VIRY.CZ

Dobrý večer přeji.

Potřeboval bych poradit. Nejde mi od včerejšího odpoledne vůbec zvuk,panelová lišta se mi nezměnila je pořád modrá,nehlasími to žádnou chybu.Ani USB kabel mi nejde zapojit do počítače.I po aktualizaci ovladačů problém pořád přetvává .
Nevíte,jak tento "problém" vyřešit?
Předem díky za vyřešení.

Zde předkládám log z RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Hnízdil at 2012-04-01 21:16:17
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 8 GB (8%) free of 100 GB
Total RAM: 1024 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:16:34, on 1.4.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows.old\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Users\Hnízdil\Desktop\Tom\DAEMON Tools Lite\DTLite.exe
C:\Users\Hnízdil\AppData\Local\Akamai\netsession_win.exe
C:\Windows.old\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Users\Hnízdil\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\Program Files\trend micro\Hnízdil.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... tbid=60446
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1392740
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Windows.old\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Windows.old\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Users\Hnízdil\Desktop\Tom\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [EPSON SX110 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFBE.EXE /FU "C:\Users\HNZDIL~1\AppData\Local\Temp\E_SC087.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Hnízdil\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_Plugin.exe -update plugin
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files (x86)\OpenOffice.org 2.3\program\quickstart.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Stavová služba ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Windows.old\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7885 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k Akamai
"C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE"
"C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Windows.old\Program Files\Spyware Terminator\sp_rsser.exe"
"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Windows.old\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
"C:\Users\Hnízdil\Desktop\Tom\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Windows\System32\spool\drivers\x64\3\E_IATIFBE.EXE" /FU "C:\Users\HNZDIL~1\AppData\Local\Temp\E_SC087.tmp" /EF "HKCU"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Users\Hnízdil\AppData\Local\Akamai\netsession_win.exe"
"C:\Windows.old\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe"
"C:/Users/Hnízdil/AppData/Local/Akamai/netsession_win.exe" --client
"C:\Program Files (x86)\OpenOffice.org 2.3\program\soffice.exe" -quickstart
"C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"C:\Program Files (x86)\OpenOffice.org 2.3\program\soffice.exe" -quickstart
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
"taskhost.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=368.4bde980.779535543 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" Mozilla.Firefox.9.0.1 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.jar" 368 "\\.\pipe\gecko-crash-server-pipe.368" plugin
"C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe25_ Global\UsGthrCtrlFltPipeMssGthrPipe25 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 528 532 540 65536 536
"C:\Users\Hnízdil\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Hnízdil\AppData\Roaming\Mozilla\Firefox\Profiles\c5g4w8yz.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "keyword.URL" - "http://www.crawler.com/search/dispatche ... 60446&qkw="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\plugins\
np32dsw.dll
npdeployJava1.dll
nppdf32.dll
ShockwavePlugin.class

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
crawlersrch.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Hnízdil\AppData\Roaming\Mozilla\Firefox\Profiles\c5g4w8yz.default\extensions\
{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}
{ea614400-e918-4741-9a97-7a972ff7c30b}
{ff65fdbc-5683-4dfd-9113-1fcb5b0a3447}

C:\Users\Hnízdil\AppData\Roaming\Mozilla\Firefox\Profiles\c5g4w8yz.default\searchplugins\
conduit.xml
daemon-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2012-03-07 1211776]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-03-07 1003704]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2012-03-07 1211776]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-03-07 1003704]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]
"SpywareTerminatorUpdate"=C:\Windows.old\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-03-12 3037696]
"DAEMON Tools Lite"=C:\Users\Hnízdil\Desktop\Tom\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]
"EPSON SX110 Series"=C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFBE.EXE [2008-09-27 223232]
"Akamai NetSession Interface"=C:\Users\Hnízdil\AppData\Local\Akamai\netsession_win.exe [2012-03-13 3331872]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_Plugin.exe [2012-02-18 250016]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"=C:\Windows.old\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2010-03-12 2166784]
"EEventManager"=C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe [2008-12-04 665424]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-03-07 4241512]
"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2011-12-24 460872]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-01-03 37296]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]

