VIRY.CZ

prosáím o pomoc blbne mi gpu










ComboFix 11-10-11.02 - Doma 17.10.2011 20:38:53.4.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.4094.2869 [GMT 2:00]
Spuštěný z: c:\users\Doma\Documents\ComboFix.exe
AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- REŽIM S OMEZENOU FUNKČNOSTÍ -
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-17 do 2011-10-17 )))))))))))))))))))))))))))))))
.
.
2011-10-17 18:39 . 2011-10-17 18:39 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-10-17 18:39 . 2011-10-17 18:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-16 12:19 . 2011-10-17 18:41 -------- d-----w- c:\programdata\Kaspersky Lab
2011-10-16 12:19 . 2011-10-16 21:22 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2011-10-15 22:19 . 2011-09-06 20:45 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-10-15 22:19 . 2011-10-16 21:27 -------- d-----w- c:\program files\AVAST Software
2011-10-15 22:19 . 2011-10-16 12:33 -------- d-----w- c:\programdata\AVAST Software
2011-10-15 21:19 . 2011-10-16 21:27 -------- d-----w- c:\program files\trend micro
2011-10-15 21:19 . 2011-10-15 21:25 -------- d-----w- C:\rsit
2011-10-15 15:26 . 2011-10-15 15:26 -------- d-----w- c:\users\Doma\AppData\Roaming\NVIDIA
2011-10-15 14:38 . 2011-10-16 21:08 -------- d-----w- c:\windows\system32\appmgmt
2011-10-15 11:38 . 2011-10-15 11:38 -------- d-----w- c:\program files (x86)\TeamSpeak 3 Client
2011-10-13 18:35 . 2011-10-17 15:55 -------- d-----w- c:\program files\TeamSpeak 3 Client
2011-10-13 18:03 . 2011-08-19 14:33 27992 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-10-13 18:03 . 2010-11-26 16:02 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-10-13 17:59 . 2011-10-16 21:27 -------- d-----w- c:\users\Doma\AppData\Roaming\IObit
2011-10-13 17:51 . 2011-10-16 21:27 -------- d-----w- c:\programdata\IObit
2011-10-13 17:51 . 2011-10-13 18:03 -------- d-----w- c:\program files (x86)\IObit
2011-10-13 16:44 . 2011-10-16 20:57 -------- d-----w- c:\users\Doma\AppData\Roaming\Apple Computer
2011-10-13 16:44 . 2011-10-16 20:57 -------- d-----w- c:\users\Doma\AppData\Local\Apple Computer
2011-10-13 16:42 . 2011-10-16 21:27 -------- d-----w- c:\program files (x86)\Safari
2011-10-13 16:42 . 2011-10-16 20:44 -------- d-----w- c:\programdata\Apple Computer
2011-10-13 16:41 . 2011-10-13 16:41 -------- d-----w- c:\program files\Bonjour
2011-10-13 16:41 . 2011-10-13 16:41 -------- d-----w- c:\program files (x86)\Bonjour
2011-10-13 16:41 . 2011-10-13 16:41 -------- d-----w- c:\users\Doma\AppData\Local\Apple
2011-10-13 16:41 . 2011-10-13 16:41 -------- d-----w- c:\programdata\Apple
2011-10-09 20:31 . 2011-10-09 20:31 -------- d-----w- c:\users\Doma\AppData\Roaming\PotPlayerMini
2011-10-09 20:31 . 2011-10-09 20:31 -------- d-----w- c:\users\Doma\AppData\Local\Daum
2011-10-08 00:39 . 2011-10-08 00:39 -------- d-----w- c:\users\Doma\AppData\Roaming\Media Player Classic
2011-10-07 22:50 . 2011-03-02 10:43 175616 ----a-w- c:\windows\SysWow64\unrar.dll
2011-10-07 22:50 . 2011-07-16 14:17 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm
2011-10-07 22:50 . 2011-06-24 14:44 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2011-10-07 22:50 . 2011-06-24 14:28 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll
2011-10-07 22:50 . 2006-10-18 18:05 232448 ----a-w- c:\windows\SysWow64\mp3fhg.acm
2011-10-07 22:50 . 2011-10-04 08:00 74752 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2011-10-07 22:50 . 2011-10-07 22:51 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2011-10-07 22:39 . 2011-10-07 22:39 -------- d-----w- c:\program files (x86)\Daum
2011-10-07 14:49 . 2011-10-07 14:57 -------- d-----w- c:\users\Doma\AppData\Roaming\vlc
2011-10-07 14:49 . 2011-10-07 14:49 -------- d-----w- c:\program files (x86)\VideoLAN
2011-10-04 22:16 . 2011-10-04 22:16 -------- d-----w- C:\$AVG
2011-10-03 19:58 . 2011-10-03 19:58 -------- d-----w- c:\users\Doma\AppData\Roaming\AVG2012
2011-10-03 19:55 . 2011-10-03 19:55 -------- d--h--w- c:\programdata\Common Files
2011-10-03 19:55 . 2011-10-16 21:27 -------- d-----w- c:\programdata\AVG2012
2011-10-03 19:54 . 2011-10-16 20:47 -------- d-----w- c:\program files (x86)\AVG
2011-10-03 15:09 . 2011-10-03 15:09 -------- d-----w- c:\program files (x86)\Z8Games
2011-10-02 16:34 . 2011-10-02 17:00 -------- d-----w- c:\users\Doma\AppData\Local\Microsoft Games
2011-10-02 14:29 . 2007-03-26 06:40 6144 ----a-w- c:\windows\system32\drivers\Axtmvflt.sys
2011-10-02 14:29 . 2007-03-26 06:32 52224 ----a-w- c:\windows\system32\drivers\Axtmvprt.sys
2011-10-02 14:29 . 2007-03-26 06:31 54272 ----a-w- c:\windows\system32\drivers\Axtmvmdm.sys
2011-10-02 14:29 . 2011-10-02 14:37 -------- d-----w- c:\program files\Axesstel
2011-10-02 13:37 . 2011-10-16 21:10 -------- d-----w- c:\programdata\MFAData
2011-10-02 13:27 . 2011-10-02 14:44 -------- d-----w- c:\users\Doma\AppData\Roaming\TS3Client
2011-10-02 13:22 . 2011-10-02 13:22 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-02 12:55 . 2008-09-26 16:03 691712 ----a-w- c:\windows\system32\drivers\mod7700.sys
2011-10-02 12:55 . 2008-09-26 16:02 133632 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-10-02 12:55 . 2008-09-26 16:02 115328 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-10-02 12:55 . 2008-09-26 16:01 29696 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-10-02 12:55 . 2011-10-02 12:56 -------- d-----w- c:\program files (x86)\O2 Mobilni internet
2011-10-02 08:33 . 2011-10-02 14:36 -------- d-----w- c:\program files (x86)\Axesstel
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-24 18:27 . 2011-08-24 18:27 0 ----a-w- c:\windows\DXT7E64.tmp
2011-08-24 18:27 . 2011-08-24 18:27 0 ----a-w- c:\windows\DXT7E63.tmp
2011-08-16 16:46 . 2011-08-27 19:40 3056360 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2011-08-16 14:57 . 2011-08-27 19:40 1501696 ----a-w- c:\windows\system32\RCoRes64.dat
2011-08-16 12:43 . 2011-08-27 19:40 2518120 ----a-w- c:\windows\system32\RtPgEx64.dll
2011-08-16 12:43 . 2011-08-27 19:40 3200104 ----a-w- c:\windows\system32\RtkAPO64.dll
2011-08-15 14:47 . 2011-08-27 19:40 93800 ----a-w- c:\windows\system32\RCoInst64.dll
2011-08-13 17:21 . 2011-08-13 15:42 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2011-08-13 17:21 . 2011-08-13 15:42 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-08-13 17:21 . 2011-08-13 15:42 133632 ----a-w- c:\windows\system32\OpenAL32.dll
2011-08-13 17:21 . 2011-08-13 15:42 110592 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-08-05 23:29 . 2011-08-27 19:40 527872 ----a-w- c:\windows\system32\DTSU2PLFX64.dll
2011-08-05 23:29 . 2011-08-27 19:40 515584 ----a-w- c:\windows\system32\DTSU2PGFX64.dll
2011-08-05 23:29 . 2011-08-27 19:40 439808 ----a-w- c:\windows\system32\DTSU2PREC64.dll
2011-07-29 12:46 . 2011-08-27 19:40 1827944 ----a-w- c:\windows\system32\RtkApi64.dll
2011-07-27 22:55 . 2011-08-27 19:40 2604376 ----a-w- c:\windows\system32\WavesGUILib.dll
2011-07-27 22:55 . 2011-08-27 19:40 2132824 ----a-w- c:\windows\system32\MaxxAudioEQ.dll
2011-07-22 17:35 . 2011-08-27 19:40 1247848 ----a-w- c:\windows\system32\RTCOM64.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\softs\Steam\Steam.exe" [2011-08-13 1242448]
"PeerBlock"="d:\softs\PeerBlock\peerblock.exe" [2010-11-06 2646128]
"Advanced SystemCare 4"="c:\program files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-08-09 417112]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.cz/cz.special-uninstalla ... a8a3209458" [?]
.
c:\users\Doma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2011-6-16 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-08-09 328536]
R2 sfrem02;FrontLine Drivers Auto Removal (v2);c:\windows\system32\sfrem02.exe svc [x]
R3 SaiH0464;SaiH0464;c:\windows\system32\DRIVERS\SaiH0464.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 X6va005;X6va005;c:\users\Doma\AppData\Local\Temp\005897.tmp [x]
S0 sfdrv02;FrontLine Environment Driver (v2);c:\windows\system32\drivers\sfdrv02.sys [x]
S0 sfsync05;FrontLine Synchronization Driver (v5);c:\windows\system32\drivers\sfsync05.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\DRIVERS\Axtmvflt.sys [x]
S3 Axtmvmdm;Axesstel USB Modem;c:\windows\system32\DRIVERS\Axtmvmdm.sys [x]
S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\system32\Drivers\Axtmvprt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 yukonw7;Ovladač NDIS6.2 Miniport pro řadič Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a75222eb-ecf4-11e0-b879-0016e6de2aea}]
\shell\AutoRun\command - J:\AutoRun.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4074777687-3577094319-1465458308-1001Core.job
- c:\users\Doma\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-16 08:55]
.
2011-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4074777687-3577094319-1465458308-1001UA.job
- c:\users\Doma\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-16 08:55]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Přidat do Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-StartNowToolbarHelper - c:\program files (x86)\StartNow Toolbar\ToolbarHelper.exe
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-combofix - c:\combofix\CF24950.3XE
AddRemove-BattlEye for OA - c:\program files (x86)\Bohemia Interactive\ArmAExpansion\BattlEye\UnInstallBE.exe
AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
AddRemove-Test Drive Unlimited 2_is1 - d:\games\TDU2\Uninstall\unins000.exe
AddRemove-WYSIWYG_Web_Builder_7 - c:\windows\iun6002.exe
AddRemove-yuPlay ??????_is1 - d:\games\Wings of Prey\yuPlay\unins000.exe
AddRemove-{bd8defa4-19fa-4964-9692-f1112d8a62d9}}_is1 - d:\games\Wings of Prey\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Doma\AppData\Local\Temp\005897.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4074777687-3577094319-1465458308-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-4074777687-3577094319-1465458308-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-4074777687-3577094319-1465458308-1001)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-4074777687-3577094319-1465458308-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-4074777687-3577094319-1465458308-1001)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-4074777687-3577094319-1465458308-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-4074777687-3577094319-1465458308-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4074777687-3577094319-1465458308-1001)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-4074777687-3577094319-1465458308-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-4074777687-3577094319-1465458308-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-4074777687-3577094319-1465458308-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4074777687-3577094319-1465458308-1001)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-4074777687-3577094319-1465458308-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4074777687-3577094319-1465458308-1001)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-4074777687-3577094319-1465458308-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
.
**************************************************************************
.
Celkový čas: 2011-10-17 20:47:07 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-10-17 18:47
.
Před spuštěním: Volných bajtů: 59 787 476 992
Po spuštění: Volných bajtů: 59 547 418 624
.
- - End Of File - - 857E4C3F4EE46CDF3D4B763368FDC3BD






