VIRY.CZ

Přikládám log z combofix a prosím o případné další rady. Děkuji:

ComboFix 11-07-26.02 - Pavel 26.07.2011  18:07:00.2.2 - x64
Spuštěný z: c:\users\Pavel\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Ostatní výmazy   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\users\Pavel\AppData\Roaming\Microsoft\conhost.exe
c:\users\Pavel\Flash-Player.exe
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\gbot111.exe
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\l1rezerv.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix.rar
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\services32.exe
c:\windows\sysdriver32.exe
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\ufa.rar
c:\windows\update.1\svchost.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
(((((((((((((((((((((((((((((((((((((((   Ovladače/Služby   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_srvsysdriver32
-------\Service_wxpdrivers
.
.
(((((((((((((((((((((((((   Soubory vytvořené od 2011-06-26 do 2011-07-26  )))))))))))))))))))))))))))))))
.
.
2011-07-26 16:14 . 2011-07-26 16:14	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-07-25 19:46 . 2011-07-04 11:36	288088	----a-w-	c:\windows\system32\drivers\aswSP.sys
2011-07-25 19:46 . 2011-07-04 11:35	45400	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2011-07-25 19:46 . 2011-07-04 11:32	31064	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2011-07-25 19:46 . 2011-07-04 11:32	22360	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2011-07-25 19:46 . 2011-07-04 11:43	253888	----a-w-	c:\windows\system32\aswBoot.exe
2011-07-25 19:46 . 2011-07-04 11:36	600920	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2011-07-25 19:46 . 2011-07-04 11:32	64856	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2011-07-25 19:45 . 2011-07-04 11:43	40112	----a-w-	c:\windows\avastSS.scr
2011-07-25 19:45 . 2011-07-04 11:43	199304	----a-w-	c:\windows\SysWow64\aswBoot.exe
2011-07-25 19:45 . 2011-07-25 19:45	--------	d-----w-	c:\programdata\AVAST Software
2011-07-25 19:45 . 2011-07-25 19:45	--------	d-----w-	c:\program files\AVAST Software
2011-07-25 19:42 . 2011-07-25 19:42	--------	d-----w-	c:\users\Pavel\AppData\Local\ElevatedDiagnostics
2011-07-25 19:36 . 2011-07-25 19:36	--------	d-----w-	c:\programdata\McAfee
2011-07-25 19:30 . 2011-07-25 19:30	--------	d-----w-	c:\programdata\CyberLink
2011-07-25 19:11 . 2011-07-26 05:25	--------	d--h--w-	c:\windows\update.tray-7-0
2011-07-17 09:32 . 2011-07-17 09:32	--------	d-----w-	c:\windows\ufa
2011-07-17 09:32 . 2011-07-17 09:32	--------	d-----w-	c:\windows\rpcminer
2011-07-17 09:32 . 2011-07-17 09:32	--------	d-----w-	c:\windows\phoenix
2011-07-17 09:32 . 2011-07-23 16:07	246272	----a-w-	c:\windows\unrar.exe
2011-07-17 09:30 . 2011-07-26 05:25	--------	d-----w-	c:\windows\av_ico
2011-07-17 09:28 . 2011-07-26 05:25	--------	d--h--w-	c:\windows\update.tray-9-0
2011-07-17 09:28 . 2011-07-26 05:25	--------	d--h--w-	c:\windows\update.tray-9-0-lnk
2011-07-17 09:11 . 2011-06-02 06:39	422400	----a-w-	c:\windows\system32\KernelBase.dll
2011-07-17 09:11 . 2011-06-02 05:54	272384	----a-w-	c:\windows\SysWow64\KernelBase.dll
2011-07-17 09:11 . 2011-06-02 06:23	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-17 09:11 . 2011-06-02 05:45	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-09 17:05 . 2011-07-09 17:05	--------	d-----w-	c:\users\Pavel\AppData\Roaming\Registry Mechanic
2011-07-07 18:45 . 2011-07-07 18:45	--------	d-----w-	c:\users\Pavel\AppData\Roaming\DivX
2011-07-07 18:44 . 2011-07-07 18:44	--------	d-----w-	c:\program files (x86)\Common Files\PX Storage Engine
2011-07-07 18:44 . 2011-07-07 18:44	--------	d-----w-	c:\program files\DivX
2011-07-07 18:43 . 2011-07-07 18:44	--------	d-----w-	c:\program files (x86)\Common Files\DivX Shared
2011-07-07 18:42 . 2011-07-07 18:45	--------	d-----w-	c:\program files (x86)\DivX
2011-07-07 18:41 . 2011-07-07 18:45	--------	d-----w-	c:\programdata\DivX
2011-07-07 08:07 . 2011-07-07 08:07	--------	d-----w-	c:\users\Pavel\AppData\Roaming\Unity
