW64\drivers
2014-02-28 01:46:46 ----D---- C:\Windows\AppPatch
2014-02-28 01:46:45 ----D---- C:\Program Files (x86)\Common Files
2014-02-27 11:41:01 ----RSD---- C:\Windows\assembly
2014-02-27 11:36:41 ----D---- C:\Windows\SysWOW64\en-US
2014-02-27 11:36:22 ----SD---- C:\ProgramData\Microsoft
2014-02-26 23:11:15 ----D---- C:\Users\Kanister\AppData\Roaming\Spotify
2014-02-26 01:28:57 ----D---- C:\ProgramData\Skype
2014-02-26 01:28:51 ----RD---- C:\Program Files (x86)\Skype
2014-02-21 00:18:39 ----A---- C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-19 17:54:03 ----D---- C:\Windows\winsxs
2014-02-18 22:38:21 ----D---- C:\Program Files (x86)\Poker Heaven
2014-02-17 20:40:51 ----RD---- C:\Program Files
2014-02-17 20:31:24 ----D---- C:\Users\Kanister\AppData\Roaming\uTorrent
2014-02-17 11:19:38 ----D---- C:\Users\Kanister\AppData\Roaming\Skype
2014-02-16 19:37:43 ----D---- C:\Windows\rescache
2014-02-13 10:06:52 ----D---- C:\Program Files (x86)\Internet Explorer
2014-02-10 17:29:49 ----D---- C:\Users\Kanister\AppData\Roaming\FileZilla
2014-02-08 15:56:06 ----D---- C:\Program Files (x86)\PokerStars
2014-02-06 22:36:54 ----D---- C:\Program Files (x86)\Ubisoft
2014-02-06 22:29:32 ----D---- C:\ProgramData\Oracle
2014-02-06 22:27:41 ----D---- C:\Program Files (x86)\Java
2014-02-04 17:33:01 ----HD---- C:\Program Files (x86)\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys []
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys []
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys []
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys []
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys []
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys []
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys []
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []
R3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys []
R3 SFEP;Sony Firmware Extension Parser; C:\Windows\system32\DRIVERS\SFEP.sys []
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 Netaapl;Apple Mobile Device Ethernet Service; C:\Windows\system32\DRIVERS\netaapl64.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []
S3 SaiH0461;SaiH0461; C:\Windows\system32\DRIVERS\SaiH0461.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys []
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys []
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe []
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2014-01-07 43336]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2012-08-02 76888]
R2 postgresql-8.4;PostgreSQL Server 8.4; C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w []
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2014-01-20 641352]
S2 APNMCP;Ask Update Service; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-10 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21 257928]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-10 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe /V []
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2013-10-30 566696]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------


Tak. Doufam, ze vidite ze jednate s tatarem.

kanister píše:Tak. Doufam, ze vidite ze jednate s tatarem.

Zas tak hrozne to nebude


Mate 64bit system, takze potrebuji log z tohoto RSIT http://images.malwareremoval.com/random/RSITx64.exe

a k nemu

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

RMIT 64.


Logfile of random's system information tool 1.09 (written by random/random)
Run by Kanister at 2014-03-02 17:05:03
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 29 GB (6%) free of 462 GB
Total RAM: 4063 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:05:13, on 2.3.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal

Running processes:
C:\Users\Kanister\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\Kanister\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kanister\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kanister\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files\trend micro\Kanister.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-21-94059724-516300671-438323755-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'postgres')
O4 - HKUS\S-1-5-21-94059724-516300671-438323755-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'postgres')
O4 - Startup: Dropbox.lnk = Kanister\AppData\Roaming\Dropbox\bin\Dropbox.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Ask Update Service (APNMCP) - Unknown owner - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7617 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
atieclxx
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
"C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe" runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w
C:\Windows\System32\svchost.exe -k secsvcs
"C:/Program Files (x86)/PostgreSQL/8.4/bin/postgres.exe" -D "C:/Program Files (x86)/PostgreSQL/8.4/data"
\??\C:\Windows\system32\conhost.exe "770176817-2003780001984614481-1949582394-3114673191281247857572212668-760335954
"C:/Program Files (x86)/PostgreSQL/8.4/bin/postgres.exe" "--forkboot" "836" "-x3"
"C:/Program Files (x86)/PostgreSQL/8.4/bin/postgres.exe" "--forkboot" "840" "-x4"
"C:/Program Files (x86)/PostgreSQL/8.4/bin/postgres.exe" "--forkavlauncher" "836"
"C:/Program Files (x86)/PostgreSQL/8.4/bin/postgres.exe" "--forkcol" "840"
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe /Embedding
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Users\Kanister\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"C:\Program Files\iPod\bin\iPodService.exe"
C:\Windows\explorer.exe
"C:\Users\Kanister\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Kanister\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3184.0.693806036\1360484686" --disable-image-transport-surface --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,1,14,27 --gpu-vendor-id=0x1002 --gpu-device-id=0x9553 --gpu-driver-vendor="ATI Technologies Inc." --gpu-driver-version=8.632.1.2000 --ignored=" --type=renderer " /prefetch:822062411
"C:\Users\Kanister\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/EmbeddedSearch/Group7 pct:10g stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ExtensionInstallVerification/None/NetworkConnectivity/disable_network_stats/OmniboxBundledExperimentV1/StandardR2/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_22/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --enable-software-compositing --channel="3184.13.163010824\637944855" /prefetch:673131151
"C:\Windows\system32\NOTEPAD.EXE" C:\rsit\info.txt
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
"C:\Users\Kanister\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-94059724-516300671-438323755-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-94059724-516300671-438323755-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2011-09-22 4035152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2014-01-20 43848]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2014-01-20 152392]