Logfile of random's system information tool 1.09 (written by random/random)
Run by Doma at 2011-10-17 20:56:49
Microsoft Windows 7 Ultimate
System drive C: has 57 GB (50%) free of 114 GB
Total RAM: 4094 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:56:58, on 17.10.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\O2 Mobilni internet\O2 Mobilni internet.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\trend micro\Doma.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.cz/cz.special-uninstalla ... a8a3209458
O4 - HKCU\..\Run: [Steam] "D:\Softs\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [PeerBlock] D:\Softs\PeerBlock\peerblock.exe
O4 - HKCU\..\Run: [Advanced SystemCare 4] "C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-21-4074777687-3577094319-1465458308-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-4074777687-3577094319-1465458308-1003\..\Run: [Google Update] "C:\Users\Doma\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-4074777687-3577094319-1465458308-1003\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-4074777687-3577094319-1465458308-1003\..\Run: [Steam] "D:\Softs\Steam\Steam.exe" -silent (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-4074777687-3577094319-1465458308-1003\..\Run: [PeerBlock] D:\Softs\PeerBlock\peerblock.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-4074777687-3577094319-1465458308-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: Přidat do Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O9 - Extra button: &Virtuální klávesnice - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O9 - Extra button: K&ontrola adres URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{39E62A6F-355B-4895-B1B2-B0E870221EC0}: NameServer = 160.218.167.5 160.218.161.60
O17 - HKLM\System\CS1\Services\Tcpip\..\{39E62A6F-355B-4895-B1B2-B0E870221EC0}: NameServer = 160.218.167.5 160.218.161.60
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Služba Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: FrontLine Drivers Auto Removal (v2) (sfrem02) - Unknown owner - C:\Windows\system32\sfrem02.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8760 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" -r
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-69a2c962-0856-43a3-b089-4471a7e88c39 -SystemEventPortName:HostProcess-23bc70aa-fc74-4196-8a90-766624acedef -IoCancelEventPortName:HostProcess-1719b585-a30d-4c97-a50c-111b546ef24b -NonStateChangingEventPortName:HostProcess-6a54bbd0-904d-4520-9d35-eae0637ffe25 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:1222007e-fcfc-4441-9f8e-0620fbf22e26
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
"C:\Program Files (x86)\MagicDisc\MagicDisc.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
notepad.exe "C:\Users\Doma\AppData\Local\Temp\log.txt"
"C:\Program Files (x86)\O2 Mobilni internet\O2 Mobilni internet.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:2228 CREDAT:79874
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtblfs.exe" -Embedding
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:2228 CREDAT:14338
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" -host
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 504 508 516 65536 512
"C:\Users\Doma\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4074777687-3577094319-1465458308-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4074777687-3577094319-1465458308-1001UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll [2011-04-24 91536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll [2011-04-24 292752]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll [2011-04-24 86416]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll [2011-04-24 229776]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=D:\Softs\Steam\Steam.exe [2011-08-13 1242448]
"PeerBlock"=D:\Softs\PeerBlock\peerblock.exe [2010-11-06 2646128]
"Advanced SystemCare 4"=C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe [2011-08-09 417112]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"=C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=cmd.exe /c start http://www.avg.cz/cz.special-uninstalla ... a8a3209458 []