2011-07-07 07:47 . 2011-07-25 19:39	--------	d-----w-	c:\users\Pavel\AppData\Local\Unity
2011-06-27 17:52 . 2011-06-28 20:55	--------	d-----w-	c:\windows\system32\SPReview
2011-06-27 17:50 . 2011-06-27 17:50	--------	d-----w-	c:\windows\system32\EventProviders
2011-06-27 17:50 . 2011-06-28 20:56	--------	d-----w-	C:\c47c419a446106a8764464422f
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M výpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-22 18:07 . 2011-06-22 18:07	404640	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-02 17:53 . 2011-06-02 17:53	94208	----a-w-	c:\windows\SysWow64\dpl100.dll
2011-06-02 05:56 . 2011-07-17 09:10	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2011-05-28 03:25 . 2011-06-17 12:24	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2011-05-28 03:00 . 2011-06-17 12:24	1638912	----a-w-	c:\windows\SysWow64\mshtml.tlb
2011-05-04 02:51 . 2011-06-17 12:25	287744	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-05-04 02:51 . 2011-06-17 12:25	157696	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-05-04 02:51 . 2011-06-17 12:25	126464	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2011-05-03 05:21 . 2011-06-17 12:24	976896	----a-w-	c:\windows\system32\inetcomm.dll
2011-05-03 04:50 . 2011-06-17 12:24	740864	----a-w-	c:\windows\SysWow64\inetcomm.dll
2011-04-29 03:13 . 2011-06-17 12:24	461312	----a-w-	c:\windows\system32\drivers\srv.sys
2011-04-29 03:12 . 2011-06-17 12:24	399872	----a-w-	c:\windows\system32\drivers\srv2.sys
2011-04-29 03:12 . 2011-06-17 12:24	161792	----a-w-	c:\windows\system32\drivers\srvnet.sys
.
.
((((((((((((((((((((((((((((((((((   Spouštěcí body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="c:\program files (x86)\Windows Live\Installer\wlstart.exe" [2009-07-26 779600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 McMPFSvc;McAfee Služba programu Personal Firewall;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
R2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [x]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
R3 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 funfrm;funfrm; [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbsmi;Lenovo EasyCamera;c:\windows\system32\DRIVERS\SMIksdrv.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
IgrsSvcs	REG_MULTI_SZ   	ReadyComm.DirectRouter PS_MDP
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2997335487-3770393647-607407720-1000Core.job
- c:\users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-20 12:27]
.
2011-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2997335487-3770393647-607407720-1000UA.job
- c:\users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-20 12:27]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43	134384	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2010-10-24 13:07	1502720	----a-w-	c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF12451.cfxxe" [X]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-18 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-18 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-18 365592]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2009-09-29 4366704]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2009-08-19 5825536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uStart Page = my.daemon-search.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:63050
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 62.240.178.250 10.0.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-tray_ico - (no file)
Wow6432Node-HKLM-Run-tray_ico1 - (no file)
Wow6432Node-HKLM-Run-tray_ico2 - (no file)
Wow6432Node-HKLM-Run-tray_ico3 - (no file)
Wow6432Node-HKLM-Run-tray_ico4 - (no file)
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-07-26  18:19:00
ComboFix-quarantined-files.txt  2011-07-26 16:18
.
Před spuštěním: Volných bajtů: 418 276 175 872
Po spuštění: Volných bajtů: 418 156 150 784
.
- - End Of File - - 060C4ED15EC9A6F69B08F53926D8C5D0