C:\Users\Kanister\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Kanister\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2014-03-02 17:05:03 ----D---- C:\Program Files\trend micro
2014-03-02 14:14:24 ----D---- C:\Program Files (x86)\trend micro
2014-03-02 14:14:23 ----D---- C:\rsit
2014-03-02 12:40:56 ----A---- C:\ComboFix.txt
2014-03-02 12:37:19 ----D---- C:\$RECYCLE.BIN
2014-03-02 11:46:18 ----D---- C:\Windows\temp
2014-03-02 10:25:37 ----A---- C:\Windows\NIRCMD.exe
2014-03-01 21:06:09 ----D---- C:\AdwCleaner
2014-03-01 16:05:14 ----D---- C:\Users\Kanister\AppData\Roaming\Malwarebytes
2014-03-01 16:03:44 ----D---- C:\ProgramData\Malwarebytes
2014-02-28 02:14:33 ----D---- C:\451e4699395a59716afc8d9380f9
2014-02-28 01:38:48 ----A---- C:\Windows\zip.exe
2014-02-28 01:38:48 ----A---- C:\Windows\SWSC.exe
2014-02-28 01:38:48 ----A---- C:\Windows\SWREG.exe
2014-02-28 01:38:48 ----A---- C:\Windows\sed.exe
2014-02-28 01:38:48 ----A---- C:\Windows\PEV.exe
2014-02-28 01:38:48 ----A---- C:\Windows\MBR.exe
2014-02-28 01:38:48 ----A---- C:\Windows\grep.exe
2014-02-28 01:38:17 ----D---- C:\Qoobox
2014-02-28 01:38:01 ----D---- C:\Windows\erdnt
2014-02-27 11:39:40 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2014-02-27 11:36:22 ----D---- C:\Windows\Migration
2014-02-17 20:40:51 ----D---- C:\Program Files\Microsoft Silverlight
2014-02-17 20:40:50 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2014-02-13 02:10:19 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-02-13 02:10:19 ----A---- C:\Windows\system32\vbscript.dll
2014-02-13 02:09:00 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-02-13 02:09:00 ----A---- C:\Windows\system32\msrating.dll
2014-02-13 02:08:57 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-02-13 02:08:56 ----A---- C:\Windows\system32\ieui.dll
2014-02-13 02:08:54 ----A---- C:\Windows\system32\iernonce.dll
2014-02-13 02:08:54 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 02:08:54 ----A---- C:\Windows\system32\ie4uinit.exe
2014-02-13 02:08:50 ----A---- C:\Windows\system32\jsproxy.dll
2014-02-13 02:08:49 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-02-13 02:08:49 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-02-13 02:08:49 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-02-13 02:08:49 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-02-13 02:08:49 ----A---- C:\Windows\system32\msfeeds.dll
2014-02-13 02:08:49 ----A---- C:\Windows\system32\ieUnatt.exe
2014-02-13 02:08:48 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-02-13 02:08:48 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-02-13 02:08:48 ----A---- C:\Windows\system32\iesetup.dll
2014-02-13 02:08:48 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-02-13 02:08:48 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-02-13 02:08:46 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-02-13 02:08:46 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-02-13 02:08:46 ----A---- C:\Windows\system32\mshtml.dll
2014-02-13 02:08:46 ----A---- C:\Windows\system32\jscript9diag.dll
2014-02-13 02:08:46 ----A---- C:\Windows\system32\ieapfltr.dll
2014-02-13 02:08:44 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-02-13 02:08:44 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-02-13 02:08:44 ----A---- C:\Windows\system32\iertutil.dll
2014-02-13 02:08:43 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-02-13 02:08:43 ----A---- C:\Windows\system32\wininet.dll
2014-02-13 02:08:43 ----A---- C:\Windows\system32\urlmon.dll
2014-02-13 02:08:40 ----A---- C:\Windows\system32\ieframe.dll
2014-02-13 02:08:38 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-02-13 02:08:36 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-02-13 02:08:35 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-02-13 02:08:35 ----A---- C:\Windows\system32\jscript9.dll
2014-02-12 19:50:06 ----A---- C:\Windows\system32\msxml3.dll
2014-02-12 19:50:05 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2014-02-12 19:50:04 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2014-02-12 19:50:04 ----A---- C:\Windows\system32\msxml3r.dll
2014-02-12 19:49:14 ----A---- C:\Windows\system32\RMActivate_isv.exe
2014-02-12 19:49:14 ----A---- C:\Windows\system32\RMActivate.exe
2014-02-12 19:49:13 ----A---- C:\Windows\SYSWOW64\RMActivate_isv.exe
2014-02-12 19:49:13 ----A---- C:\Windows\SYSWOW64\RMActivate.exe
2014-02-12 19:49:12 ----A---- C:\Windows\SYSWOW64\RMActivate_ssp_isv.exe
2014-02-12 19:49:11 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 19:49:11 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 19:49:09 ----A---- C:\Windows\SYSWOW64\RMActivate_ssp.exe
2014-02-12 19:49:08 ----A---- C:\Windows\system32\secproc_isv.dll
2014-02-12 19:49:07 ----A---- C:\Windows\SYSWOW64\secproc_isv.dll
2014-02-12 19:49:07 ----A---- C:\Windows\system32\secproc.dll
2014-02-12 19:49:07 ----A---- C:\Windows\system32\msdrm.dll
2014-02-12 19:49:05 ----A---- C:\Windows\SYSWOW64\secproc.dll
2014-02-12 19:49:04 ----A---- C:\Windows\SYSWOW64\msdrm.dll
2014-02-12 19:49:04 ----A---- C:\Windows\system32\secproc_ssp.dll
2014-02-12 19:49:03 ----A---- C:\Windows\SYSWOW64\secproc_ssp.dll
2014-02-12 19:49:03 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 19:49:02 ----A---- C:\Windows\SYSWOW64\secproc_ssp_isv.dll
2014-02-12 19:48:36 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll
2014-02-12 19:48:36 ----A---- C:\Windows\system32\d3d10warp.dll
2014-02-12 19:48:34 ----A---- C:\Windows\SYSWOW64\d2d1.dll
2014-02-12 19:48:34 ----A---- C:\Windows\system32\d2d1.dll
2014-02-06 22:27:46 ----A---- C:\Windows\SYSWOW64\javaws.exe
2014-02-06 22:27:41 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2014-02-06 22:27:41 ----A---- C:\Windows\SYSWOW64\javaw.exe
2014-02-06 22:27:41 ----A---- C:\Windows\SYSWOW64\java.exe
2014-02-05 20:56:04 ----D---- C:\Users\Kanister\AppData\Roaming\HyperLobby
2014-02-05 20:54:05 ----D---- C:\Program Files (x86)\HyperLobby client
2014-02-05 20:38:41 ----D---- C:\Users\Kanister\AppData\Roaming\TS3Client
2014-02-05 20:36:34 ----D---- C:\Program Files\TeamSpeak 3 Client