C:\Users\Doma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MagicDisc.lnk - C:\Program Files (x86)\MagicDisc\MagicDisc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\System32\klogon.dll [2011-04-24 234896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 290304]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.FPS1"=frapsv64.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2011-10-17 20:47:07 ----A---- C:\ComboFix.txt
2011-10-16 14:21:01 ----A---- C:\Windows\system32\drivers\klin.dat
2011-10-16 14:21:01 ----A---- C:\Windows\system32\drivers\klick.dat
2011-10-16 14:19:08 ----D---- C:\ProgramData\Kaspersky Lab
2011-10-16 14:19:08 ----D---- C:\Program Files (x86)\Kaspersky Lab
2011-10-16 14:18:51 ----A---- C:\Windows\system32\drivers\klif.sys
2011-10-16 02:03:46 ----A---- C:\Windows\zip.exe
2011-10-16 02:03:46 ----A---- C:\Windows\SWSC.exe
2011-10-16 02:03:46 ----A---- C:\Windows\SWREG.exe
2011-10-16 02:03:46 ----A---- C:\Windows\sed.exe
2011-10-16 02:03:46 ----A---- C:\Windows\PEV.exe
2011-10-16 02:03:46 ----A---- C:\Windows\NIRCMD.exe
2011-10-16 02:03:46 ----A---- C:\Windows\MBR.exe
2011-10-16 02:03:46 ----A---- C:\Windows\grep.exe
2011-10-16 02:03:38 ----D---- C:\Windows\ERDNT
2011-10-16 02:02:26 ----D---- C:\Qoobox
2011-10-16 00:19:48 ----A---- C:\Windows\system32\aswBoot.exe
2011-10-16 00:19:27 ----D---- C:\ProgramData\AVAST Software
2011-10-16 00:19:27 ----D---- C:\Program Files\AVAST Software
2011-10-15 23:19:52 ----D---- C:\Program Files\trend micro
2011-10-15 23:19:51 ----D---- C:\rsit
2011-10-15 17:26:34 ----D---- C:\Users\Doma\AppData\Roaming\NVIDIA
2011-10-15 16:38:47 ----D---- C:\Windows\system32\appmgmt
2011-10-15 13:38:42 ----D---- C:\Program Files (x86)\TeamSpeak 3 Client
2011-10-13 20:35:02 ----D---- C:\Program Files\TeamSpeak 3 Client
2011-10-13 20:03:41 ----A---- C:\Windows\system32\SmartDefragBootTime.exe
2011-10-13 20:03:41 ----A---- C:\Windows\system32\drivers\SmartDefragDriver.sys
2011-10-13 19:59:49 ----D---- C:\Users\Doma\AppData\Roaming\IObit
2011-10-13 19:51:21 ----D---- C:\ProgramData\IObit
2011-10-13 19:51:21 ----D---- C:\Program Files (x86)\IObit
2011-10-13 18:44:17 ----D---- C:\Users\Doma\AppData\Roaming\Apple Computer
2011-10-13 18:42:20 ----D---- C:\ProgramData\Apple Computer
2011-10-13 18:42:20 ----D---- C:\Program Files (x86)\Safari
2011-10-13 18:41:26 ----D---- C:\Program Files\Bonjour
2011-10-13 18:41:26 ----D---- C:\Program Files (x86)\Bonjour
2011-10-13 18:41:09 ----D---- C:\ProgramData\Apple
2011-10-09 22:31:19 ----D---- C:\Users\Doma\AppData\Roaming\PotPlayerMini
2011-10-08 02:39:17 ----D---- C:\Users\Doma\AppData\Roaming\Media Player Classic
2011-10-08 00:50:41 ----A---- C:\Windows\SYSWOW64\unrar.dll
2011-10-08 00:50:40 ----A---- C:\Windows\SYSWOW64\xvidvfw.dll
2011-10-08 00:50:40 ----A---- C:\Windows\SYSWOW64\xvidcore.dll
2011-10-08 00:50:40 ----A---- C:\Windows\avisplitter.ini
2011-10-08 00:50:39 ----A---- C:\Windows\SYSWOW64\ff_vfw.dll
2011-10-08 00:50:37 ----D---- C:\Program Files (x86)\K-Lite Codec Pack
2011-10-08 00:39:48 ----D---- C:\Program Files (x86)\Daum
2011-10-07 16:49:33 ----D---- C:\Users\Doma\AppData\Roaming\vlc
2011-10-07 16:49:17 ----D---- C:\Program Files (x86)\VideoLAN
2011-10-05 00:16:34 ----D---- C:\$AVG
2011-10-03 21:58:45 ----D---- C:\Users\Doma\AppData\Roaming\AVG2012
2011-10-03 21:55:51 ----HD---- C:\ProgramData\Common Files
2011-10-03 21:55:16 ----D---- C:\ProgramData\AVG2012
2011-10-03 21:54:41 ----D---- C:\Program Files (x86)\AVG
2011-10-03 17:09:40 ----D---- C:\Program Files (x86)\Z8Games
2011-10-02 16:29:31 ----A---- C:\Windows\system32\drivers\Axtmvprt.sys
2011-10-02 16:29:31 ----A---- C:\Windows\system32\drivers\Axtmvmdm.sys
2011-10-02 16:29:31 ----A---- C:\Windows\system32\drivers\Axtmvflt.sys
2011-10-02 16:29:28 ----D---- C:\Program Files\Axesstel
2011-10-02 15:37:20 ----D---- C:\ProgramData\MFAData
2011-10-02 15:27:03 ----D---- C:\Users\Doma\AppData\Roaming\TS3Client
2011-10-02 14:55:57 ----A---- C:\Windows\system32\drivers\mod7700.sys
2011-10-02 14:55:57 ----A---- C:\Windows\system32\drivers\ewusbnet.sys
2011-10-02 14:55:57 ----A---- C:\Windows\system32\drivers\ewusbmdm.sys
2011-10-02 14:55:57 ----A---- C:\Windows\system32\drivers\ewdcsc.sys
2011-10-02 14:55:19 ----D---- C:\Program Files (x86)\O2 Mobilni internet
2011-10-02 10:33:35 ----D---- C:\Program Files (x86)\Axesstel

======List of files/folders modified in the last 1 month======

2011-10-17 20:56:56 ----D---- C:\Windows\Temp
2011-10-17 20:47:09 ----D---- C:\Windows\system32\drivers
2011-10-17 20:42:08 ----D---- C:\Windows
2011-10-17 20:42:08 ----A---- C:\Windows\system.ini
2011-10-17 20:41:51 ----D---- C:\Windows\system32\drivers\etc
2011-10-17 20:41:17 ----D---- C:\ProgramData\NVIDIA
2011-10-17 20:37:48 ----D---- C:\Windows\Prefetch
2011-10-17 20:15:34 ----D---- C:\Users\Doma\AppData\Roaming\uTorrent
2011-10-17 18:00:32 ----D---- C:\Windows\system32\config
2011-10-17 17:58:04 ----SHD---- C:\System Volume Information
2011-10-17 17:57:47 ----SHD---- C:\Windows\Installer
2011-10-17 17:57:44 ----D---- C:\Program Files (x86)\Common Files
2011-10-16 23:29:27 ----D---- C:\Windows\Tasks
2011-10-16 23:29:27 ----D---- C:\Windows\system32\wfp
2011-10-16 23:29:27 ----D---- C:\Windows\inf
2011-10-16 23:29:20 ----RD---- C:\Program Files (x86)
2011-10-16 23:29:20 ----D---- C:\Windows\SysWOW64
2011-10-16 23:29:20 ----D---- C:\Windows\System32
2011-10-16 23:29:18 ----D---- C:\Windows\system32\wbem
2011-10-16 23:28:10 ----D---- C:\Windows\system32\DriverStore
2011-10-16 23:28:10 ----D---- C:\Windows\system32\catroot2
2011-10-16 23:28:07 ----D---- C:\Windows\system32\cs-CZ
2011-10-16 23:28:05 ----D---- C:\Windows\winsxs
2011-10-16 23:28:04 ----D---- C:\Windows\system32\Tasks
2011-10-16 23:28:04 ----D---- C:\Windows\system32\NDF
2011-10-16 23:28:04 ----D---- C:\Windows\system32\CodeIntegrity
2011-10-16 23:28:03 ----D---- C:\Windows\security
2011-10-16 23:27:56 ----D---- C:\Windows\Help
2011-10-16 23:27:55 ----D---- C:\Windows\AppCompat
2011-10-16 23:27:36 ----D---- C:\Program Files\NVIDIA Corporation
2011-10-16 23:27:34 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2011-10-16 23:27:12 ----D---- C:\ProgramData\Comodo
2011-10-16 23:26:57 ----D---- C:\Windows\registration
2011-10-16 23:26:27 ----D---- C:\Windows\system32\catroot
2011-10-16 23:25:21 ----RD---- C:\Users
2011-10-16 23:25:14 ----SD---- C:\Users\Doma\AppData\Roaming\Microsoft
2011-10-16 23:24:04 ----D---- C:\ProgramData
2011-10-16 23:23:45 ----D---- C:\Program Files\Windows Sidebar
2011-10-16 23:23:44 ----RD---- C:\Program Files
2011-10-16 23:22:08 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-10-16 22:47:33 ----D---- C:\Program Files\COMODO
2011-10-16 11:07:28 ----D---- C:\Windows\SYSWOW64\drivers
2011-10-16 11:07:28 ----D---- C:\Windows\AppPatch
2011-10-16 11:07:25 ----D---- C:\Program Files\Common Files
2011-10-11 10:09:11 ----D---- C:\Windows\Minidump
2011-10-09 17:39:28 ----D---- C:\Windows\system32\wdi
2011-10-09 13:48:00 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-10-07 16:46:17 ----D---- C:\Users\Doma\AppData\Roaming\Thinstall
2011-10-02 20:12:55 ----RSD---- C:\Windows\assembly
2011-10-02 20:10:32 ----D---- C:\Windows\system32\LogFiles
2011-10-02 16:39:37 ----D---- C:\Windows\ModemLogs
2011-10-02 15:22:10 ----D---- C:\Windows\Downloaded Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 KL1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2011-03-04 460888]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sfdrv02;FrontLine Environment Driver (v2); C:\Windows\system32\drivers\sfdrv02.sys [2006-09-11 74616]
R0 sfsync05;FrontLine Synchronization Driver (v5); C:\Windows\system32\drivers\sfsync05.sys [2006-08-11 78208]
R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 kl2;kl2; C:\Windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2011-10-16 615728]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
R2 cpuz135;cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
R3 Axtmvflt;Axesstel USB Filter Service; C:\Windows\system32\DRIVERS\Axtmvflt.sys [2007-03-26 6144]
R3 Axtmvmdm;Axesstel USB Modem; C:\Windows\system32\DRIVERS\Axtmvmdm.sys [2007-03-26 54272]
R3 Axtmvprt;Axesstel Diagnostic Port; C:\Windows\System32\Drivers\Axtmvprt.sys [2007-03-26 52224]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2008-09-26 115328]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-08-16 3056360]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2009-02-24 255552]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 SaiH0464;SaiH0464; C:\Windows\system32\DRIVERS\SaiH0464.sys [2007-05-01 171144]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 X6va005;X6va005; \??\C:\Users\Doma\AppData\Local\Temp\005897.tmp []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AVP;Služba Kaspersky Anti-Virus; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-04-24 202296]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2011-04-06 349472]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-05-25 1016936]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
S2 AdvancedSystemCareService;Advanced SystemCare Service; C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-08-09 328536]
S2 sfrem02;FrontLine Drivers Auto Removal (v2); C:\Windows\system32\sfrem02.exe [2006-05-11 607352]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2011-10-08 419624]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