C:\Users\Hnízdil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 2.3.lnk - C:\Program Files (x86)\OpenOffice.org 2.3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2010-11-20 290304]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2012-04-01 21:16:22 ----D---- C:\Program Files\trend micro
2012-04-01 21:16:17 ----D---- C:\rsit
2012-04-01 21:13:09 ----D---- C:\Program Files (x86)\Lavalys
2012-03-30 20:25:33 ----D---- C:\Riot Games
2012-03-26 21:47:39 ----D---- C:\Program Files (x86)\Adobe
2012-03-26 21:23:51 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2012-03-24 22:59:53 ----D---- C:\Program Files (x86)\Codemasters
2012-03-24 20:54:30 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2012-03-24 20:54:12 ----RHD---- C:\Users\Hnízdil\AppData\Roaming\SecuROM
2012-03-24 20:53:26 ----D---- C:\Windows\SYSWOW64\URTTEMP
2012-03-24 20:49:17 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2012-03-24 20:49:13 ----A---- C:\Windows\SYSWOW64\PnkBstrA.exe
2012-03-24 20:49:12 ----A---- C:\Windows\SYSWOW64\pbsvc.exe
2012-03-22 17:15:45 ----D---- C:\ProgramData\Electronic Arts
2012-03-22 17:06:38 ----A---- C:\Windows\SYSWOW64\d3dx10_40.dll
2012-03-22 17:06:38 ----A---- C:\Windows\SYSWOW64\D3DCompiler_40.dll
2012-03-22 17:06:38 ----A---- C:\Windows\system32\d3dx10_40.dll
2012-03-22 17:06:38 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2012-03-22 17:06:34 ----A---- C:\Windows\SYSWOW64\D3DX9_40.dll
2012-03-22 17:06:34 ----A---- C:\Windows\system32\D3DX9_40.dll
2012-03-22 17:06:31 ----A---- C:\Windows\SYSWOW64\XAudio2_3.dll
2012-03-22 17:06:31 ----A---- C:\Windows\SYSWOW64\XAPOFX1_2.dll
2012-03-22 17:06:31 ----A---- C:\Windows\system32\XAudio2_3.dll
2012-03-22 17:06:31 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2012-03-22 17:06:29 ----A---- C:\Windows\SYSWOW64\xactengine3_3.dll
2012-03-22 17:06:29 ----A---- C:\Windows\system32\xactengine3_3.dll
2012-03-22 17:06:28 ----A---- C:\Windows\SYSWOW64\X3DAudio1_5.dll
2012-03-22 17:06:28 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2012-03-22 17:06:26 ----A---- C:\Windows\system32\XAudio2_2.dll
2012-03-22 17:06:26 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2012-03-22 17:06:24 ----A---- C:\Windows\SYSWOW64\xactengine3_2.dll
2012-03-22 17:06:24 ----A---- C:\Windows\system32\xactengine3_2.dll
2012-03-22 17:06:21 ----A---- C:\Windows\system32\d3dx10_39.dll
2012-03-22 17:06:21 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2012-03-22 17:06:18 ----A---- C:\Windows\system32\D3DX9_39.dll
2012-03-22 17:06:15 ----A---- C:\Windows\SYSWOW64\XAudio2_1.dll
2012-03-22 17:06:15 ----A---- C:\Windows\SYSWOW64\XAPOFX1_0.dll
2012-03-22 17:06:15 ----A---- C:\Windows\system32\XAudio2_1.dll
2012-03-22 17:06:15 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2012-03-22 17:06:13 ----A---- C:\Windows\SYSWOW64\xactengine3_1.dll
2012-03-22 17:06:13 ----A---- C:\Windows\system32\xactengine3_1.dll
2012-03-22 17:06:11 ----A---- C:\Windows\SYSWOW64\X3DAudio1_4.dll
2012-03-22 17:06:11 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2012-03-22 17:06:07 ----A---- C:\Windows\SYSWOW64\d3dx10_38.dll
2012-03-22 17:06:07 ----A---- C:\Windows\SYSWOW64\D3DCompiler_38.dll
2012-03-22 17:06:07 ----A---- C:\Windows\system32\d3dx10_38.dll
2012-03-22 17:06:07 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2012-03-22 17:06:02 ----A---- C:\Windows\SYSWOW64\D3DX9_38.dll
2012-03-22 17:06:02 ----A---- C:\Windows\system32\D3DX9_38.dll
2012-03-22 17:06:00 ----A---- C:\Windows\SYSWOW64\XAudio2_0.dll
2012-03-22 17:06:00 ----A---- C:\Windows\system32\XAudio2_0.dll
2012-03-22 17:05:58 ----A---- C:\Windows\SYSWOW64\xactengine3_0.dll
2012-03-22 17:05:58 ----A---- C:\Windows\system32\xactengine3_0.dll
2012-03-22 17:05:56 ----A---- C:\Windows\SYSWOW64\X3DAudio1_3.dll
2012-03-22 17:05:56 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2012-03-22 17:05:52 ----A---- C:\Windows\SYSWOW64\d3dx10_37.dll
2012-03-22 17:05:52 ----A---- C:\Windows\SYSWOW64\D3DCompiler_37.dll
2012-03-22 17:05:52 ----A---- C:\Windows\system32\d3dx10_37.dll
2012-03-22 17:05:52 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2012-03-22 17:05:45 ----A---- C:\Windows\SYSWOW64\D3DX9_37.dll
2012-03-22 17:05:45 ----A---- C:\Windows\system32\D3DX9_37.dll
2012-03-22 17:05:40 ----A---- C:\Windows\SYSWOW64\xactengine2_10.dll
2012-03-22 17:05:40 ----A---- C:\Windows\system32\xactengine2_10.dll
2012-03-22 17:05:35 ----A---- C:\Windows\SYSWOW64\d3dx10_36.dll
2012-03-22 17:05:35 ----A---- C:\Windows\SYSWOW64\D3DCompiler_36.dll
2012-03-22 17:05:35 ----A---- C:\Windows\system32\d3dx10_36.dll
2012-03-22 17:05:35 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2012-03-22 17:05:30 ----A---- C:\Windows\SYSWOW64\d3dx9_36.dll
2012-03-22 17:05:30 ----A---- C:\Windows\system32\d3dx9_36.dll
2012-03-22 17:05:26 ----A---- C:\Windows\SYSWOW64\xactengine2_9.dll
2012-03-22 17:05:26 ----A---- C:\Windows\system32\xactengine2_9.dll
2012-03-22 17:05:23 ----A---- C:\Windows\SYSWOW64\d3dx10_35.dll
2012-03-22 17:05:23 ----A---- C:\Windows\system32\d3dx10_35.dll
2012-03-22 17:05:22 ----A---- C:\Windows\SYSWOW64\D3DCompiler_35.dll
2012-03-22 17:05:22 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2012-03-22 17:05:18 ----A---- C:\Windows\SYSWOW64\d3dx9_35.dll
2012-03-22 17:05:18 ----A---- C:\Windows\system32\d3dx9_35.dll
2012-03-22 17:05:15 ----A---- C:\Windows\SYSWOW64\xactengine2_8.dll
2012-03-22 17:05:15 ----A---- C:\Windows\SYSWOW64\X3DAudio1_2.dll
2012-03-22 17:05:15 ----A---- C:\Windows\system32\xactengine2_8.dll
2012-03-22 17:05:15 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2012-03-22 17:05:12 ----A---- C:\Windows\SYSWOW64\d3dx10_34.dll
2012-03-22 17:05:12 ----A---- C:\Windows\system32\d3dx10_34.dll
2012-03-22 17:05:11 ----A---- C:\Windows\SYSWOW64\D3DCompiler_34.dll
2012-03-22 17:05:11 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2012-03-22 17:05:07 ----A---- C:\Windows\SYSWOW64\d3dx9_34.dll
2012-03-22 17:05:07 ----A---- C:\Windows\system32\d3dx9_34.dll
2012-03-22 17:05:05 ----A---- C:\Windows\SYSWOW64\xinput1_3.dll
2012-03-22 17:05:05 ----A---- C:\Windows\system32\xinput1_3.dll
2012-03-22 17:05:02 ----A---- C:\Windows\SYSWOW64\xactengine2_7.dll
2012-03-22 17:05:02 ----A---- C:\Windows\system32\xactengine2_7.dll
2012-03-22 17:04:59 ----A---- C:\Windows\SYSWOW64\d3dx10_33.dll
2012-03-22 17:04:59 ----A---- C:\Windows\system32\d3dx10_33.dll
2012-03-22 17:04:58 ----A---- C:\Windows\SYSWOW64\D3DCompiler_33.dll
2012-03-22 17:04:58 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2012-03-22 17:04:54 ----A---- C:\Windows\SYSWOW64\d3dx9_33.dll
2012-03-22 17:04:54 ----A---- C:\Windows\system32\d3dx9_33.dll
2012-03-22 17:04:51 ----A---- C:\Windows\SYSWOW64\xactengine2_6.dll
2012-03-22 17:04:51 ----A---- C:\Windows\system32\xactengine2_6.dll
2012-03-22 17:04:49 ----A---- C:\Windows\SYSWOW64\xactengine2_5.dll
2012-03-22 17:04:49 ----A---- C:\Windows\system32\xactengine2_5.dll
2012-03-22 17:04:47 ----A---- C:\Windows\SYSWOW64\d3dx10.dll
2012-03-22 17:04:47 ----A---- C:\Windows\system32\d3dx10.dll
2012-03-22 17:04:42 ----A---- C:\Windows\SYSWOW64\d3dx9_32.dll
2012-03-22 17:04:42 ----A---- C:\Windows\system32\d3dx9_32.dll
2012-03-22 17:04:36 ----A---- C:\Windows\SYSWOW64\xactengine2_4.dll
2012-03-22 17:04:36 ----A---- C:\Windows\SYSWOW64\x3daudio1_1.dll
2012-03-22 17:04:36 ----A---- C:\Windows\system32\xactengine2_4.dll
2012-03-22 17:04:36 ----A---- C:\Windows\system32\x3daudio1_1.dll
2012-03-22 17:04:31 ----A---- C:\Windows\SYSWOW64\d3dx9_31.dll
2012-03-22 17:04:31 ----A---- C:\Windows\system32\d3dx9_31.dll
2012-03-22 17:04:28 ----A---- C:\Windows\SYSWOW64\xactengine2_3.dll
2012-03-22 17:04:28 ----A---- C:\Windows\system32\xactengine2_3.dll
2012-03-22 17:04:26 ----A---- C:\Windows\SYSWOW64\xinput1_2.dll
2012-03-22 17:04:26 ----A---- C:\Windows\system32\xinput1_2.dll
2012-03-22 17:04:23 ----A---- C:\Windows\SYSWOW64\xactengine2_2.dll
2012-03-22 17:04:23 ----A---- C:\Windows\system32\xactengine2_2.dll
2012-03-22 17:04:20 ----A---- C:\Windows\SYSWOW64\xinput1_1.dll
2012-03-22 17:04:20 ----A---- C:\Windows\system32\xinput1_1.dll
2012-03-22 17:04:17 ----A---- C:\Windows\SYSWOW64\xactengine2_1.dll
2012-03-22 17:04:17 ----A---- C:\Windows\system32\xactengine2_1.dll
2012-03-22 17:03:55 ----A---- C:\Windows\SYSWOW64\d3dx9_30.dll
2012-03-22 17:03:55 ----A---- C:\Windows\system32\d3dx9_30.dll
2012-03-22 17:03:52 ----A---- C:\Windows\SYSWOW64\xactengine2_0.dll
2012-03-22 17:03:52 ----A---- C:\Windows\SYSWOW64\x3daudio1_0.dll
2012-03-22 17:03:52 ----A---- C:\Windows\system32\xactengine2_0.dll
2012-03-22 17:03:52 ----A---- C:\Windows\system32\x3daudio1_0.dll
2012-03-22 17:03:49 ----A---- C:\Windows\SYSWOW64\d3dx9_29.dll
2012-03-22 17:03:49 ----A---- C:\Windows\system32\d3dx9_29.dll
2012-03-22 17:03:45 ----A---- C:\Windows\SYSWOW64\d3dx9_28.dll
2012-03-22 17:03:45 ----A---- C:\Windows\system32\d3dx9_28.dll
2012-03-22 17:03:42 ----A---- C:\Windows\SYSWOW64\d3dx9_27.dll
2012-03-22 17:03:42 ----A---- C:\Windows\system32\d3dx9_27.dll
2012-03-22 17:03:39 ----A---- C:\Windows\SYSWOW64\d3dx9_26.dll
2012-03-22 17:03:39 ----A---- C:\Windows\system32\d3dx9_26.dll
2012-03-22 17:03:36 ----A---- C:\Windows\SYSWOW64\d3dx9_25.dll
2012-03-22 17:03:36 ----A---- C:\Windows\system32\d3dx9_25.dll
2012-03-22 17:03:32 ----A---- C:\Windows\SYSWOW64\d3dx9_24.dll
2012-03-22 17:03:32 ----A---- C:\Windows\system32\d3dx9_24.dll
2012-03-18 18:04:23 ----D---- C:\Users\Hnízdil\AppData\Roaming\uTorrent
2012-03-15 00:51:35 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-03-15 00:51:32 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2012-03-15 00:51:30 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2012-03-14 11:47:12 ----A---- C:\Windows\system32\win32k.sys
2012-03-14 11:47:04 ----A---- C:\Windows\system32\DWrite.dll
2012-03-14 11:47:02 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2012-03-14 11:46:58 ----A---- C:\Windows\system32\rdrmemptylst.exe
2012-03-14 11:46:57 ----A---- C:\Windows\system32\rdpwsx.dll
2012-03-14 11:46:57 ----A---- C:\Windows\system32\rdpcorekmts.dll
2012-03-14 11:46:11 ----A---- C:\Windows\system32\rdpcore.dll
2012-03-14 11:46:10 ----A---- C:\Windows\SYSWOW64\rdpcore.dll
2012-03-14 11:46:09 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2012-03-14 11:46:08 ----A---- C:\Windows\system32\drivers\tdtcp.sys