Máte vir z FB, klikl jste si na update flash playeru. Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj::

KillAll::

Collect::
c:\windows\unrar.exe

Driver::
funfrm

Folder::
c:\windows\update.tray-7-0
c:\windows\ufa
c:\windows\rpcminer
c:\windows\phoenix
c:\windows\av_ico
c:\windows\update.tray-9-0
c:\windows\update.tray-9-0-lnk

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Zasílám nový log po provedení skriptu, děkuji:

Kód: Vybrat vše

ComboFix 11-07-26.02 - Pavel 26.07.2011  19:24:52.3.2 - x64
Spuštěný z: c:\users\Pavel\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Pavel\Desktop\CFScript.txt
.
.
.
(((((((((((((((((((((((((((((((((((((((   Ostatní výmazy   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\av_ico
c:\windows\av_ico\ico_mcafee_start.ico
c:\windows\phoenix
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\rpcminer
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\ufa
c:\windows\ufa\ufa.exe
c:\windows\update.tray-7-0
c:\windows\update.tray-9-0-lnk
c:\windows\update.tray-9-0-lnk\svchost.exe
c:\windows\update.tray-9-0
c:\windows\update.tray-9-0\svchost.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Ovladače/Služby   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_funfrm
.
.
(((((((((((((((((((((((((   Soubory vytvořené od 2011-06-26 do 2011-07-26  )))))))))))))))))))))))))))))))
.
.
2011-07-25 19:46 . 2011-07-04 11:36	288088	----a-w-	c:\windows\system32\drivers\aswSP.sys
2011-07-25 19:46 . 2011-07-04 11:35	45400	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2011-07-25 19:46 . 2011-07-04 11:32	31064	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2011-07-25 19:46 . 2011-07-04 11:32	22360	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2011-07-25 19:46 . 2011-07-04 11:43	253888	----a-w-	c:\windows\system32\aswBoot.exe
2011-07-25 19:46 . 2011-07-04 11:36	600920	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2011-07-25 19:46 . 2011-07-04 11:32	64856	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2011-07-25 19:45 . 2011-07-04 11:43	40112	----a-w-	c:\windows\avastSS.scr
2011-07-25 19:45 . 2011-07-04 11:43	199304	----a-w-	c:\windows\SysWow64\aswBoot.exe
2011-07-25 19:45 . 2011-07-25 19:45	--------	d-----w-	c:\programdata\AVAST Software
2011-07-25 19:45 . 2011-07-25 19:45	--------	d-----w-	c:\program files\AVAST Software
2011-07-25 19:42 . 2011-07-25 19:42	--------	d-----w-	c:\users\Pavel\AppData\Local\ElevatedDiagnostics
2011-07-25 19:36 . 2011-07-25 19:36	--------	d-----w-	c:\programdata\McAfee
2011-07-25 19:30 . 2011-07-25 19:30	--------	d-----w-	c:\programdata\CyberLink
2011-07-17 09:32 . 2011-07-23 16:07	246272	------w-	c:\windows\unrar.exe
2011-07-17 09:11 . 2011-06-02 06:39	422400	----a-w-	c:\windows\system32\KernelBase.dll
2011-07-17 09:11 . 2011-06-02 05:54	272384	----a-w-	c:\windows\SysWow64\KernelBase.dll
2011-07-17 09:11 . 2011-06-02 06:23	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-17 09:11 . 2011-06-02 05:45	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-09 17:05 . 2011-07-09 17:05	--------	d-----w-	c:\users\Pavel\AppData\Roaming\Registry Mechanic
2011-07-07 18:45 . 2011-07-07 18:45	--------	d-----w-	c:\users\Pavel\AppData\Roaming\DivX
2011-07-07 18:44 . 2011-07-07 18:44	--------	d-----w-	c:\program files (x86)\Common Files\PX Storage Engine
2011-07-07 18:44 . 2011-07-07 18:44	--------	d-----w-	c:\program files\DivX
2011-07-07 18:43 . 2011-07-07 18:44	--------	d-----w-	c:\program files (x86)\Common Files\DivX Shared
2011-07-07 18:42 . 2011-07-07 18:45	--------	d-----w-	c:\program files (x86)\DivX
2011-07-07 18:41 . 2011-07-07 18:45	--------	d-----w-	c:\programdata\DivX
2011-07-07 08:07 . 2011-07-07 08:07	--------	d-----w-	c:\users\Pavel\AppData\Roaming\Unity
2011-07-07 07:47 . 2011-07-25 19:39	--------	d-----w-	c:\users\Pavel\AppData\Local\Unity
2011-06-27 17:52 . 2011-06-28 20:55	--------	d-----w-	c:\windows\system32\SPReview
2011-06-27 17:50 . 2011-06-27 17:50	--------	d-----w-	c:\windows\system32\EventProviders
2011-06-27 17:50 . 2011-06-28 20:56	--------	d-----w-	C:\c47c419a446106a8764464422f
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M výpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-22 18:07 . 2011-06-22 18:07	404640	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-02 17:53 . 2011-06-02 17:53	94208	----a-w-	c:\windows\SysWow64\dpl100.dll
2011-06-02 05:56 . 2011-07-17 09:10	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2011-05-28 03:25 . 2011-06-17 12:24	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2011-05-28 03:00 . 2011-06-17 12:24	1638912	----a-w-	c:\windows\SysWow64\mshtml.tlb
2011-05-04 02:51 . 2011-06-17 12:25	287744	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-05-04 02:51 . 2011-06-17 12:25	157696	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-05-04 02:51 . 2011-06-17 12:25	126464	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2011-05-03 05:21 . 2011-06-17 12:24	976896	----a-w-	c:\windows\system32\inetcomm.dll
2011-05-03 04:50 . 2011-06-17 12:24	740864	----a-w-	c:\windows\SysWow64\inetcomm.dll
2011-04-29 03:13 . 2011-06-17 12:24	461312	----a-w-	c:\windows\system32\drivers\srv.sys
2011-04-29 03:12 . 2011-06-17 12:24	399872	----a-w-	c:\windows\system32\drivers\srv2.sys
2011-04-29 03:12 . 2011-06-17 12:24	161792	----a-w-	c:\windows\system32\drivers\srvnet.sys