-----------------EOF-----------------

Stáhněte nový ComboFix, váš je již po expiraci a dejte nový log.

doufám že ted jsem to udělal správně



ComboFix 11-10-17.02 - Doma 17.10.2011 21:27:46.5.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.4094.2702 [GMT 2:00]
Spuštěný z: c:\users\Doma\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-17 do 2011-10-17 )))))))))))))))))))))))))))))))
.
.
2011-10-17 19:32 . 2011-10-17 19:32 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-10-17 19:32 . 2011-10-17 19:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-16 12:19 . 2011-10-17 19:34 -------- d-----w- c:\programdata\Kaspersky Lab
2011-10-16 12:19 . 2011-10-16 21:22 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2011-10-15 22:19 . 2011-09-06 20:45 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-10-15 22:19 . 2011-10-16 21:27 -------- d-----w- c:\program files\AVAST Software
2011-10-15 22:19 . 2011-10-16 12:33 -------- d-----w- c:\programdata\AVAST Software
2011-10-15 21:19 . 2011-10-17 18:56 -------- d-----w- c:\program files\trend micro
2011-10-15 21:19 . 2011-10-17 19:07 -------- d-----w- C:\rsit
2011-10-15 15:26 . 2011-10-15 15:26 -------- d-----w- c:\users\Doma\AppData\Roaming\NVIDIA
2011-10-15 14:38 . 2011-10-16 21:08 -------- d-----w- c:\windows\system32\appmgmt
2011-10-15 11:38 . 2011-10-15 11:38 -------- d-----w- c:\program files (x86)\TeamSpeak 3 Client
2011-10-13 18:35 . 2011-10-17 15:55 -------- d-----w- c:\program files\TeamSpeak 3 Client
2011-10-13 18:03 . 2011-08-19 14:33 27992 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-10-13 18:03 . 2010-11-26 16:02 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-10-13 17:59 . 2011-10-16 21:27 -------- d-----w- c:\users\Doma\AppData\Roaming\IObit
2011-10-13 17:51 . 2011-10-16 21:27 -------- d-----w- c:\programdata\IObit
2011-10-13 17:51 . 2011-10-13 18:03 -------- d-----w- c:\program files (x86)\IObit
2011-10-13 16:44 . 2011-10-16 20:57 -------- d-----w- c:\users\Doma\AppData\Roaming\Apple Computer
2011-10-13 16:44 . 2011-10-16 20:57 -------- d-----w- c:\users\Doma\AppData\Local\Apple Computer
2011-10-13 16:42 . 2011-10-16 21:27 -------- d-----w- c:\program files (x86)\Safari
2011-10-13 16:42 . 2011-10-16 20:44 -------- d-----w- c:\programdata\Apple Computer
2011-10-13 16:41 . 2011-10-13 16:41 -------- d-----w- c:\program files\Bonjour
2011-10-13 16:41 . 2011-10-13 16:41 -------- d-----w- c:\program files (x86)\Bonjour
2011-10-13 16:41 . 2011-10-13 16:41 -------- d-----w- c:\users\Doma\AppData\Local\Apple
2011-10-13 16:41 . 2011-10-13 16:41 -------- d-----w- c:\programdata\Apple
2011-10-09 20:31 . 2011-10-09 20:31 -------- d-----w- c:\users\Doma\AppData\Roaming\PotPlayerMini
2011-10-09 20:31 . 2011-10-09 20:31 -------- d-----w- c:\users\Doma\AppData\Local\Daum
2011-10-08 00:39 . 2011-10-08 00:39 -------- d-----w- c:\users\Doma\AppData\Roaming\Media Player Classic
2011-10-07 22:50 . 2011-03-02 10:43 175616 ----a-w- c:\windows\SysWow64\unrar.dll
2011-10-07 22:50 . 2011-07-16 14:17 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm
2011-10-07 22:50 . 2011-06-24 14:44 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2011-10-07 22:50 . 2011-06-24 14:28 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll
2011-10-07 22:50 . 2006-10-18 18:05 232448 ----a-w- c:\windows\SysWow64\mp3fhg.acm
2011-10-07 22:50 . 2011-10-04 08:00 74752 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2011-10-07 22:50 . 2011-10-07 22:51 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2011-10-07 22:39 . 2011-10-07 22:39 -------- d-----w- c:\program files (x86)\Daum
2011-10-07 14:49 . 2011-10-07 14:57 -------- d-----w- c:\users\Doma\AppData\Roaming\vlc
2011-10-07 14:49 . 2011-10-07 14:49 -------- d-----w- c:\program files (x86)\VideoLAN
2011-10-04 22:16 . 2011-10-04 22:16 -------- d-----w- C:\$AVG
2011-10-03 19:58 . 2011-10-03 19:58 -------- d-----w- c:\users\Doma\AppData\Roaming\AVG2012
2011-10-03 19:55 . 2011-10-03 19:55 -------- d--h--w- c:\programdata\Common Files
2011-10-03 19:55 . 2011-10-16 21:27 -------- d-----w- c:\programdata\AVG2012
2011-10-03 19:54 . 2011-10-16 20:47 -------- d-----w- c:\program files (x86)\AVG
2011-10-03 15:09 . 2011-10-03 15:09 -------- d-----w- c:\program files (x86)\Z8Games
2011-10-02 16:34 . 2011-10-02 17:00 -------- d-----w- c:\users\Doma\AppData\Local\Microsoft Games
2011-10-02 14:29 . 2007-03-26 06:40 6144 ----a-w- c:\windows\system32\drivers\Axtmvflt.sys
2011-10-02 14:29 . 2007-03-26 06:32 52224 ----a-w- c:\windows\system32\drivers\Axtmvprt.sys
2011-10-02 14:29 . 2007-03-26 06:31 54272 ----a-w- c:\windows\system32\drivers\Axtmvmdm.sys
2011-10-02 14:29 . 2011-10-02 14:37 -------- d-----w- c:\program files\Axesstel
2011-10-02 13:37 . 2011-10-16 21:10 -------- d-----w- c:\programdata\MFAData
2011-10-02 13:27 . 2011-10-02 14:44 -------- d-----w- c:\users\Doma\AppData\Roaming\TS3Client
2011-10-02 13:22 . 2011-10-02 13:22 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-02 12:55 . 2008-09-26 16:03 691712 ----a-w- c:\windows\system32\drivers\mod7700.sys
2011-10-02 12:55 . 2008-09-26 16:02 133632 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-10-02 12:55 . 2008-09-26 16:02 115328 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-10-02 12:55 . 2008-09-26 16:01 29696 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-10-02 12:55 . 2011-10-02 12:56 -------- d-----w- c:\program files (x86)\O2 Mobilni internet
2011-10-02 08:33 . 2011-10-02 14:36 -------- d-----w- c:\program files (x86)\Axesstel
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-24 18:27 . 2011-08-24 18:27 0 ----a-w- c:\windows\DXT7E64.tmp
2011-08-24 18:27 . 2011-08-24 18:27 0 ----a-w- c:\windows\DXT7E63.tmp
2011-08-16 16:46 . 2011-08-27 19:40 3056360 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2011-08-16 14:57 . 2011-08-27 19:40 1501696 ----a-w- c:\windows\system32\RCoRes64.dat
2011-08-16 12:43 . 2011-08-27 19:40 2518120 ----a-w- c:\windows\system32\RtPgEx64.dll
2011-08-16 12:43 . 2011-08-27 19:40 3200104 ----a-w- c:\windows\system32\RtkAPO64.dll
2011-08-15 14:47 . 2011-08-27 19:40 93800 ----a-w- c:\windows\system32\RCoInst64.dll
2011-08-13 17:21 . 2011-08-13 15:42 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2011-08-13 17:21 . 2011-08-13 15:42 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-08-13 17:21 . 2011-08-13 15:42 133632 ----a-w- c:\windows\system32\OpenAL32.dll
2011-08-13 17:21 . 2011-08-13 15:42 110592 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-08-05 23:29 . 2011-08-27 19:40 527872 ----a-w- c:\windows\system32\DTSU2PLFX64.dll
2011-08-05 23:29 . 2011-08-27 19:40 515584 ----a-w- c:\windows\system32\DTSU2PGFX64.dll
2011-08-05 23:29 . 2011-08-27 19:40 439808 ----a-w- c:\windows\system32\DTSU2PREC64.dll
2011-07-29 12:46 . 2011-08-27 19:40 1827944 ----a-w- c:\windows\system32\RtkApi64.dll
2011-07-27 22:55 . 2011-08-27 19:40 2604376 ----a-w- c:\windows\system32\WavesGUILib.dll
2011-07-27 22:55 . 2011-08-27 19:40 2132824 ----a-w- c:\windows\system32\MaxxAudioEQ.dll
2011-07-22 17:35 . 2011-08-27 19:40 1247848 ----a-w- c:\windows\system32\RTCOM64.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-17_18.42.08 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 05:10 . 2011-10-17 18:43 39466 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-10-17 19:35 39466 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-16 08:49 . 2011-10-17 19:35 11600 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4074777687-3577094319-1465458308-1001_UserData.bin
+ 2011-06-16 08:49 . 2011-10-17 18:44 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-16 08:49 . 2011-10-17 18:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-16 08:49 . 2011-10-17 18:44 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-06-16 08:49 . 2011-10-17 18:19 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-06-16 08:49 . 2011-10-17 18:44 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-16 08:49 . 2011-10-17 18:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-16 08:49 . 2011-10-17 18:44 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-16 08:49 . 2011-10-17 18:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-16 08:49 . 2011-10-17 18:44 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-16 08:49 . 2011-10-17 18:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-17 19:33 . 2011-10-17 19:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-17 18:41 . 2011-10-17 18:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-17 19:33 . 2011-10-17 19:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-10-17 18:41 . 2011-10-17 18:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\softs\Steam\Steam.exe" [2011-08-13 1242448]
"PeerBlock"="d:\softs\PeerBlock\peerblock.exe" [2010-11-06 2646128]
"Advanced SystemCare 4"="c:\program files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-08-09 417112]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.cz/cz.special-uninstalla ... a8a3209458" [?]
.
c:\users\Doma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2011-6-16 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-08-09 328536]
R2 sfrem02;FrontLine Drivers Auto Removal (v2);c:\windows\system32\sfrem02.exe svc [x]
R3 SaiH0464;SaiH0464;c:\windows\system32\DRIVERS\SaiH0464.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 X6va005;X6va005;c:\users\Doma\AppData\Local\Temp\005897.tmp [x]
S0 sfdrv02;FrontLine Environment Driver (v2);c:\windows\system32\drivers\sfdrv02.sys [x]
S0 sfsync05;FrontLine Synchronization Driver (v5);c:\windows\system32\drivers\sfsync05.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\DRIVERS\Axtmvflt.sys [x]
S3 Axtmvmdm;Axesstel USB Modem;c:\windows\system32\DRIVERS\Axtmvmdm.sys [x]
S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\system32\Drivers\Axtmvprt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 yukonw7;Ovladač NDIS6.2 Miniport pro řadič Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4074777687-3577094319-1465458308-1001Core.job
- c:\users\Doma\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-16 08:55]
.
2011-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4074777687-3577094319-1465458308-1001UA.job
- c:\users\Doma\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-16 08:55]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Přidat do Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-yuPlay ??????_is1 - d:\games\Wings of Prey\yuPlay\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Doma\AppData\Local\Temp\005897.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4074777687-3577094319-1465458308-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-4074777687-3577094319-1465458308-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-4074777687-3577094319-1465458308-1001)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-4074777687-3577094319-1465458308-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-4074777687-3577094319-1465458308-1001)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-4074777687-3577094319-1465458308-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-4074777687-3577094319-1465458308-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4074777687-3577094319-1465458308-1001)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-4074777687-3577094319-1465458308-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-4074777687-3577094319-1465458308-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-4074777687-3577094319-1465458308-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4074777687-3577094319-1465458308-1001)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-4074777687-3577094319-1465458308-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4074777687-3577094319-1465458308-1001)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-4074777687-3577094319-1465458308-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
.
**************************************************************************
.
Celkový čas: 2011-10-17 21:39:30 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-10-17 19:39
ComboFix2.txt 2011-10-17 18:47
.
Před spuštěním: Volných bajtů: 59 544 367 104
Po spuštění: Volných bajtů: 59 279 183 872
.
- - End Of File - - 138834FD923795EA6A417E8CE0AFC63F