======List of files/folders modified in the last 1 month======

2012-04-01 21:16:22 ----RD---- C:\Program Files
2012-04-01 21:16:12 ----D---- C:\Windows\temp
2012-04-01 21:13:09 ----RD---- C:\Program Files (x86)
2012-04-01 20:08:25 ----SD---- C:\ProgramData\Microsoft
2012-04-01 19:33:16 ----D---- C:\Windows\System32
2012-04-01 19:33:16 ----D---- C:\Windows\inf
2012-04-01 19:33:16 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-04-01 14:10:46 ----D---- C:\ProgramData\PMB Files
2012-04-01 08:55:10 ----D---- C:\Windows\system32\config
2012-04-01 08:41:49 ----D---- C:\Users\Hnízdil\AppData\Roaming\OpenOffice.org2
2012-03-30 20:25:24 ----SHD---- C:\System Volume Information
2012-03-30 20:25:23 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-03-30 14:18:28 ----D---- C:\Windows\system32\catroot2
2012-03-27 11:44:13 ----D---- C:\Config.Msi
2012-03-26 21:48:20 ----SHD---- C:\Windows\Installer
2012-03-26 21:47:46 ----D---- C:\ProgramData\Adobe
2012-03-26 21:46:28 ----D---- C:\Windows\SysWOW64
2012-03-26 21:23:51 ----D---- C:\Windows\system32\drivers
2012-03-26 21:23:46 ----D---- C:\Windows
2012-03-26 13:17:34 ----D---- C:\Windows\system32\wdi
2012-03-25 15:33:01 ----D---- C:\Windows\system32\Tasks
2012-03-25 15:32:52 ----D---- C:\Windows\Tasks
2012-03-24 20:55:04 ----D---- C:\Windows\registration
2012-03-24 20:54:47 ----RSD---- C:\Windows\assembly
2012-03-24 20:53:27 ----D---- C:\Program Files (x86)\Internet Explorer
2012-03-24 20:49:12 ----D---- C:\Windows\system32\LogFiles
2012-03-24 20:40:31 ----D---- C:\Windows\winsxs
2012-03-24 20:01:11 ----D---- C:\Windows.old.000
2012-03-24 19:48:08 ----D---- C:\Windows.old
2012-03-22 22:55:06 ----D---- C:\Windows\Prefetch
2012-03-22 17:15:45 ----D---- C:\ProgramData
2012-03-22 16:56:21 ----D---- C:\Program Files (x86)\Crawler
2012-03-22 16:48:24 ----D---- C:\Program Files (x86)\EA Sports
2012-03-15 00:51:42 ----D---- C:\Windows\system32\catroot
2012-03-15 00:49:36 ----A---- C:\Windows\system32\MRT.exe
2012-03-07 01:15:14 ----A---- C:\Windows\SYSWOW64\aswBoot.exe
2012-03-07 01:15:03 ----A---- C:\Windows\system32\aswBoot.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2012-03-07 53080]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-03-07 819032]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-03-07 337240]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-03-07 59224]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-01 254528]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-03-07 24408]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-03-07 69976]
R3 atikmdag;atikmdag; C:\Windows\system32\drivers\atikmdag.sys [2009-07-13 5020672]
R3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [2010-03-31 26752]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-12-10 23152]
R3 P17;SB Live! 24-bit; C:\Windows\system32\drivers\P17.sys [2007-02-05 1529856]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver; C:\Windows\system32\DRIVERS\Rtnic64.sys [2009-06-10 51712]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
S3 X6va005;X6va005; \??\C:\Users\HNZDIL~1\AppData\Local\Temp\0051919.tmp []
S4 RsFx0102;RsFx0102 Driver; C:\Windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 314904]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Akamai;Akamai NetSession Interface; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-03-07 44768]
R2 EPSON_EB_RPCV4_01;EPSON V5 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE [2007-12-17 163840]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [2007-01-11 126464]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-07-11 57820696]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2012-03-24 66872]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Windows.old\Program Files\Spyware Terminator\sp_rsser.exe [2010-03-12 488960]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 157720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-03 136176]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-03 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-08-02 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 61976]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 430616]
S4 SQLBrowser;SQL Server Browser; c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-07-10 258072]