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-07-26_16.15.08   )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-07-26 16:00	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-07-26 17:36	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-07-26 16:00	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-26 17:36	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-26 16:00	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-26 17:36	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2011-07-26 16:25	48736              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-01-06 13:55 . 2011-07-26 15:58	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-06 13:55 . 2011-07-26 17:35	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-07-26 16:30	80736              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2011-01-06 13:55 . 2011-07-26 15:58	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-01-06 13:55 . 2011-07-26 17:35	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-01-06 13:55 . 2011-07-26 17:35	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-01-06 13:55 . 2011-07-26 15:58	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-01-06 13:55 . 2011-07-26 15:58	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-06 13:55 . 2011-07-26 17:35	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-06 13:55 . 2011-07-26 17:35	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-01-06 13:55 . 2011-07-26 15:58	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-06 20:26 . 2011-07-26 16:25	3636              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2997335487-3770393647-607407720-1000_UserData.bin
+ 2009-07-28 23:04 . 2011-07-26 17:34	3155              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2009-07-28 23:04 . 2011-07-26 15:49	3155              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2011-07-26 15:57 . 2011-07-26 15:57	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-26 17:34 . 2011-07-26 17:34	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-07-26 15:57 . 2011-07-26 15:57	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-07-26 17:34 . 2011-07-26 17:34	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-01-06 18:48 . 2011-07-26 17:21	279416              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2011-07-26 16:06	620150              c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-07-26 16:31	620150              c:\windows\system32\perfh009.dat
+ 2010-08-07 14:53 . 2011-07-26 16:31	635232              c:\windows\system32\perfh005.dat
- 2010-08-07 14:53 . 2011-07-26 16:06	635232              c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2011-07-26 16:31	108332              c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-07-26 16:06	108332              c:\windows\system32\perfc009.dat
+ 2010-08-07 14:53 . 2011-07-26 16:31	123974              c:\windows\system32\perfc005.dat
- 2010-08-07 14:53 . 2011-07-26 16:06	123974              c:\windows\system32\perfc005.dat
- 2009-07-14 05:01 . 2011-07-26 15:45	405156              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-07-26 17:34	405156              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2011-07-26 15:45	10223616              c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-07-26 16:37	10223616              c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((   Spouštěcí body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="c:\program files (x86)\Windows Live\Installer\wlstart.exe" [2009-07-26 779600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 McMPFSvc;McAfee Služba programu Personal Firewall;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
R2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [x]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
R3 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbsmi;Lenovo EasyCamera;c:\windows\system32\DRIVERS\SMIksdrv.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
IgrsSvcs	REG_MULTI_SZ   	ReadyComm.DirectRouter PS_MDP
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2997335487-3770393647-607407720-1000Core.job
- c:\users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-20 12:27]
.
2011-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2997335487-3770393647-607407720-1000UA.job
- c:\users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-20 12:27]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43	134384	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2010-10-24 13:07	1502720	----a-w-	c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF30533.cfxxe" [X]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-18 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-18 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-18 365592]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2009-09-29 4366704]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2009-08-19 5825536]
.
------- Doplňkový sken -------
.
uStart Page = my.daemon-search.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:63050
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 62.240.178.250 10.0.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Celkový čas: 2011-07-26  19:46:16 - počítač byl restartován
ComboFix-quarantined-files.txt  2011-07-26 17:46
ComboFix2.txt  2011-07-26 16:19
.
Před spuštěním: Volných bajtů: 418 260 029 440
Po spuštění: Volných bajtů: 418 171 199 488
.
- - End Of File - - 23B67DB657F56BED418FA4D9B13CCE0B
Nahr nˇ probŘhlo ŁspŘçnŘ