Logfile of random's system information tool 1.09 (written by random/random)
Run by Doma at 2011-10-17 22:15:27
Microsoft Windows 7 Ultimate
System drive C: has 57 GB (49%) free of 114 GB
Total RAM: 4094 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:15:36, on 17.10.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files (x86)\O2 Mobilni internet\O2 Mobilni internet.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\trend micro\Doma.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avp] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.cz/cz.special-uninstalla ... a8a3209458
O4 - HKCU\..\Run: [Steam] "D:\Softs\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [PeerBlock] D:\Softs\PeerBlock\peerblock.exe
O4 - HKCU\..\Run: [Advanced SystemCare 4] "C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-21-4074777687-3577094319-1465458308-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-4074777687-3577094319-1465458308-1003\..\Run: [Google Update] "C:\Users\Doma\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-4074777687-3577094319-1465458308-1003\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-4074777687-3577094319-1465458308-1003\..\Run: [Steam] "D:\Softs\Steam\Steam.exe" -silent (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-4074777687-3577094319-1465458308-1003\..\Run: [PeerBlock] D:\Softs\PeerBlock\peerblock.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-4074777687-3577094319-1465458308-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: Přidat do Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O9 - Extra button: &Virtuální klávesnice - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O9 - Extra button: K&ontrola adres URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{39E62A6F-355B-4895-B1B2-B0E870221EC0}: NameServer = 160.218.161.60 194.228.211.33
O17 - HKLM\System\CS1\Services\Tcpip\..\{39E62A6F-355B-4895-B1B2-B0E870221EC0}: NameServer = 160.218.161.60 194.228.211.33
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Služba Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: FrontLine Drivers Auto Removal (v2) (sfrem02) - Unknown owner - C:\Windows\system32\sfrem02.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8867 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" -r
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-3ca515e3-dbfc-4b72-b622-6ee8a5aa7529 -SystemEventPortName:HostProcess-4a800838-651e-4cdb-be53-114e8bf8a347 -IoCancelEventPortName:HostProcess-d99d6661-8338-451a-8f47-2ff265b5e212 -NonStateChangingEventPortName:HostProcess-d9b8c172-37b3-48d5-a50b-f59e95fcda53 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:aa3bd11a-1fd0-4efa-a562-25184cb628eb
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\MagicDisc\MagicDisc.exe"
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\O2 Mobilni internet\O2 Mobilni internet.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1528 CREDAT:79873
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtblfs.exe" -Embedding
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1528 CREDAT:14375
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-4074777687-3577094319-1465458308-100112_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-4074777687-3577094319-1465458308-100112 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
"C:\Users\Doma\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4074777687-3577094319-1465458308-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4074777687-3577094319-1465458308-1001UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll [2011-04-24 91536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll [2011-04-24 292752]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll [2011-04-24 86416]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll [2011-04-24 229776]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=D:\Softs\Steam\Steam.exe [2011-08-13 1242448]
"PeerBlock"=D:\Softs\PeerBlock\peerblock.exe [2010-11-06 2646128]
"Advanced SystemCare 4"=C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe [2011-08-09 417112]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"=C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"avp"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-04-24 202296]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=cmd.exe /c start http://www.avg.cz/cz.special-uninstalla ... a8a3209458 []