-----------------EOF-----------------

Zdravím!
Poprosím o log ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

ComboFix 12-04-01.01 - Hnízdil 01.04.2012 21:51:57.3.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.1024.322 [GMT 2:00]
Spuštěný z: c:\users\Hnízdil\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\PFRO.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-01 do 2012-04-01 )))))))))))))))))))))))))))))))
.
.
2012-04-01 20:04 . 2012-04-01 20:04 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-04-01 20:04 . 2012-04-01 20:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-01 19:16 . 2012-04-01 19:16 -------- d-----w- c:\program files\trend micro
2012-04-01 19:16 . 2012-04-01 19:16 -------- d-----w- C:\rsit
2012-04-01 19:13 . 2012-04-01 19:13 -------- d-----w- c:\program files (x86)\Lavalys
2012-03-30 19:25 . 2012-04-01 18:05 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{463865CC-06F4-49DC-AC40-869891DAEA9A}\offreg.dll
2012-03-30 18:25 . 2012-03-30 18:25 -------- d-----w- C:\Riot Games
2012-03-30 12:18 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{463865CC-06F4-49DC-AC40-869891DAEA9A}\mpengine.dll
2012-03-26 19:23 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-24 20:59 . 2012-03-24 20:59 -------- d-----w- c:\program files (x86)\Codemasters
2012-03-24 18:54 . 2012-03-24 18:54 -------- d--h--r- c:\users\Hnízdil\AppData\Roaming\SecuROM
2012-03-24 18:53 . 2012-03-24 18:53 -------- d-----w- c:\windows\SysWow64\URTTEMP
2012-03-24 18:49 . 2012-03-24 18:49 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-03-24 18:49 . 2012-03-24 18:49 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-03-24 18:49 . 2012-03-24 18:49 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-03-22 15:15 . 2012-03-22 15:18 -------- d-----w- c:\programdata\Electronic Arts
2012-03-22 15:05 . 2008-03-05 15:03 238088 ----a-w- c:\windows\SysWow64\xactengine3_0.dll
2012-03-22 15:04 . 2007-03-15 15:57 506728 ----a-w- c:\windows\system32\d3dx10_33.dll
2012-03-18 16:04 . 2012-03-18 16:04 -------- d-----w- c:\users\Hnízdil\AppData\Roaming\uTorrent
2012-03-14 22:51 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 22:51 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 22:51 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 09:47 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 09:47 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 09:47 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 09:46 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 09:46 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 09:46 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 09:46 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 09:46 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 09:46 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 09:46 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-06 23:15 . 2011-10-24 10:29 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-10-24 10:29 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2011-10-24 10:30 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2011-10-24 10:30 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2011-10-24 10:30 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:01 . 2011-10-24 10:30 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-10-24 10:30 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2011-10-24 10:30 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 08:18 . 2011-08-01 12:52 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-18 16:08 . 2011-08-01 16:59 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-04 10:44 . 2012-02-16 11:17 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-16 11:17 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SpywareTerminatorUpdate"="c:\windows.old\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-03-12 3037696]
"DAEMON Tools Lite"="c:\users\Hnízdil\Desktop\Tom\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Akamai NetSession Interface"="c:\users\Hnízdil\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"="c:\windows.old\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-03-12 2166784]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\users\Hnízdil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - c:\program files (x86)\OpenOffice.org 2.3\program\quickstart.exe [2007-9-11 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-03 136176]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-03 136176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\HNZDIL~1\AppData\Local\Temp\0051919.tmp [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 61976]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 430616]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-03 17:31]
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-03 17:31]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1392740
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Hnízdil\AppData\Roaming\Mozilla\Firefox\Profiles\c5g4w8yz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2928751&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx? ... 60446&qkw=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-DAEMON Tools Lite - c:\program files (x86)\DAEMON Tools Lite\uninst.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\HNZDIL~1\AppData\Local\Temp\0051919.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1d,a7,6b,36,07,ac,a6,49,b1,d7,a7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1d,a7,6b,36,07,ac,a6,49,b1,d7,a7,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@="FlashProp Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-04-01 22:10:46
ComboFix-quarantined-files.txt 2012-04-01 20:10
.
Před spuštěním: 8 720 859 136
Po spuštění: Volných bajtů: 12 830 228 480
.
- - End Of File - - A476574DD921A67F78BE71CA9399B18D

Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Collect::
c:\users\HNZDIL~1\AppData\Local\Temp\0051919.tmp
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Driver::
X6va005
Akamai

Firefox::
FF - ProfilePath - c:\users\Hnízdil\AppData\Roaming\Mozilla\Firefox\Profiles\c5g4w8yz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatche ... 60446&qkw=

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Uložte na plochu jako CFScript.txt. pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Po restartu mi to vyhodilo tento log:

ComboFix 12-04-01.01 - Hnízdil 01.04.2012 23:06:23.4.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.1024.345 [GMT 2:00]
Spuštěný z: c:\users\HnÝzdil\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\HnÝzdil\Desktop\CFScript.txt..txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-01 do 2012-04-01 )))))))))))))))))))))))))))))))
.
.
2012-04-01 21:17 . 2012-04-01 21:17 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-04-01 21:17 . 2012-04-01 21:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-01 19:16 . 2012-04-01 19:16 -------- d-----w- c:\program files\trend micro
2012-04-01 19:16 . 2012-04-01 19:16 -------- d-----w- C:\rsit
2012-04-01 19:13 . 2012-04-01 19:13 -------- d-----w- c:\program files (x86)\Lavalys
2012-03-30 18:25 . 2012-03-30 18:25 -------- d-----w- C:\Riot Games
2012-03-30 17:17 . 2012-04-01 20:59 -------- d-----w- C:\LeagueOfLegends
2012-03-30 12:18 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{463865CC-06F4-49DC-AC40-869891DAEA9A}\mpengine.dll
2012-03-26 19:23 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-24 20:59 . 2012-03-24 20:59 -------- d-----w- c:\program files (x86)\Codemasters
2012-03-24 18:54 . 2012-03-24 18:54 -------- d--h--r- c:\users\Hnízdil\AppData\Roaming\SecuROM
2012-03-24 18:53 . 2012-03-24 18:53 -------- d-----w- c:\windows\SysWow64\URTTEMP
2012-03-24 18:49 . 2012-03-24 18:49 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-03-24 18:49 . 2012-03-24 18:49 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-03-24 18:49 . 2012-03-24 18:49 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-03-22 15:15 . 2012-03-22 15:18 -------- d-----w- c:\programdata\Electronic Arts
2012-03-22 15:05 . 2008-03-05 15:03 238088 ----a-w- c:\windows\SysWow64\xactengine3_0.dll
2012-03-22 15:04 . 2007-03-15 15:57 506728 ----a-w- c:\windows\system32\d3dx10_33.dll
2012-03-18 16:04 . 2012-03-18 16:04 -------- d-----w- c:\users\Hnízdil\AppData\Roaming\uTorrent
2012-03-14 22:51 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 22:51 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 22:51 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 09:47 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 09:47 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 09:47 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 09:46 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 09:46 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 09:46 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 09:46 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 09:46 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 09:46 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 09:46 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-06 23:15 . 2011-10-24 10:29 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-10-24 10:29 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2011-10-24 10:30 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2011-10-24 10:30 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2011-10-24 10:30 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:01 . 2011-10-24 10:30 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-10-24 10:30 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2011-10-24 10:30 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 08:18 . 2011-08-01 12:52 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-18 16:08 . 2011-08-01 16:59 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-04 10:44 . 2012-02-16 11:17 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-16 11:17 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-01_20.05.33 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-04-01 18:53 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-01 21:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-01 18:53 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-01 21:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-02 10:26 . 2012-04-01 21:22 34324 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2011-08-01 12:37 . 2012-04-01 20:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-01 12:37 . 2012-04-01 21:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-01 12:37 . 2012-04-01 20:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-01 12:37 . 2012-04-01 21:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-03 10:51 . 2012-04-01 21:18 6764 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-08-03 10:51 . 2012-03-31 21:32 6764 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-08-01 12:36 . 2012-04-01 21:22 9732 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3470775447-2730004659-1525072715-1001_UserData.bin
- 2012-04-01 06:40 . 2012-04-01 06:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-01 21:20 . 2012-04-01 21:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-01 06:40 . 2012-04-01 06:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-01 21:20 . 2012-04-01 21:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-04-01 18:53 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-01 21:20 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 05:01 . 2012-03-30 17:10 237476 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-01 21:18 237476 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-08-01 13:21 . 2012-03-30 05:07 3052788 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3470775447-2730004659-1525072715-1001-8192.dat
+ 2011-08-01 13:21 . 2012-04-01 21:19 3052788 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3470775447-2730004659-1525072715-1001-8192.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SpywareTerminatorUpdate"="c:\windows.old\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-03-12 3037696]
"Akamai NetSession Interface"="c:\users\Hnízdil\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"="c:\windows.old\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-03-12 2166784]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\users\Hnízdil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - c:\program files (x86)\OpenOffice.org 2.3\program\quickstart.exe [2007-9-11 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-03 136176]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-03 136176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\HNZDIL~1\AppData\Local\Temp\0051919.tmp [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 61976]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 430616]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-03 17:31]
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-03 17:31]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1392740
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Hnízdil\AppData\Roaming\Mozilla\Firefox\Profiles\c5g4w8yz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2928751&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx? ... 60446&qkw=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-DAEMON Tools Lite - c:\users\Hnízdil\Desktop\Tom\DAEMON Tools Lite\DTLite.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\HNZDIL~1\AppData\Local\Temp\0051919.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1d,a7,6b,36,07,ac,a6,49,b1,d7,a7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1d,a7,6b,36,07,ac,a6,49,b1,d7,a7,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@="FlashProp Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows.old\Program Files\Spyware Terminator\sp_rsser.exe
.
**************************************************************************
.
Celkový čas: 2012-04-01 23:26:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-01 21:26
ComboFix2.txt 2012-04-01 20:10
.
Před spuštěním: Volných bajtů: 36 392 865 792
Po spuštění: Volných bajtů: 36 502 958 080
.
- - End Of File - - 9B965C0E1A3FEAD4AE4389D877FDD4E2