Ještě jednou spusťte CF tímto skriptem:

Collect::
c:\windows\unrar.exe

Kód: Vybrat vše

ComboFix 11-07-26.03 - Pavel 26.07.2011  20:47:24.5.2 - x64
Spuštěný z: c:\users\Pavel\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Pavel\Desktop\CFScript.txt
.
.
(((((((((((((((((((((((((((((((((((((((   Ostatní výmazy   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\unrar.exe
.
.
(((((((((((((((((((((((((   Soubory vytvořené od 2011-06-26 do 2011-07-26  )))))))))))))))))))))))))))))))
.
.
2011-07-26 18:58 . 2011-07-26 18:58	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-07-25 19:46 . 2011-07-04 11:43	253888	----a-w-	c:\windows\system32\aswBoot.exe
2011-07-25 19:45 . 2011-07-26 18:43	--------	d-----w-	c:\programdata\AVAST Software
2011-07-25 19:45 . 2011-07-25 19:45	--------	d-----w-	c:\program files\AVAST Software
2011-07-25 19:42 . 2011-07-25 19:42	--------	d-----w-	c:\users\Pavel\AppData\Local\ElevatedDiagnostics
2011-07-25 19:36 . 2011-07-25 19:36	--------	d-----w-	c:\programdata\McAfee
2011-07-25 19:30 . 2011-07-25 19:30	--------	d-----w-	c:\programdata\CyberLink
2011-07-17 09:11 . 2011-06-02 06:39	422400	----a-w-	c:\windows\system32\KernelBase.dll
2011-07-17 09:11 . 2011-06-02 05:54	272384	----a-w-	c:\windows\SysWow64\KernelBase.dll
2011-07-17 09:11 . 2011-06-02 06:23	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-17 09:11 . 2011-06-02 05:45	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-09 17:05 . 2011-07-09 17:05	--------	d-----w-	c:\users\Pavel\AppData\Roaming\Registry Mechanic
2011-07-07 18:45 . 2011-07-07 18:45	--------	d-----w-	c:\users\Pavel\AppData\Roaming\DivX
2011-07-07 18:44 . 2011-07-07 18:44	--------	d-----w-	c:\program files (x86)\Common Files\PX Storage Engine
2011-07-07 18:44 . 2011-07-07 18:44	--------	d-----w-	c:\program files\DivX
2011-07-07 18:43 . 2011-07-07 18:44	--------	d-----w-	c:\program files (x86)\Common Files\DivX Shared
2011-07-07 18:42 . 2011-07-07 18:45	--------	d-----w-	c:\program files (x86)\DivX
2011-07-07 18:41 . 2011-07-07 18:45	--------	d-----w-	c:\programdata\DivX
2011-07-07 08:07 . 2011-07-07 08:07	--------	d-----w-	c:\users\Pavel\AppData\Roaming\Unity
2011-07-07 07:47 . 2011-07-25 19:39	--------	d-----w-	c:\users\Pavel\AppData\Local\Unity
2011-06-27 17:52 . 2011-06-28 20:55	--------	d-----w-	c:\windows\system32\SPReview
2011-06-27 17:50 . 2011-06-27 17:50	--------	d-----w-	c:\windows\system32\EventProviders
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M výpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-26 18:03 . 2011-06-22 18:07	404640	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-02 17:53 . 2011-06-02 17:53	94208	----a-w-	c:\windows\SysWow64\dpl100.dll
2011-06-02 05:56 . 2011-07-17 09:10	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2011-05-04 02:51 . 2011-06-17 12:25	287744	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-05-04 02:51 . 2011-06-17 12:25	157696	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-05-04 02:51 . 2011-06-17 12:25	126464	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2011-05-03 05:21 . 2011-06-17 12:24	976896	----a-w-	c:\windows\system32\inetcomm.dll
2011-05-03 04:50 . 2011-06-17 12:24	740864	----a-w-	c:\windows\SysWow64\inetcomm.dll
2011-04-29 03:13 . 2011-06-17 12:24	461312	----a-w-	c:\windows\system32\drivers\srv.sys
2011-04-29 03:12 . 2011-06-17 12:24	399872	----a-w-	c:\windows\system32\drivers\srv2.sys
2011-04-29 03:12 . 2011-06-17 12:24	161792	----a-w-	c:\windows\system32\drivers\srvnet.sys
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-07-26_16.15.08   )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-26 18:15 . 2011-07-26 18:15	76800              c:\windows\SysWOW64\SetIEInstalledDate.exe
+ 2011-07-26 18:15 . 2011-07-26 18:15	74752              c:\windows\SysWOW64\RegisterIEPKEYs.exe
+ 2011-07-26 18:15 . 2011-07-26 18:15	54272              c:\windows\SysWOW64\pngfilt.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	48640              c:\windows\SysWOW64\mshtmler.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	72704              c:\windows\SysWOW64\mshtmled.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	11776              c:\windows\SysWOW64\mshta.exe
+ 2011-07-26 18:15 . 2011-07-26 18:15	10752              c:\windows\SysWOW64\msfeedssync.exe
+ 2011-07-26 18:15 . 2011-07-26 18:15	41472              c:\windows\SysWOW64\msfeedsbs.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	66048              c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	23552              c:\windows\SysWOW64\licmgr10.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	65024              c:\windows\SysWOW64\jsproxy.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	78848              c:\windows\SysWOW64\inseng.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	35840              c:\windows\SysWOW64\imgutil.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	86528              c:\windows\SysWOW64\iesysprep.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	74752              c:\windows\SysWOW64\iesetup.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	31744              c:\windows\SysWOW64\iernonce.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	74240              c:\windows\SysWOW64\ie4uinit.exe
+ 2011-07-26 18:15 . 2011-07-26 18:15	66048              c:\windows\SysWOW64\icardie.dll