C:\Users\Doma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MagicDisc.lnk - C:\Program Files (x86)\MagicDisc\MagicDisc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\System32\klogon.dll [2011-04-24 234896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 290304]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.FPS1"=frapsv64.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2011-10-17 21:39:31 ----A---- C:\ComboFix.txt
2011-10-16 14:21:01 ----A---- C:\Windows\system32\drivers\klin.dat
2011-10-16 14:21:01 ----A---- C:\Windows\system32\drivers\klick.dat
2011-10-16 14:19:08 ----D---- C:\ProgramData\Kaspersky Lab
2011-10-16 14:19:08 ----D---- C:\Program Files (x86)\Kaspersky Lab
2011-10-16 14:18:51 ----A---- C:\Windows\system32\drivers\klif.sys
2011-10-16 02:03:46 ----A---- C:\Windows\zip.exe
2011-10-16 02:03:46 ----A---- C:\Windows\SWSC.exe
2011-10-16 02:03:46 ----A---- C:\Windows\SWREG.exe
2011-10-16 02:03:46 ----A---- C:\Windows\sed.exe
2011-10-16 02:03:46 ----A---- C:\Windows\PEV.exe
2011-10-16 02:03:46 ----A---- C:\Windows\NIRCMD.exe
2011-10-16 02:03:46 ----A---- C:\Windows\MBR.exe
2011-10-16 02:03:46 ----A---- C:\Windows\grep.exe
2011-10-16 02:03:38 ----D---- C:\Windows\ERDNT
2011-10-16 02:02:26 ----D---- C:\Qoobox
2011-10-16 00:19:48 ----A---- C:\Windows\system32\aswBoot.exe
2011-10-16 00:19:27 ----D---- C:\ProgramData\AVAST Software
2011-10-16 00:19:27 ----D---- C:\Program Files\AVAST Software
2011-10-15 23:19:52 ----D---- C:\Program Files\trend micro
2011-10-15 23:19:51 ----D---- C:\rsit
2011-10-15 17:26:34 ----D---- C:\Users\Doma\AppData\Roaming\NVIDIA
2011-10-15 16:38:47 ----D---- C:\Windows\system32\appmgmt
2011-10-15 13:38:42 ----D---- C:\Program Files (x86)\TeamSpeak 3 Client
2011-10-13 20:35:02 ----D---- C:\Program Files\TeamSpeak 3 Client
2011-10-13 20:03:41 ----A---- C:\Windows\system32\SmartDefragBootTime.exe
2011-10-13 20:03:41 ----A---- C:\Windows\system32\drivers\SmartDefragDriver.sys
2011-10-13 19:59:49 ----D---- C:\Users\Doma\AppData\Roaming\IObit
2011-10-13 19:51:21 ----D---- C:\ProgramData\IObit
2011-10-13 19:51:21 ----D---- C:\Program Files (x86)\IObit
2011-10-13 18:44:17 ----D---- C:\Users\Doma\AppData\Roaming\Apple Computer
2011-10-13 18:42:20 ----D---- C:\ProgramData\Apple Computer
2011-10-13 18:42:20 ----D---- C:\Program Files (x86)\Safari
2011-10-13 18:41:26 ----D---- C:\Program Files\Bonjour
2011-10-13 18:41:26 ----D---- C:\Program Files (x86)\Bonjour
2011-10-13 18:41:09 ----D---- C:\ProgramData\Apple
2011-10-09 22:31:19 ----D---- C:\Users\Doma\AppData\Roaming\PotPlayerMini
2011-10-08 02:39:17 ----D---- C:\Users\Doma\AppData\Roaming\Media Player Classic
2011-10-08 00:50:41 ----A---- C:\Windows\SYSWOW64\unrar.dll
2011-10-08 00:50:40 ----A---- C:\Windows\SYSWOW64\xvidvfw.dll
2011-10-08 00:50:40 ----A---- C:\Windows\SYSWOW64\xvidcore.dll
2011-10-08 00:50:40 ----A---- C:\Windows\avisplitter.ini
2011-10-08 00:50:39 ----A---- C:\Windows\SYSWOW64\ff_vfw.dll
2011-10-08 00:50:37 ----D---- C:\Program Files (x86)\K-Lite Codec Pack
2011-10-08 00:39:48 ----D---- C:\Program Files (x86)\Daum
2011-10-07 16:49:33 ----D---- C:\Users\Doma\AppData\Roaming\vlc
2011-10-07 16:49:17 ----D---- C:\Program Files (x86)\VideoLAN
2011-10-05 00:16:34 ----D---- C:\$AVG
2011-10-03 21:58:45 ----D---- C:\Users\Doma\AppData\Roaming\AVG2012
2011-10-03 21:55:51 ----HD---- C:\ProgramData\Common Files
2011-10-03 21:55:16 ----D---- C:\ProgramData\AVG2012
2011-10-03 21:54:41 ----D---- C:\Program Files (x86)\AVG
2011-10-03 17:09:40 ----D---- C:\Program Files (x86)\Z8Games
2011-10-02 16:29:31 ----A---- C:\Windows\system32\drivers\Axtmvprt.sys
2011-10-02 16:29:31 ----A---- C:\Windows\system32\drivers\Axtmvmdm.sys
2011-10-02 16:29:31 ----A---- C:\Windows\system32\drivers\Axtmvflt.sys
2011-10-02 16:29:28 ----D---- C:\Program Files\Axesstel
2011-10-02 15:37:20 ----D---- C:\ProgramData\MFAData
2011-10-02 15:27:03 ----D---- C:\Users\Doma\AppData\Roaming\TS3Client
2011-10-02 14:55:57 ----A---- C:\Windows\system32\drivers\mod7700.sys
2011-10-02 14:55:57 ----A---- C:\Windows\system32\drivers\ewusbnet.sys
2011-10-02 14:55:57 ----A---- C:\Windows\system32\drivers\ewusbmdm.sys
2011-10-02 14:55:57 ----A---- C:\Windows\system32\drivers\ewdcsc.sys
2011-10-02 14:55:19 ----D---- C:\Program Files (x86)\O2 Mobilni internet
2011-10-02 10:33:35 ----D---- C:\Program Files (x86)\Axesstel

======List of files/folders modified in the last 1 month======

2011-10-17 22:15:35 ----D---- C:\Windows\Temp
2011-10-17 21:39:33 ----D---- C:\Windows\system32\drivers
2011-10-17 21:34:32 ----D---- C:\Windows
2011-10-17 21:34:32 ----A---- C:\Windows\system.ini
2011-10-17 21:34:14 ----D---- C:\Windows\system32\drivers\etc
2011-10-17 21:33:42 ----D---- C:\ProgramData\NVIDIA
2011-10-17 21:30:26 ----D---- C:\Windows\SysWOW64
2011-10-17 21:30:26 ----D---- C:\Windows\System32
2011-10-17 21:30:25 ----D---- C:\Windows\SYSWOW64\drivers
2011-10-17 21:30:25 ----D---- C:\Windows\AppPatch
2011-10-17 21:30:23 ----D---- C:\Program Files\Common Files
2011-10-17 21:30:23 ----D---- C:\Program Files (x86)\Common Files
2011-10-17 20:37:48 ----D---- C:\Windows\Prefetch
2011-10-17 20:15:34 ----D---- C:\Users\Doma\AppData\Roaming\uTorrent
2011-10-17 18:00:32 ----D---- C:\Windows\system32\config
2011-10-17 17:58:04 ----SHD---- C:\System Volume Information
2011-10-17 17:57:47 ----SHD---- C:\Windows\Installer
2011-10-16 23:29:27 ----D---- C:\Windows\Tasks
2011-10-16 23:29:27 ----D---- C:\Windows\system32\wfp
2011-10-16 23:29:27 ----D---- C:\Windows\inf
2011-10-16 23:29:20 ----RD---- C:\Program Files (x86)
2011-10-16 23:29:18 ----D---- C:\Windows\system32\wbem
2011-10-16 23:28:10 ----D---- C:\Windows\system32\DriverStore
2011-10-16 23:28:10 ----D---- C:\Windows\system32\catroot2
2011-10-16 23:28:07 ----D---- C:\Windows\system32\cs-CZ
2011-10-16 23:28:05 ----D---- C:\Windows\winsxs
2011-10-16 23:28:04 ----D---- C:\Windows\system32\Tasks
2011-10-16 23:28:04 ----D---- C:\Windows\system32\NDF
2011-10-16 23:28:04 ----D---- C:\Windows\system32\CodeIntegrity
2011-10-16 23:28:03 ----D---- C:\Windows\security
2011-10-16 23:27:56 ----D---- C:\Windows\Help
2011-10-16 23:27:55 ----D---- C:\Windows\AppCompat
2011-10-16 23:27:36 ----D---- C:\Program Files\NVIDIA Corporation
2011-10-16 23:27:34 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2011-10-16 23:27:12 ----D---- C:\ProgramData\Comodo
2011-10-16 23:26:57 ----D---- C:\Windows\registration
2011-10-16 23:26:27 ----D---- C:\Windows\system32\catroot
2011-10-16 23:25:21 ----RD---- C:\Users
2011-10-16 23:25:14 ----SD---- C:\Users\Doma\AppData\Roaming\Microsoft
2011-10-16 23:24:04 ----D---- C:\ProgramData
2011-10-16 23:23:45 ----D---- C:\Program Files\Windows Sidebar
2011-10-16 23:23:44 ----RD---- C:\Program Files
2011-10-16 23:22:08 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-10-16 22:47:33 ----D---- C:\Program Files\COMODO
2011-10-11 10:09:11 ----D---- C:\Windows\Minidump
2011-10-09 17:39:28 ----D---- C:\Windows\system32\wdi
2011-10-09 13:48:00 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-10-07 16:46:17 ----D---- C:\Users\Doma\AppData\Roaming\Thinstall
2011-10-02 20:12:55 ----RSD---- C:\Windows\assembly
2011-10-02 20:10:32 ----D---- C:\Windows\system32\LogFiles
2011-10-02 16:39:37 ----D---- C:\Windows\ModemLogs
2011-10-02 15:22:10 ----D---- C:\Windows\Downloaded Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 KL1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2011-03-04 460888]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sfdrv02;FrontLine Environment Driver (v2); C:\Windows\system32\drivers\sfdrv02.sys [2006-09-11 74616]
R0 sfsync05;FrontLine Synchronization Driver (v5); C:\Windows\system32\drivers\sfsync05.sys [2006-08-11 78208]
R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 kl2;kl2; C:\Windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2011-10-16 615728]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
R2 cpuz135;cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
R3 Axtmvflt;Axesstel USB Filter Service; C:\Windows\system32\DRIVERS\Axtmvflt.sys [2007-03-26 6144]
R3 Axtmvmdm;Axesstel USB Modem; C:\Windows\system32\DRIVERS\Axtmvmdm.sys [2007-03-26 54272]
R3 Axtmvprt;Axesstel Diagnostic Port; C:\Windows\System32\Drivers\Axtmvprt.sys [2007-03-26 52224]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2008-09-26 115328]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-08-16 3056360]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2009-02-24 255552]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 SaiH0464;SaiH0464; C:\Windows\system32\DRIVERS\SaiH0464.sys [2007-05-01 171144]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 X6va005;X6va005; \??\C:\Users\Doma\AppData\Local\Temp\005897.tmp []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AVP;Služba Kaspersky Anti-Virus; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-04-24 202296]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2011-04-06 349472]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-05-25 1016936]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
S2 AdvancedSystemCareService;Advanced SystemCare Service; C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-08-09 328536]
S2 sfrem02;FrontLine Drivers Auto Removal (v2); C:\Windows\system32\sfrem02.exe [2006-05-11 607352]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2011-10-08 419624]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 271