Budte muset spustit CF znovu, váš profil má v názvu písmeno s diakritikou, což CF není schopen přečíst. Přesuňte jak Combofix.exe, tak CFScript.txt do kořenového adresáře c:\ a k přesunutí použijte nějaký souborový manažér, např. Průzkumník Windows.

Snad už je to správně.

ComboFix 12-04-01.01 - Hnízdil 02.04.2012 18:25:52.5.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.1024.368 [GMT 2:00]
Spuštěný z: c:\users\HnÝzdil\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-02 do 2012-04-02 )))))))))))))))))))))))))))))))
.
.
2012-04-02 16:36 . 2012-04-02 16:36 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-04-02 16:36 . 2012-04-02 16:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-02 10:22 . 2012-04-02 10:22 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{463865CC-06F4-49DC-AC40-869891DAEA9A}\offreg.dll
2012-04-01 19:16 . 2012-04-01 19:16 -------- d-----w- c:\program files\trend micro
2012-04-01 19:16 . 2012-04-01 19:16 -------- d-----w- C:\rsit
2012-04-01 19:13 . 2012-04-01 19:13 -------- d-----w- c:\program files (x86)\Lavalys
2012-03-30 18:25 . 2012-03-30 18:25 -------- d-----w- C:\Riot Games
2012-03-30 17:17 . 2012-04-01 20:59 -------- d-----w- C:\LeagueOfLegends
2012-03-30 12:18 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{463865CC-06F4-49DC-AC40-869891DAEA9A}\mpengine.dll
2012-03-26 19:23 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-24 20:59 . 2012-03-24 20:59 -------- d-----w- c:\program files (x86)\Codemasters
2012-03-24 18:53 . 2012-03-24 18:53 -------- d-----w- c:\windows\SysWow64\URTTEMP
2012-03-24 18:49 . 2012-03-24 18:49 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-03-24 18:49 . 2012-03-24 18:49 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-03-24 18:49 . 2012-03-24 18:49 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-03-22 15:15 . 2012-03-22 15:18 -------- d-----w- c:\programdata\Electronic Arts
2012-03-22 15:05 . 2008-03-05 15:03 238088 ----a-w- c:\windows\SysWow64\xactengine3_0.dll
2012-03-22 15:04 . 2007-03-15 15:57 506728 ----a-w- c:\windows\system32\d3dx10_33.dll
2012-03-18 16:04 . 2012-03-18 16:04 -------- d-----w- c:\users\Hnízdil\AppData\Roaming\uTorrent
2012-03-14 22:51 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 22:51 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 22:51 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 09:47 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 09:47 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 09:47 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 09:46 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 09:46 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 09:46 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 09:46 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 09:46 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 09:46 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 09:46 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-06 23:15 . 2011-10-24 10:29 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-10-24 10:29 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2011-10-24 10:30 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2011-10-24 10:30 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2011-10-24 10:30 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:01 . 2011-10-24 10:30 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-10-24 10:30 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2011-10-24 10:30 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 08:18 . 2011-08-01 12:52 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-18 16:08 . 2011-08-01 16:59 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-04 10:44 . 2012-02-16 11:17 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-16 11:17 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-01_20.05.33 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-04-01 18:53 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-02 13:56 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-01 18:53 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-02 13:56 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-02 10:26 . 2012-04-01 21:46 34348 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-01 21:46 35038 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-01 10:55 . 2012-04-02 10:08 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-01 10:55 . 2012-03-27 10:32 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-01 10:55 . 2012-03-27 10:32 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-01 10:55 . 2012-04-02 10:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-27 10:32 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-02 10:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-01 12:31 . 2012-04-01 06:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-01 12:31 . 2012-04-02 09:36 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-01 12:31 . 2012-04-02 09:36 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-08-01 12:31 . 2012-04-01 06:41 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-08-01 12:31 . 2012-04-01 06:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-01 12:31 . 2012-04-02 09:36 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-01 12:37 . 2012-04-01 20:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-01 12:37 . 2012-04-02 15:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-01 12:37 . 2012-04-01 20:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-01 12:37 . 2012-04-02 15:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-03 10:51 . 2012-03-31 21:32 6764 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-08-03 10:51 . 2012-04-01 21:18 6764 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-08-01 12:36 . 2012-04-01 21:46 9780 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3470775447-2730004659-1525072715-1001_UserData.bin
+ 2012-04-02 09:34 . 2012-04-02 09:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-01 06:40 . 2012-04-01 06:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-02 09:34 . 2012-04-02 09:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-01 06:40 . 2012-04-01 06:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-04-01 18:53 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-02 13:56 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 02:36 . 2012-04-01 17:33 690502 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-02 14:06 690502 c:\windows\system32\perfh009.dat
- 2009-07-14 15:18 . 2012-04-01 17:33 705672 c:\windows\system32\perfh005.dat
+ 2009-07-14 15:18 . 2012-04-02 14:06 705672 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2012-04-02 14:06 135230 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-01 17:33 135230 c:\windows\system32\perfc009.dat
- 2009-07-14 15:18 . 2012-04-01 17:33 151674 c:\windows\system32\perfc005.dat
+ 2009-07-14 15:18 . 2012-04-02 14:06 151674 c:\windows\system32\perfc005.dat
- 2009-07-14 05:01 . 2012-03-30 17:10 237476 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-01 21:47 237476 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-08-06 21:19 . 2012-04-01 21:43 694876 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3470775447-2730004659-1525072715-1001-12288.dat
- 2011-08-01 13:21 . 2012-03-30 05:07 3052788 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3470775447-2730004659-1525072715-1001-8192.dat
+ 2011-08-01 13:21 . 2012-04-01 21:19 3052788 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3470775447-2730004659-1525072715-1001-8192.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SpywareTerminatorUpdate"="c:\windows.old\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-03-12 3037696]
"Akamai NetSession Interface"="c:\users\Hnízdil\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"="c:\windows.old\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-03-12 2166784]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\users\Hnízdil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - c:\program files (x86)\OpenOffice.org 2.3\program\quickstart.exe [2007-9-11 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-03 136176]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-03 136176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\HNZDIL~1\AppData\Local\Temp\0051919.tmp [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 61976]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 430616]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-03 17:31]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-03 17:31]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1392740
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Hnízdil\AppData\Roaming\Mozilla\Firefox\Profiles\c5g4w8yz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2928751&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx? ... 60446&qkw=
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\HNZDIL~1\AppData\Local\Temp\0051919.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1d,a7,6b,36,07,ac,a6,49,b1,d7,a7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1d,a7,6b,36,07,ac,a6,49,b1,d7,a7,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@="FlashProp Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-04-02 18:42:31
ComboFix-quarantined-files.txt 2012-04-02 16:42
ComboFix2.txt 2012-04-01 21:26
ComboFix3.txt 2012-04-01 20:10
.
Před spuštěním: Volných bajtů: 35 332 661 248
Po spuštění: Volných bajtů: 35 155 255 296
.
- - End Of File - - B5A9613E3E241BB740FDF11FAC8FCDCA