+ 2009-07-14 04:54 . 2011-07-26 18:43	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-07-26 16:00	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-07-26 18:43	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-26 16:00	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-26 16:00	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-26 18:43	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-07 07:18 . 2011-07-26 19:01	34474              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-07-26 18:42	48872              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-07-26 18:15 . 2011-07-26 18:15	91648              c:\windows\system32\SetIEInstalledDate.exe
+ 2009-12-03 07:27 . 2009-12-03 07:27	74272              c:\windows\system32\RtNicProp64.dll
- 2010-10-24 12:56 . 2009-12-03 09:27	74272              c:\windows\system32\RtNicProp64.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	89088              c:\windows\system32\RegisterIEPKEYs.exe
+ 2011-07-26 18:15 . 2011-07-26 18:15	65024              c:\windows\system32\pngfilt.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	48640              c:\windows\system32\mshtmler.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	96256              c:\windows\system32\mshtmled.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	12288              c:\windows\system32\mshta.exe
+ 2011-07-26 18:15 . 2011-07-26 18:15	10752              c:\windows\system32\msfeedssync.exe
+ 2011-07-26 18:15 . 2011-07-26 18:15	55296              c:\windows\system32\msfeedsbs.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	86528              c:\windows\system32\migration\WininetPlugin.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	30720              c:\windows\system32\licmgr10.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	85504              c:\windows\system32\jsproxy.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	49664              c:\windows\system32\imgutil.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	85504              c:\windows\system32\iesetup.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	39936              c:\windows\system32\iernonce.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	89088              c:\windows\system32\ie4uinit.exe
+ 2011-07-26 18:15 . 2011-07-26 18:15	82432              c:\windows\system32\icardie.dll
+ 2009-07-14 05:30 . 2011-07-26 17:52	86016              c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2011-07-26 15:45	86016              c:\windows\system32\DriverStore\infpub.dat
+ 2009-12-03 07:27 . 2009-12-03 07:27	74272              c:\windows\system32\DriverStore\FileRepository\rt64win7.inf_amd64_neutral_62cb6bec0444b008\RtNicProp64.dll
- 2011-01-06 20:27 . 2011-07-26 15:47	32768              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-06 20:27 . 2011-07-26 18:15	32768              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-06 20:27 . 2011-07-26 18:15	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-01-06 20:27 . 2011-07-26 15:47	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-26 18:15	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-26 15:47	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-01-06 13:55 . 2011-07-26 15:58	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-06 13:55 . 2011-07-26 17:35	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-07-26 18:49	80736              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-01-06 13:55 . 2011-07-26 17:35	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-01-06 13:55 . 2011-07-26 15:58	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-01-06 13:55 . 2011-07-26 15:58	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-06 13:55 . 2011-07-26 17:35	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-01-06 13:55 . 2011-07-26 15:58	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-06 13:55 . 2011-07-26 18:03	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-06 13:55 . 2011-07-26 18:03	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-01-06 13:55 . 2011-07-26 15:58	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-08 09:09 . 2011-07-26 18:19	5292              c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-01-06 20:26 . 2011-07-26 18:42	4286              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2997335487-3770393647-607407720-1000_UserData.bin
- 2009-07-28 23:04 . 2011-07-26 15:49	3155              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2009-07-28 23:04 . 2011-07-26 18:58	3155              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2011-07-26 15:57 . 2011-07-26 15:57	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-26 18:59 . 2011-07-26 18:59	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-26 18:59 . 2011-07-26 18:59	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-07-26 15:57 . 2011-07-26 15:57	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-07-26 18:15 . 2011-07-26 18:15	152064              c:\windows\SysWOW64\wextract.exe
+ 2011-07-26 18:15 . 2011-07-26 18:15	203776              c:\windows\SysWOW64\webcheck.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	420864              c:\windows\SysWOW64\vbscript.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	231936              c:\windows\SysWOW64\url.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	123392              c:\windows\SysWOW64\occache.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	162304              c:\windows\SysWOW64\msrating.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	161792              c:\windows\SysWOW64\msls31.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	580608              c:\windows\SysWOW64\msfeeds.dll