jsem blbec ješte jsem mohl napsat hlasí to tohle ASCTray.exe systémová chyba programu nelze spustit, protože rtl120.bpl chybí a pc mám 14dní jestli to je k něčemu

Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\users\Doma\AppData\Local\Temp\005897.tmp

Driver::
X6va005

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

ComboFix 11-10-17.02 - Doma 17.10.2011 23:06:43.6.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.4094.2754 [GMT 2:00]
Spuštěný z: c:\users\Doma\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Doma\Desktop\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_X6VA005
-------\Service_X6va005
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-17 do 2011-10-17 )))))))))))))))))))))))))))))))
.
.
2011-10-17 21:11 . 2011-10-17 21:11 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-10-17 21:11 . 2011-10-17 21:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-16 12:19 . 2011-10-17 21:14 -------- d-----w- c:\programdata\Kaspersky Lab
2011-10-16 12:19 . 2011-10-16 21:22 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2011-10-15 22:19 . 2011-09-06 20:45 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-10-15 22:19 . 2011-10-16 21:27 -------- d-----w- c:\program files\AVAST Software
2011-10-15 22:19 . 2011-10-16 12:33 -------- d-----w- c:\programdata\AVAST Software
2011-10-15 21:19 . 2011-10-17 20:15 -------- d-----w- c:\program files\trend micro
2011-10-15 21:19 . 2011-10-17 20:14 -------- d-----w- C:\rsit
2011-10-15 15:26 . 2011-10-15 15:26 -------- d-----w- c:\users\Doma\AppData\Roaming\NVIDIA
2011-10-15 14:38 . 2011-10-16 21:08 -------- d-----w- c:\windows\system32\appmgmt
2011-10-15 11:38 . 2011-10-15 11:38 -------- d-----w- c:\program files (x86)\TeamSpeak 3 Client
2011-10-13 18:35 . 2011-10-17 15:55 -------- d-----w- c:\program files\TeamSpeak 3 Client
2011-10-13 18:03 . 2011-08-19 14:33 27992 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-10-13 18:03 . 2010-11-26 16:02 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-10-13 17:59 . 2011-10-16 21:27 -------- d-----w- c:\users\Doma\AppData\Roaming\IObit
2011-10-13 17:51 . 2011-10-16 21:27 -------- d-----w- c:\programdata\IObit
2011-10-13 17:51 . 2011-10-13 18:03 -------- d-----w- c:\program files (x86)\IObit
2011-10-13 16:44 . 2011-10-16 20:57 -------- d-----w- c:\users\Doma\AppData\Roaming\Apple Computer
2011-10-13 16:44 . 2011-10-16 20:57 -------- d-----w- c:\users\Doma\AppData\Local\Apple Computer
2011-10-13 16:42 . 2011-10-16 21:27 -------- d-----w- c:\program files (x86)\Safari
2011-10-13 16:42 . 2011-10-16 20:44 -------- d-----w- c:\programdata\Apple Computer
2011-10-13 16:41 . 2011-10-13 16:41 -------- d-----w- c:\program files\Bonjour
2011-10-13 16:41 . 2011-10-13 16:41 -------- d-----w- c:\program files (x86)\Bonjour
2011-10-13 16:41 . 2011-10-13 16:41 -------- d-----w- c:\users\Doma\AppData\Local\Apple
2011-10-13 16:41 . 2011-10-13 16:41 -------- d-----w- c:\programdata\Apple
2011-10-09 20:31 . 2011-10-09 20:31 -------- d-----w- c:\users\Doma\AppData\Roaming\PotPlayerMini
2011-10-09 20:31 . 2011-10-09 20:31 -------- d-----w- c:\users\Doma\AppData\Local\Daum
2011-10-08 00:39 . 2011-10-08 00:39 -------- d-----w- c:\users\Doma\AppData\Roaming\Media Player Classic
2011-10-07 22:50 . 2011-03-02 10:43 175616 ----a-w- c:\windows\SysWow64\unrar.dll
2011-10-07 22:50 . 2011-07-16 14:17 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm
2011-10-07 22:50 . 2011-06-24 14:44 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2011-10-07 22:50 . 2011-06-24 14:28 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll
2011-10-07 22:50 . 2006-10-18 18:05 232448 ----a-w- c:\windows\SysWow64\mp3fhg.acm
2011-10-07 22:50 . 2011-10-04 08:00 74752 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2011-10-07 22:50 . 2011-10-07 22:51 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2011-10-07 22:39 . 2011-10-07 22:39 -------- d-----w- c:\program files (x86)\Daum
2011-10-07 14:49 . 2011-10-07 14:57 -------- d-----w- c:\users\Doma\AppData\Roaming\vlc
2011-10-07 14:49 . 2011-10-07 14:49 -------- d-----w- c:\program files (x86)\VideoLAN
2011-10-04 22:16 . 2011-10-04 22:16 -------- d-----w- C:\$AVG
2011-10-03 19:58 . 2011-10-03 19:58 -------- d-----w- c:\users\Doma\AppData\Roaming\AVG2012
2011-10-03 19:55 . 2011-10-03 19:55 -------- d--h--w- c:\programdata\Common Files
2011-10-03 19:55 . 2011-10-16 21:27 -------- d-----w- c:\programdata\AVG2012
2011-10-03 19:54 . 2011-10-16 20:47 -------- d-----w- c:\program files (x86)\AVG
2011-10-03 15:09 . 2011-10-03 15:09 -------- d-----w- c:\program files (x86)\Z8Games
2011-10-02 16:34 . 2011-10-02 17:00 -------- d-----w- c:\users\Doma\AppData\Local\Microsoft Games
2011-10-02 14:29 . 2007-03-26 06:40 6144 ----a-w- c:\windows\system32\drivers\Axtmvflt.sys
2011-10-02 14:29 . 2007-03-26 06:32 52224 ----a-w- c:\windows\system32\drivers\Axtmvprt.sys
2011-10-02 14:29 . 2007-03-26 06:31 54272 ----a-w- c:\windows\system32\drivers\Axtmvmdm.sys
2011-10-02 14:29 . 2011-10-02 14:37 -------- d-----w- c:\program files\Axesstel
2011-10-02 13:37 . 2011-10-16 21:10 -------- d-----w- c:\programdata\MFAData
2011-10-02 13:27 . 2011-10-02 14:44 -------- d-----w- c:\users\Doma\AppData\Roaming\TS3Client
2011-10-02 13:22 . 2011-10-02 13:22 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-02 12:55 . 2008-09-26 16:03 691712 ----a-w- c:\windows\system32\drivers\mod7700.sys
2011-10-02 12:55 . 2008-09-26 16:02 133632 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-10-02 12:55 . 2008-09-26 16:02 115328 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-10-02 12:55 . 2008-09-26 16:01 29696 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-10-02 12:55 . 2011-10-02 12:56 -------- d-----w- c:\program files (x86)\O2 Mobilni internet
2011-10-02 08:33 . 2011-10-02 14:36 -------- d-----w- c:\program files (x86)\Axesstel
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-24 18:27 . 2011-08-24 18:27 0 ----a-w- c:\windows\DXT7E64.tmp
2011-08-24 18:27 . 2011-08-24 18:27 0 ----a-w- c:\windows\DXT7E63.tmp
2011-08-16 16:46 . 2011-08-27 19:40 3056360 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2011-08-16 14:57 . 2011-08-27 19:40 1501696 ----a-w- c:\windows\system32\RCoRes64.dat
2011-08-16 12:43 . 2011-08-27 19:40 2518120 ----a-w- c:\windows\system32\RtPgEx64.dll
2011-08-16 12:43 . 2011-08-27 19:40 3200104 ----a-w- c:\windows\system32\RtkAPO64.dll
2011-08-15 14:47 . 2011-08-27 19:40 93800 ----a-w- c:\windows\system32\RCoInst64.dll
2011-08-13 17:21 . 2011-08-13 15:42 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2011-08-13 17:21 . 2011-08-13 15:42 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-08-13 17:21 . 2011-08-13 15:42 133632 ----a-w- c:\windows\system32\OpenAL32.dll
2011-08-13 17:21 . 2011-08-13 15:42 110592 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-08-05 23:29 . 2011-08-27 19:40 527872 ----a-w- c:\windows\system32\DTSU2PLFX64.dll
2011-08-05 23:29 . 2011-08-27 19:40 515584 ----a-w- c:\windows\system32\DTSU2PGFX64.dll
2011-08-05 23:29 . 2011-08-27 19:40 439808 ----a-w- c:\windows\system32\DTSU2PREC64.dll
2011-07-29 12:46 . 2011-08-27 19:40 1827944 ----a-w- c:\windows\system32\RtkApi64.dll