Pochopte, že nemůžete mít uložen CF a CFScript v c:\users\Hnízdil, neboť CF přečte ten název jako "HnÝzdil" a tím nebude schopen skript přečíst, protože ho nenajde. Radil jsem vám, abyste uložil oba soubory přímo na kořen c:\.

Tak konečně se mi to povedlo :

ComboFix 12-04-01.01 - Hnízdil 03.04.2012 22:11:23.7.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.1024.383 [GMT 2:00]
Spuštěný z: c:\users\Hnízdil\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\isRS-000.tmp
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-03 do 2012-04-03 )))))))))))))))))))))))))))))))
.
.
2012-04-03 20:21 . 2012-04-03 20:21 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-04-03 20:21 . 2012-04-03 20:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-03 09:17 . 2012-04-03 09:17 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E6EA03C6-2AFC-42EE-9695-78EA2D907B3C}\offreg.dll
2012-04-03 08:44 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E6EA03C6-2AFC-42EE-9695-78EA2D907B3C}\mpengine.dll
2012-04-02 19:52 . 2012-04-02 19:53 -------- d-----w- C:\totalcmd
2012-04-02 19:52 . 2012-04-02 19:52 -------- d-----w- c:\users\Hnízdil\AppData\Roaming\GHISLER
2012-04-02 19:52 . 2012-03-09 05:57 545 ----a-w- c:\windows\UC.PIF
2012-04-02 19:52 . 2012-03-09 05:57 545 ----a-w- c:\windows\RAR.PIF
2012-04-02 19:52 . 2012-03-09 05:57 545 ----a-w- c:\windows\NOCLOSE.PIF
2012-04-02 19:52 . 2012-03-09 05:57 545 ----a-w- c:\windows\LHA.PIF
2012-04-02 19:52 . 2012-03-09 05:57 545 ----a-w- c:\windows\ARJ.PIF
2012-04-02 19:33 . 2012-04-02 19:33 -------- d-----w- c:\users\Hnízdil\AppData\Local\Diagnostics
2012-04-01 19:16 . 2012-04-01 19:16 -------- d-----w- c:\program files\trend micro
2012-04-01 19:16 . 2012-04-01 19:16 -------- d-----w- C:\rsit
2012-04-01 19:13 . 2012-04-01 19:13 -------- d-----w- c:\program files (x86)\Lavalys
2012-03-30 18:25 . 2012-03-30 18:25 -------- d-----w- C:\Riot Games
2012-03-30 17:17 . 2012-04-01 20:59 -------- d-----w- C:\LeagueOfLegends
2012-03-26 19:23 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-24 20:59 . 2012-03-24 20:59 -------- d-----w- c:\program files (x86)\Codemasters
2012-03-24 18:53 . 2012-03-24 18:53 -------- d-----w- c:\windows\SysWow64\URTTEMP
2012-03-24 18:49 . 2012-03-24 18:49 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-03-24 18:49 . 2012-03-24 18:49 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-03-24 18:49 . 2012-03-24 18:49 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-03-22 15:15 . 2012-03-22 15:18 -------- d-----w- c:\programdata\Electronic Arts
2012-03-22 15:05 . 2008-03-05 15:03 238088 ----a-w- c:\windows\SysWow64\xactengine3_0.dll
2012-03-22 15:04 . 2007-03-15 15:57 506728 ----a-w- c:\windows\system32\d3dx10_33.dll
2012-03-18 16:04 . 2012-03-18 16:04 -------- d-----w- c:\users\Hnízdil\AppData\Roaming\uTorrent
2012-03-14 22:51 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 22:51 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 22:51 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 09:47 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 09:47 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 09:47 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 09:46 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 09:46 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 09:46 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 09:46 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 09:46 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 09:46 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 09:46 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-06 23:15 . 2011-10-24 10:29 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-10-24 10:29 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2011-10-24 10:30 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2011-10-24 10:30 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2011-10-24 10:30 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:01 . 2011-10-24 10:30 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-10-24 10:30 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2011-10-24 10:30 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 08:18 . 2011-08-01 12:52 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-18 16:08 . 2011-08-01 16:59 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-01_20.05.33 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-04-01 18:53 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-03 16:43 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-01 18:53 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-03 16:43 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-02 10:26 . 2012-04-03 08:41 34356 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-03 08:41 35102 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-08 14:09 . 2011-12-10 13:24 23152 c:\windows\system32\drivers\mbam.sys
- 2011-12-08 14:09 . 2011-12-10 14:24 23152 c:\windows\system32\drivers\mbam.sys
- 2011-08-01 10:55 . 2012-03-27 10:32 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-01 10:55 . 2012-04-03 09:14 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-01 10:55 . 2012-03-27 10:32 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-01 10:55 . 2012-04-03 09:14 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-27 10:32 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-03 09:14 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-01 12:31 . 2012-04-03 08:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-01 12:31 . 2012-04-01 06:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-01 12:31 . 2012-04-01 06:41 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-01 12:31 . 2012-04-03 08:41 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-01 12:31 . 2012-04-03 08:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-01 12:31 . 2012-04-01 06:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-01 12:37 . 2012-04-01 20:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-01 12:37 . 2012-04-03 20:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-01 12:37 . 2012-04-03 20:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-01 12:37 . 2012-04-01 20:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-03 10:51 . 2012-04-01 21:18 6764 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-08-03 10:51 . 2012-03-31 21:32 6764 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-08-01 12:36 . 2012-04-03 08:41 9880 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3470775447-2730004659-1525072715-1001_UserData.bin
- 2012-04-01 06:40 . 2012-04-01 06:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-03 08:34 . 2012-04-03 08:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-03 08:34 . 2012-04-03 08:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-01 06:40 . 2012-04-01 06:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-04-01 18:53 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-03 16:43 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 02:36 . 2012-04-01 17:33 690502 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-03 11:05 690502 c:\windows\system32\perfh009.dat
- 2009-07-14 15:18 . 2012-04-01 17:33 705672 c:\windows\system32\perfh005.dat
+ 2009-07-14 15:18 . 2012-04-03 11:05 705672 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2012-04-03 11:05 135230 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-01 17:33 135230 c:\windows\system32\perfc009.dat
- 2009-07-14 15:18 . 2012-04-01 17:33 151674 c:\windows\system32\perfc005.dat
+ 2009-07-14 15:18 . 2012-04-03 11:05 151674 c:\windows\system32\perfc005.dat
- 2009-07-14 05:01 . 2012-03-30 17:10 237476 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-02 21:46 237476 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-08-06 21:19 . 2012-04-01 21:43 694876 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3470775447-2730004659-1525072715-1001-12288.dat
+ 2011-08-01 13:21 . 2012-04-02 21:47 3052788 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3470775447-2730004659-1525072715-1001-8192.dat
- 2011-08-01 13:21 . 2012-03-30 05:07 3052788 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3470775447-2730004659-1525072715-1001-8192.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SpywareTerminatorUpdate"="c:\windows.old\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-03-12 3037696]
"Akamai NetSession Interface"="c:\users\Hnízdil\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"="c:\windows.old\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-03-12 2166784]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\users\Hnízdil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - c:\program files (x86)\OpenOffice.org 2.3\program\quickstart.exe [2007-9-11 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-03 136176]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-03 136176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\HNZDIL~1\AppData\Local\Temp\0051919.tmp [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 61976]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 430616]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-03 17:31]
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-03 17:31]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Hnízdil\AppData\Roaming\Mozilla\Firefox\Profiles\c5g4w8yz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2928751&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx? ... 60446&qkw=
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\HNZDIL~1\AppData\Local\Temp\0051919.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1d,a7,6b,36,07,ac,a6,49,b1,d7,a7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1d,a7,6b,36,07,ac,a6,49,b1,d7,a7,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@="FlashProp Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-04-03 22:27:41
ComboFix-quarantined-files.txt 2012-04-03 20:27
.
Před spuštěním: Volných bajtů: 35 684 417 536
Po spuštění: Volných bajtů: 35 635 417 088
.
- - End Of File - - C0DCFA799F4776673C3327D67F4FC012