+ 2011-07-26 18:03 . 2011-07-26 18:03	243360              c:\windows\SysWOW64\Macromed\Flash\FlashUtil10u_ActiveX.exe
+ 2011-07-26 18:03 . 2011-07-26 18:03	328864              c:\windows\SysWOW64\Macromed\Flash\FlashUtil10u_ActiveX.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	716800              c:\windows\SysWOW64\jscript.dll
- 2011-04-15 13:48 . 2011-02-18 05:35	716800              c:\windows\SysWOW64\jscript.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	150528              c:\windows\SysWOW64\iexpress.exe
+ 2011-07-26 18:15 . 2011-07-26 18:15	142848              c:\windows\SysWOW64\ieUnatt.exe
- 2011-06-17 12:24 . 2011-04-22 19:31	176640              c:\windows\SysWOW64\ieui.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	176640              c:\windows\SysWOW64\ieui.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	118784              c:\windows\SysWOW64\iepeers.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	353584              c:\windows\SysWOW64\iedkcs32.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	434176              c:\windows\SysWOW64\ieapfltr.dll
- 2009-07-13 23:42 . 2009-07-14 01:05	163840              c:\windows\SysWOW64\ieakui.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	163840              c:\windows\SysWOW64\ieakui.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	227840              c:\windows\SysWOW64\ieaksie.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	130560              c:\windows\SysWOW64\ieakeng.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	110592              c:\windows\SysWOW64\IEAdvpack.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	223232              c:\windows\SysWOW64\dxtrans.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	353792              c:\windows\SysWOW64\dxtmsft.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	101888              c:\windows\SysWOW64\admparse.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	160256              c:\windows\system32\wextract.exe
+ 2011-07-26 18:15 . 2011-07-26 18:15	249344              c:\windows\system32\webcheck.dll
+ 2011-01-06 18:48 . 2011-07-26 17:21	279416              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2011-07-26 18:15 . 2011-07-26 18:15	603648              c:\windows\system32\vbscript.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	236544              c:\windows\system32\url.dll
- 2010-10-24 12:56 . 2010-01-05 16:39	107552              c:\windows\system32\RTNUninst64.dll
+ 2010-10-24 12:56 . 2010-01-05 14:39	107552              c:\windows\system32\RTNUninst64.dll
- 2009-07-14 02:36 . 2011-07-26 16:06	620150              c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-07-26 18:45	620150              c:\windows\system32\perfh009.dat
- 2010-08-07 14:53 . 2011-07-26 16:06	635232              c:\windows\system32\perfh005.dat
+ 2010-08-07 14:53 . 2011-07-26 18:45	635232              c:\windows\system32\perfh005.dat
- 2009-07-14 02:36 . 2011-07-26 16:06	108332              c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-07-26 18:45	108332              c:\windows\system32\perfc009.dat
+ 2010-08-07 14:53 . 2011-07-26 18:45	123974              c:\windows\system32\perfc005.dat
- 2010-08-07 14:53 . 2011-07-26 16:06	123974              c:\windows\system32\perfc005.dat
+ 2011-07-26 18:15 . 2011-07-26 18:15	149504              c:\windows\system32\occache.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	197120              c:\windows\system32\msrating.dll
- 2009-07-13 23:39 . 2009-07-14 01:41	222208              c:\windows\system32\msls31.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	222208              c:\windows\system32\msls31.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	697344              c:\windows\system32\msfeeds.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	818176              c:\windows\system32\jscript.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	103936              c:\windows\system32\inseng.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	165888              c:\windows\system32\iexpress.exe
+ 2011-07-26 18:15 . 2011-07-26 18:15	173056              c:\windows\system32\ieUnatt.exe
+ 2011-07-26 18:15 . 2011-07-26 18:15	248320              c:\windows\system32\ieui.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	111616              c:\windows\system32\iesysprep.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	145920              c:\windows\system32\iepeers.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	403248              c:\windows\system32\iedkcs32.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	534528              c:\windows\system32\ieapfltr.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	163840              c:\windows\system32\ieakui.dll
- 2009-07-13 23:58 . 2009-07-14 01:27	163840              c:\windows\system32\ieakui.dll
- 2009-07-13 23:58 . 2009-07-14 01:41	267776              c:\windows\system32\ieaksie.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	267776              c:\windows\system32\ieaksie.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	160256              c:\windows\system32\ieakeng.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	135168              c:\windows\system32\IEAdvpack.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	282112              c:\windows\system32\dxtrans.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	452608              c:\windows\system32\dxtmsft.dll