2011-07-27 22:55 . 2011-08-27 19:40 2604376 ----a-w- c:\windows\system32\WavesGUILib.dll
2011-07-27 22:55 . 2011-08-27 19:40 2132824 ----a-w- c:\windows\system32\MaxxAudioEQ.dll
2011-07-22 17:35 . 2011-08-27 19:40 1247848 ----a-w- c:\windows\system32\RTCOM64.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-17_18.42.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2011-10-17 21:15 39490 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-16 08:49 . 2011-10-17 21:15 11624 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4074777687-3577094319-1465458308-1001_UserData.bin
- 2011-06-16 08:49 . 2011-10-17 18:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-16 08:49 . 2011-10-17 20:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-16 08:49 . 2011-10-17 20:46 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-06-16 08:49 . 2011-10-17 18:19 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-06-16 08:49 . 2011-10-17 18:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-16 08:49 . 2011-10-17 20:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-16 08:49 . 2011-10-17 20:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-16 08:49 . 2011-10-17 18:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-16 08:49 . 2011-10-17 20:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-16 08:49 . 2011-10-17 18:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-10-17 18:41 . 2011-10-17 18:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-17 21:13 . 2011-10-17 21:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-17 18:41 . 2011-10-17 18:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-10-17 21:13 . 2011-10-17 21:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-10-17 18:40 339096 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-10-17 21:12 339096 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\softs\Steam\Steam.exe" [2011-08-13 1242448]
"PeerBlock"="d:\softs\PeerBlock\peerblock.exe" [2010-11-06 2646128]
"Advanced SystemCare 4"="c:\program files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-08-09 417112]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.cz/cz.special-uninstalla ... a8a3209458" [?]
.
c:\users\Doma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2011-6-16 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-08-09 328536]
R2 sfrem02;FrontLine Drivers Auto Removal (v2);c:\windows\system32\sfrem02.exe svc [x]
R3 SaiH0464;SaiH0464;c:\windows\system32\DRIVERS\SaiH0464.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 sfdrv02;FrontLine Environment Driver (v2);c:\windows\system32\drivers\sfdrv02.sys [x]
S0 sfsync05;FrontLine Synchronization Driver (v5);c:\windows\system32\drivers\sfsync05.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\DRIVERS\Axtmvflt.sys [x]
S3 Axtmvmdm;Axesstel USB Modem;c:\windows\system32\DRIVERS\Axtmvmdm.sys [x]
S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\system32\Drivers\Axtmvprt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 yukonw7;Ovladač NDIS6.2 Miniport pro řadič Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4074777687-3577094319-1465458308-1001Core.job
- c:\users\Doma\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-16 08:55]
.
2011-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4074777687-3577094319-1465458308-1001UA.job
- c:\users\Doma\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-16 08:55]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"combofix"="c:\combofix\CF30411.3XE" [2009-07-14 344576]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Přidat do Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-yuPlay ??????_is1 - d:\games\Wings of Prey\yuPlay\unins000.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4074777687-3577094319-1465458308-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-4074777687-3577094319-1465458308-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-4074777687-3577094319-1465458308-1001)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-4074777687-3577094319-1465458308-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-4074777687-3577094319-1465458308-1001)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-4074777687-3577094319-1465458308-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-4074777687-3577094319-1465458308-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4074777687-3577094319-1465458308-1001)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-4074777687-3577094319-1465458308-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-4074777687-3577094319-1465458308-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-4074777687-3577094319-1465458308-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4074777687-3577094319-1465458308-1001)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-4074777687-3577094319-1465458308-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4074777687-3577094319-1465458308-1001)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-4074777687-3577094319-1465458308-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
.
**************************************************************************
.
Celkový čas: 2011-10-17 23:18:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-10-17 21:18
ComboFix2.txt 2011-10-17 19:39
ComboFix3.txt 2011-10-17 18:47
.
Před spuštěním: Volných bajtů: 59 291 467 776
Po spuštění: Volných bajtů: 59 101 958 144
.
- - End Of File - - D62A5A512C6FFE302A302C774905B742

furt to nefunguje:( a ještě ted nemohu odinstalovat programy.

Co vám konkrétně blbne?

nejdou mi odinstalovat programy a vypíná se sama grafika začalo to dělat potom co se mi objevila tato hláška- ASCTray.exe systémová chyba programu nelze spustit, protože rtl120.bpl chybí

2 otázky:

1. Neprováděl jste nějaké "ladění" systému pomocí AdvancedSystemCare?
2. Je instalace vašeho oper. systému legitimní?

chtěl jsem odinstalovat system AdvancedSystemCare
jinak doufám ž eje vše legální kupoval jsem to naistalované

chtěl jsem odinstalovat system AdvancedSystemCare

To vám schvaluji. Jen mne zajímá, zda jste pomocí něho neprováděl nějaké úpravy systému. Program slouží k optimalizaci systému a neobeznámený uživtel jím může poškodit systém.

jinak doufám ž eje vše legální kupoval jsem to naistalované

Máte na skříni PC COA (certificat of authenticity) s jasným označením oper. systému Windows 7 Ultimate? Pokud tomu tak není, systém je cracklý a tím se chová nestandardně. Některé okolnosti tomu nasvědčují.

já jsem ten systém nechtěně spustil byl tu stáhlý tak jsem ho hned chtěl odebrat a šlo to jenom se tam po chvilce zase objevil jinak mám ještě svůj windows ten vím že je opravdu pravý, tenhle jsem nechal prověřit u ms a napsali mi že je legalní.

Máte na skříni PC COA (certificat of authenticity) s jasným označením oper. systému Windows 7 Ultimate?

.

Toto je podstatné. Výrobce, potažmo prodejce je povinen COA na skříň vylepit. Je mnoho cracků, po kterých se Win7 jeví jako pravé. Je to trochu něco jiného, než bylo ověření WinXP. Není totiž normální, aby na PC, které jste koupil v prodejní síti, byla instalována verze Ultimate, které je primárně určena pro firemní PC. Chyba při odinstalování a vypínání grafiky může patřit k projevům cracknutí systému.