Spouštěl jste CF tím skriptem, který jsem uvedl výše? V hlavičcce logu o tom není zmínka a CF opět nemazal.

Hups,spouštěl jsem to beze scriptu .Ted jsem to zkoušel s tím scriptem,a vyjel mi zase log s diakritikou i když jsem to spouštěl přímo z kořene C:/ Tak nevím kde je chyba .

Musíte CF spustit pomocí skriptu. Jinak nebude smazáno to, co je ve skriptu napsáno.

Dělám vše podle vašich instrukcí,ale když to spustím ze scriptem vyjede mi tento log:
A přitom to spouštím přímo z C:/-a log ukazuje že to spouštím z c:\users\HnÝzdil\Downloads\ComboFix.exe což není pravda .

ComboFix 12-04-01.01 - Hnízdil 04.04.2012 23:10:47.10.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.1024.398 [GMT 2:00]
Spuštěný z: c:\users\HnÝzdil\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\plocha\CFScript.txt..txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-04 do 2012-04-04 )))))))))))))))))))))))))))))))
.
.
2012-04-04 21:22 . 2012-04-04 21:22 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-04-04 21:22 . 2012-04-04 21:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-03 09:17 . 2012-04-03 09:17 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E6EA03C6-2AFC-42EE-9695-78EA2D907B3C}\offreg.dll
2012-04-03 08:44 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E6EA03C6-2AFC-42EE-9695-78EA2D907B3C}\mpengine.dll
2012-04-02 19:52 . 2012-04-02 19:53 -------- d-----w- C:\totalcmd
2012-04-02 19:52 . 2012-04-02 19:52 -------- d-----w- c:\users\Hnízdil\AppData\Roaming\GHISLER
2012-04-02 19:52 . 2012-03-09 05:57 545 ----a-w- c:\windows\UC.PIF
2012-04-02 19:52 . 2012-03-09 05:57 545 ----a-w- c:\windows\RAR.PIF
2012-04-02 19:52 . 2012-03-09 05:57 545 ----a-w- c:\windows\NOCLOSE.PIF
2012-04-02 19:52 . 2012-03-09 05:57 545 ----a-w- c:\windows\LHA.PIF
2012-04-02 19:52 . 2012-03-09 05:57 545 ----a-w- c:\windows\ARJ.PIF
2012-04-02 19:33 . 2012-04-02 19:33 -------- d-----w- c:\users\Hnízdil\AppData\Local\Diagnostics
2012-04-01 19:16 . 2012-04-01 19:16 -------- d-----w- c:\program files\trend micro
2012-04-01 19:16 . 2012-04-01 19:16 -------- d-----w- C:\rsit
2012-04-01 19:13 . 2012-04-01 19:13 -------- d-----w- c:\program files (x86)\Lavalys
2012-03-30 18:25 . 2012-03-30 18:25 -------- d-----w- C:\Riot Games
2012-03-30 17:17 . 2012-04-01 20:59 -------- d-----w- C:\LeagueOfLegends
2012-03-26 19:23 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-24 20:59 . 2012-03-24 20:59 -------- d-----w- c:\program files (x86)\Codemasters
2012-03-24 18:53 . 2012-03-24 18:53 -------- d-----w- c:\windows\SysWow64\URTTEMP
2012-03-24 18:49 . 2012-03-24 18:49 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-03-24 18:49 . 2012-03-24 18:49 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-03-24 18:49 . 2012-03-24 18:49 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-03-22 15:15 . 2012-03-22 15:18 -------- d-----w- c:\programdata\Electronic Arts
2012-03-22 15:05 . 2008-03-05 15:03 238088 ----a-w- c:\windows\SysWow64\xactengine3_0.dll
2012-03-22 15:04 . 2007-03-15 15:57 506728 ----a-w- c:\windows\system32\d3dx10_33.dll
2012-03-18 16:04 . 2012-03-18 16:04 -------- d-----w- c:\users\Hnízdil\AppData\Roaming\uTorrent
2012-03-14 22:51 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 22:51 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 22:51 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 09:47 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 09:47 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 09:47 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 09:46 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 09:46 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 09:46 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 09:46 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 09:46 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 09:46 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 09:46 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-06 23:15 . 2011-10-24 10:29 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-10-24 10:29 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2011-10-24 10:30 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2011-10-24 10:30 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2011-10-24 10:30 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:01 . 2011-10-24 10:30 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-10-24 10:30 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2011-10-24 10:30 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 08:18 . 2011-08-01 12:52 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-18 16:08 . 2011-08-01 16:59 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-01_20.05.33 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-04-01 18:53 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-04 21:24 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-01 18:53 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-04 21:24 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-02 10:26 . 2012-04-04 12:46 34576 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-03 21:40 35134 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-08 14:09 . 2011-12-10 13:24 23152 c:\windows\system32\drivers\mbam.sys
- 2011-12-08 14:09 . 2011-12-10 14:24 23152 c:\windows\system32\drivers\mbam.sys
- 2011-08-01 10:55 . 2012-03-27 10:32 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-01 10:55 . 2012-04-03 09:14 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-01 10:55 . 2012-03-27 10:32 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-01 10:55 . 2012-04-03 09:14 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-27 10:32 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-03 09:14 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-01 12:31 . 2012-04-04 12:44 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-01 12:31 . 2012-04-01 06:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-01 12:31 . 2012-04-01 06:41 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-01 12:31 . 2012-04-04 12:44 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-01 12:31 . 2012-04-04 12:44 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-01 12:31 . 2012-04-01 06:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-01 12:37 . 2012-04-01 20:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-01 12:37 . 2012-04-04 21:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-01 12:37 . 2012-04-04 21:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-01 12:37 . 2012-04-01 20:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-03 10:51 . 2012-04-01 21:18 6764 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-08-03 10:51 . 2012-03-31 21:32 6764 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-08-01 12:36 . 2012-04-03 08:41 9880 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3470775447-2730004659-1525072715-1001_UserData.bin
- 2012-04-01 06:40 . 2012-04-01 06:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-04 12:43 . 2012-04-04 21:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-04 12:43 . 2012-04-04 21:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-01 06:40 . 2012-04-01 06:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-04-01 18:53 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-04 21:24 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 02:36 . 2012-04-01 17:33 690502 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-03 11:05 690502 c:\windows\system32\perfh009.dat
- 2009-07-14 15:18 . 2012-04-01 17:33 705672 c:\windows\system32\perfh005.dat
+ 2009-07-14 15:18 . 2012-04-03 11:05 705672 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2012-04-03 11:05 135230 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-01 17:33 135230 c:\windows\system32\perfc009.dat
- 2009-07-14 15:18 . 2012-04-01 17:33 151674 c:\windows\system32\perfc005.dat
+ 2009-07-14 15:18 . 2012-04-03 11:05 151674 c:\windows\system32\perfc005.dat
- 2009-07-14 05:01 . 2012-03-30 17:10 237476 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-03 21:53 237476 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-08-06 21:19 . 2012-04-01 21:43 694876 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3470775447-2730004659-1525072715-1001-12288.dat
+ 2011-08-01 13:21 . 2012-04-02 21:47 3052788 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3470775447-2730004659-1525072715-1001-8192.dat
- 2011-08-01 13:21 . 2012-03-30 05:07 3052788 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3470775447-2730004659-1525072715-1001-8192.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SpywareTerminatorUpdate"="c:\windows.old\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-03-12 3037696]
"Akamai NetSession Interface"="c:\users\Hnízdil\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"="c:\windows.old\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-03-12 2166784]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\users\Hnízdil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - c:\program files (x86)\OpenOffice.org 2.3\program\quickstart.exe [2007-9-11 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-03 136176]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-03 136176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 61976]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 430616]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Hnízdil\AppData\Roaming\Mozilla\Firefox\Profiles\c5g4w8yz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows.old\Program Files\Spyware Terminator\sp_rsser.exe
.
**************************************************************************
.
Celkový čas: 2012-04-04 23:30:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-04 21:30
ComboFix2.txt 2012-04-03 21:48
.
Před spuštěním: Volných bajtů: 35 256 066 048
Po spuštění: Volných bajtů: 35 268 677 632
.
- - End Of File - - B3278167780FE2B159BB979E0EA72A84