+ 2009-07-14 05:30 . 2011-07-26 17:52	143360              c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-07-26 15:45	143360              c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-07-26 17:52	143360              c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2011-07-26 15:45	143360              c:\windows\system32\DriverStore\infstor.dat
+ 2010-01-05 14:39 . 2010-01-05 14:39	107552              c:\windows\system32\DriverStore\FileRepository\rt64win7.inf_amd64_neutral_62cb6bec0444b008\RTNUninst64.dll
+ 2010-06-23 07:10 . 2010-06-23 07:10	344680              c:\windows\system32\DriverStore\FileRepository\rt64win7.inf_amd64_neutral_62cb6bec0444b008\Rt64win7.sys
+ 2010-06-23 07:10 . 2010-06-23 07:10	344680              c:\windows\system32\drivers\Rt64win7.sys
+ 2011-07-26 18:15 . 2011-07-26 18:15	114176              c:\windows\system32\admparse.dll
+ 2009-07-14 05:01 . 2011-07-26 18:58	405156              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-07-26 15:45	405156              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-07-26 18:15 . 2011-07-26 18:15	1126912              c:\windows\SysWOW64\wininet.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	1102336              c:\windows\SysWOW64\urlmon.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	1797632              c:\windows\SysWOW64\jscript9.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	1785344              c:\windows\SysWOW64\iertutil.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	9703936              c:\windows\SysWOW64\ieframe.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	3695416              c:\windows\SysWOW64\ieapfltr.dat
+ 2011-07-26 18:15 . 2011-07-26 18:15	1389056              c:\windows\system32\wininet.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	1344000              c:\windows\system32\urlmon.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	2303488              c:\windows\system32\jscript9.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	2136064              c:\windows\system32\iertutil.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	3695416              c:\windows\system32\ieapfltr.dat
+ 2009-07-14 04:45 . 2011-07-26 18:22	3860019              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-07-26 16:00	3860019              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-07-26 18:15 . 2011-07-26 18:15	12269056              c:\windows\SysWOW64\mshtml.dll
+ 2009-07-14 02:34 . 2011-07-26 18:55	10485760              c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-07-26 18:15 . 2011-07-26 18:15	17773568              c:\windows\system32\mshtml.dll
+ 2011-07-26 18:15 . 2011-07-26 18:15	10885632              c:\windows\system32\ieframe.dll
.
-- Snímek resetován k současnému datu --
.
((((((((((((((((((((((((((((((((((   Spouštěcí body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny. 
REGEDIT4
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="c:\program files (x86)\Windows Live\Installer\wlstart.exe" [2009-07-26 779600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 McMPFSvc;McAfee Služba programu Personal Firewall;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
R2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [x]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
R3 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbsmi;Lenovo EasyCamera;c:\windows\system32\DRIVERS\SMIksdrv.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
IgrsSvcs	REG_MULTI_SZ   	ReadyComm.DirectRouter PS_MDP
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2997335487-3770393647-607407720-1000Core.job
- c:\users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-20 12:27]
.
2011-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2997335487-3770393647-607407720-1000UA.job
- c:\users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-20 12:27]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-18 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-18 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-18 365592]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2009-09-29 4366704]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2009-08-19 5825536]
.
------- Doplňkový sken -------
.
uStart Page = my.daemon-search.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:63050
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 62.240.178.250 10.0.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Opera\opera.exe
.
**************************************************************************
.
Celkový čas: 2011-07-26  21:13:24 - počítač byl restartován
ComboFix-quarantined-files.txt  2011-07-26 19:13
ComboFix2.txt  2011-07-26 17:47
ComboFix3.txt  2011-07-26 16:19
.
Před spuštěním: Volných bajtů: 418 131 918 848
Po spuštění: Volných bajtů: 418 604 777 472
.
- - End Of File - - 4620C1AE9F79E020B19105CD5A67A788
Nahr nˇ probŘhlo ŁspŘçnŘ

Log již vypadá čistý. Nastala nějaká změna?

naprostý rozdíl.. systém už reaguje svižněj a nejsou žádné prodlevy..nerestartuje se sám neustále dokola apod.

mnohokrát děkuji a vážím si vaší rychlosti, kvality a profesionality

Rádo se stalo!

VIRY.CZ

VIR? - restarty systemu, conhost..

VIR? - restarty systemu, conhost..

Re: VIR? - restarty systemu, conhost..

Re: VIR? - restarty systemu, conhost..

Re: VIR? - restarty systemu, conhost..

Re: VIR? - restarty systemu, conhost..

Re: VIR? - restarty systemu, conhost..

Re: VIR? - restarty systemu, conhost..

Re: VIR? - restarty systemu, conhost..