======List of files/folders modified in the last 1 month======

2014-03-02 17:05:13 ----D---- C:\Windows\Prefetch
2014-03-02 17:05:03 ----RD---- C:\Program Files
2014-03-02 14:14:24 ----RD---- C:\Program Files (x86)
2014-03-02 12:48:38 ----D---- C:\Windows\system32\config
2014-03-02 12:40:59 ----D---- C:\Windows\system32\drivers
2014-03-02 12:37:57 ----D---- C:\Users\Kanister\AppData\Roaming\Dropbox
2014-03-02 12:37:25 ----D---- C:\Windows
2014-03-02 12:37:25 ----A---- C:\Windows\system.ini
2014-03-02 12:37:17 ----D---- C:\Windows\system32\drivers\etc
2014-03-02 11:42:13 ----A---- C:\Windows\ntbtlog.txt
2014-03-02 07:48:30 ----D---- C:\Windows\system32\catroot2
2014-03-01 23:46:24 ----D---- C:\Windows\SysWOW64
2014-03-01 23:46:21 ----D---- C:\ProgramData
2014-03-01 20:18:57 ----D---- C:\Windows\Microsoft.NET
2014-03-01 19:55:41 ----D---- C:\Users\Kanister\AppData\Roaming\vlc
2014-03-01 16:01:42 ----SHD---- C:\Windows\Installer
2014-03-01 15:56:37 ----SHD---- C:\System Volume Information
2014-02-28 02:16:30 ----D---- C:\Windows\inf
2014-02-28 02:16:25 ----D---- C:\Windows\System32
2014-02-28 02:16:25 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-02-28 01:46:47 ----D---- C:\Windows\SYSWOW64\drivers
2014-02-28 01:46:46 ----D---- C:\Windows\AppPatch
2014-02-28 01:46:45 ----D---- C:\Program Files (x86)\Common Files
2014-02-27 11:41:01 ----RSD---- C:\Windows\assembly
2014-02-27 11:36:41 ----D---- C:\Windows\SYSWOW64\en-US
2014-02-27 11:36:41 ----D---- C:\Windows\system32\en-US
2014-02-27 11:36:22 ----SD---- C:\ProgramData\Microsoft
2014-02-26 23:11:15 ----D---- C:\Users\Kanister\AppData\Roaming\Spotify
2014-02-26 01:28:57 ----D---- C:\ProgramData\Skype
2014-02-26 01:28:51 ----RD---- C:\Program Files (x86)\Skype
2014-02-21 00:18:39 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-02-19 17:54:03 ----D---- C:\Windows\winsxs
2014-02-19 00:40:32 ----D---- C:\Program Files\Common Files\Microsoft Shared
2014-02-18 22:38:21 ----D---- C:\Program Files (x86)\Poker Heaven
2014-02-17 20:31:24 ----D---- C:\Users\Kanister\AppData\Roaming\uTorrent
2014-02-17 11:19:38 ----D---- C:\Users\Kanister\AppData\Roaming\Skype
2014-02-16 20:43:21 ----D---- C:\Windows\system32\catroot
2014-02-16 20:43:20 ----D---- C:\Windows\system32\DriverStore
2014-02-16 19:37:43 ----D---- C:\Windows\rescache
2014-02-16 19:04:46 ----D---- C:\Windows\system32\MRT
2014-02-16 19:01:27 ----A---- C:\Windows\system32\MRT.exe
2014-02-13 10:06:52 ----D---- C:\Program Files\Internet Explorer
2014-02-13 10:06:52 ----D---- C:\Program Files (x86)\Internet Explorer
2014-02-10 17:29:49 ----D---- C:\Users\Kanister\AppData\Roaming\FileZilla
2014-02-08 15:56:06 ----D---- C:\Program Files (x86)\PokerStars
2014-02-06 22:36:54 ----D---- C:\Program Files (x86)\Ubisoft
2014-02-06 22:29:32 ----D---- C:\ProgramData\Oracle
2014-02-06 22:27:41 ----D---- C:\Program Files (x86)\Java
2014-02-04 17:33:01 ----HD---- C:\Program Files (x86)\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2011-08-04 187632]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-17 6037504]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]
R3 SFEP;Sony Firmware Extension Parser; C:\Windows\system32\DRIVERS\SFEP.sys [2007-08-02 11392]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 Netaapl;Apple Mobile Device Ethernet Service; C:\Windows\system32\DRIVERS\netaapl64.sys [2013-07-25 23040]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 SaiH0461;SaiH0461; C:\Windows\system32\DRIVERS\SaiH0461.sys [2008-03-26 178432]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2011-01-15 36352]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-17 203264]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2014-01-07 43336]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2012-08-02 76888]
R2 postgresql-8.4;PostgreSQL Server 8.4; C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w []
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2014-01-20 641352]
S2 APNMCP;Ask Update Service; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-10 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21 257928]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-10 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-02-06 111616]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2013-10-30 566696]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-05-04 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------