Oblbovat můžeš nás, manželku, děti, tchýni, ale PC a jeho systém neoblbneš.
Na root C:\ musíš přesunout soubor ComboFix.exe i CFScript.txt (ne CFScript.txt..txt )- a nejen jejich zástupce

Rudy promiň

ComboFix 12-04-01.01 - Hnízdil 05.04.2012 18:21:33.7.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.1024.352 [GMT 2:00]
Spuštěný z: c:\users\Hnízdil\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\plocha\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\isRS-000.tmp
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_X6VA005
-------\Service_Akamai
-------\Service_X6va005
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-05 do 2012-04-05 )))))))))))))))))))))))))))))))
.
.
2012-04-05 16:33 . 2012-04-05 16:33 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-04-05 16:33 . 2012-04-05 16:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-05 16:01 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5B2454BC-4105-4103-B7C6-BAA4777CFE03}\mpengine.dll
2012-04-05 10:02 . 2012-04-05 10:02 -------- d-----w- c:\users\Hnízdil\AppData\Local\GHISLER
2012-04-02 19:52 . 2012-04-05 15:55 -------- d-----w- c:\users\Hnízdil\AppData\Roaming\GHISLER
2012-04-02 19:52 . 2012-04-02 19:53 -------- d-----w- C:\totalcmd
2012-04-02 19:52 . 2012-03-09 05:57 545 ----a-w- c:\windows\UC.PIF
2012-04-02 19:52 . 2012-03-09 05:57 545 ----a-w- c:\windows\RAR.PIF
2012-04-02 19:52 . 2012-03-09 05:57 545 ----a-w- c:\windows\NOCLOSE.PIF
2012-04-02 19:52 . 2012-03-09 05:57 545 ----a-w- c:\windows\LHA.PIF
2012-04-02 19:52 . 2012-03-09 05:57 545 ----a-w- c:\windows\ARJ.PIF
2012-04-02 19:33 . 2012-04-02 19:33 -------- d-----w- c:\users\Hnízdil\AppData\Local\Diagnostics
2012-04-01 19:16 . 2012-04-01 19:16 -------- d-----w- c:\program files\trend micro
2012-04-01 19:16 . 2012-04-01 19:16 -------- d-----w- C:\rsit
2012-04-01 19:13 . 2012-04-01 19:13 -------- d-----w- c:\program files (x86)\Lavalys
2012-03-30 18:25 . 2012-04-05 15:54 -------- d-----w- C:\Riot Games
2012-03-30 17:17 . 2012-04-01 20:59 -------- d-----w- C:\LeagueOfLegends
2012-03-26 19:23 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-24 20:59 . 2012-03-24 20:59 -------- d-----w- c:\program files (x86)\Codemasters
2012-03-24 18:53 . 2012-03-24 18:53 -------- d-----w- c:\windows\SysWow64\URTTEMP
2012-03-24 18:49 . 2012-03-24 18:49 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-03-24 18:49 . 2012-03-24 18:49 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-03-24 18:49 . 2012-03-24 18:49 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-03-22 15:15 . 2012-03-22 15:18 -------- d-----w- c:\programdata\Electronic Arts
2012-03-22 15:05 . 2008-03-05 15:03 238088 ----a-w- c:\windows\SysWow64\xactengine3_0.dll
2012-03-22 15:04 . 2007-03-15 15:57 506728 ----a-w- c:\windows\system32\d3dx10_33.dll
2012-03-18 16:04 . 2012-03-18 16:04 -------- d-----w- c:\users\Hnízdil\AppData\Roaming\uTorrent
2012-03-14 22:51 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 22:51 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 22:51 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 09:47 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 09:47 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 09:47 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 09:46 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 09:46 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 09:46 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 09:46 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 09:46 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 09:46 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 09:46 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-06 23:15 . 2011-10-24 10:29 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-10-24 10:29 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2011-10-24 10:30 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2011-10-24 10:30 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2011-10-24 10:30 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:01 . 2011-10-24 10:30 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-10-24 10:30 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2011-10-24 10:30 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 08:18 . 2011-08-01 12:52 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-18 16:08 . 2011-08-01 16:59 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SpywareTerminatorUpdate"="c:\windows.old\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-03-12 3037696]
"Akamai NetSession Interface"="c:\users\Hnízdil\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"="c:\windows.old\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-03-12 2166784]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\users\Hnízdil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - c:\program files (x86)\OpenOffice.org 2.3\program\quickstart.exe [2007-9-11 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-03 136176]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-03 136176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 61976]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 430616]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF18966.3XE" [2010-11-20 345088]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Hnízdil\AppData\Roaming\Mozilla\Firefox\Profiles\c5g4w8yz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-DAEMON Tools Lite - c:\program files (x86)\DAEMON Tools Lite\uninst.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows.old\Program Files\Spyware Terminator\sp_rsser.exe
.
**************************************************************************
.
Celkový čas: 2012-04-05 18:50:09 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-05 16:50
.
Před spuštěním: Volných bajtů: 34 867 093 504
Po spuštění: Volných bajtů: 34 472 361 984
.
- - End Of File - - F333ACD4E4910ECBA1A48A5D98259FB2
Nahr nˇ probŘhlo ŁspŘçnŘ