VIRY.CZ

Ahojte,
Prosím mohl by mi někdo pomoct zkontrolovat .log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:26:28, on 10.4.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Users\MartyDC\Desktop\OTM.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\MartyDC\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
O4 - HKLM\..\Run: [eScan Updater] C:\PROGRA~2\eScan\TRAYICOS.EXE /App
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [OTM] "C:\Users\MartyDC\Desktop\OTM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\MartyDC\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Vagex] C:\Users\MartyDC\Desktop\byODJ\lol\Vagex.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Exetender_298] "C:\Program Files (x86)\Frag Games\GPlayer.exe" /runonstartup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Steam – zástupce (2).lnk = G:\ProgramFiles\STEAM\Steam.exe
O4 - Startup: Vagex – zástupce.lnk = C:\Users\MartyDC\Desktop\byODJ\lol\Vagex.exe
O4 - Global Startup: old
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Licensing Console -                                                                                                      - C:\Windows\system32\msvfd32.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: eScan Server-Updater (eScan-trayicos) - MicroWorld Technologies Inc. - C:\PROGRA~2\eScan\TRAYSSER.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files (x86)\Common Files\MicroWorld\Agent\MWASER.EXE
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12052 bytes

Kód: Vybrat vše

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.61.0.1400
www.malwarebytes.org

Verze databáze: v2012.04.04.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
MartyDC :: JOGOBELLA [administrátor]

Ochrana: Povolena

10.4.2012 19:18:41
mbam-log-2012-04-10 (19-23-07).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 214023
Uplynulý čas: 4 minut, 5 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 1
HKLM\SYSTEM\CurrentControlSet\Services\Adobe Licensing Console (Trojan.Clicker.CT) -> Žádná instrukce nebyla provedena.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 4
C:\Windows\System32\msvfd32.exe (Trojan.Clicker.CT) -> Žádná instrukce nebyla provedena.
C:\Users\MartyDC\AppData\Roaming\start_me.exe (Trojan.Keylogger.MSIL) -> Žádná instrukce nebyla provedena.
C:\Users\MartyDC\AppData\Roaming\addons.dat (Bifrose.Trace) -> Žádná instrukce nebyla provedena.
C:\Users\MartyDC\AppData\Roaming\data.dat (Stolen.Data) -> Žádná instrukce nebyla provedena.

(konec)

ještě .log z OTM

Kód: Vybrat vše

All processes killed
========== FILES ==========
File/Folder C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job not found.
File/Folder C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job not found.
File/Folder C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job not found.
File/Folder C:\Program Files\Google\Update not found.
File/Folder C:\Program Files\ConduitEngine not found.
File/Folder C:\Program Files\Ask.com not found.
File/Folder C:\Program Files\TNod User & Password Finder not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TNOD UP not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\swg not found.
========== SERVICES/DRIVERS ==========
Error: No service named gupdate was found to stop!
Service\Driver key gupdate not found.
Error: No service named gupdatem was found to stop!
Service\Driver key gupdatem not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: MartyDC
->Temp folder emptied: 2841460196 bytes
->Temporary Internet Files folder emptied: 337104110 bytes
->Java cache emptied: 429304 bytes
->Flash cache emptied: 2280 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 53836 bytes
%systemroot% .tmp files removed: 712704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 133462397 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50507 bytes
RecycleBin emptied: 20513662019 bytes
 
Total Files Cleaned = 22 723,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: MartyDC
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTM by OldTimer - Version 3.1.19.0 log created on 04102012_191257

Files moved on Reboot...
C:\Users\MartyDC\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\MartyDC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZXK0GOVY\ads-in-client[1].js moved successfully.
File C:\Users\MartyDC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZXK0GOVY\afr[1].htm not found!
File C:\Users\MartyDC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZXK0GOVY\ucp[1].htm not found!
C:\Users\MartyDC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UT0Z5YV7\AdLoader[1].htm moved successfully.
C:\Users\MartyDC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R00IXIAN\frame-hider[1].htm moved successfully.
File C:\Users\MartyDC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R00IXIAN\mbam-setup-1.61.0.1400[1].exe not found!
C:\Users\MartyDC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HBNBXMG7\xd_proxy[1].htm moved successfully.
C:\Users\MartyDC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7EDNP2KW\home[1].htm moved successfully.
C:\Users\MartyDC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5VQQNXML\facebook[1].htm moved successfully.
File C:\Windows\temp\TMP00000033E85B9075C5941634 not found!
File C:\Windows\temp\TMP00006EADD34544F4689667BB not found!

Registry entries deleted on Reboot...

Dejte log ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

udělal jsem co mi bylo doporučeno...

ComboFix 12-04-11.03 - MartyDC 11.04.2012 20:34:18.1.3 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4095.2078 [GMT 2:00]
Spuštěný z: c:\users\MartyDC\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\CrashLog_20120114.txt
c:\cflog\CrashLog_20120205.txt
C:\prefs.js
c:\program files (x86)\facemoods.com
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoods.crx
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoods.png
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsApp.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsEng.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\uninstall.exe
c:\program files (x86)\HyperCam Toolbar\tbHElper.dll
c:\users\MartyDC\AppData\Roaming\addons.dat
c:\users\MartyDC\AppData\Roaming\data.dat
c:\users\MartyDC\AppData\Roaming\PC3SQLite3.dll
c:\users\MartyDC\AppData\Roaming\Uninstal.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\regedit.com
c:\windows\SysWow64\msvfd32.exe
c:\windows\SysWow64\taskmgr.com
G:\install.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-11 do 2012-04-11 )))))))))))))))))))))))))))))))
.
.
2012-04-10 17:42 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7602154-8F7A-4AFC-ACC4-CD1D1DC05219}\mpengine.dll
2012-04-10 17:16 . 2012-04-10 17:16 -------- d-----w- c:\users\MartyDC\AppData\Roaming\Malwarebytes
2012-04-10 17:16 . 2012-04-10 17:16 -------- d-----w- c:\programdata\Malwarebytes
2012-04-10 17:16 . 2012-04-10 17:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-10 17:16 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-10 17:12 . 2012-04-10 17:12 -------- d-----w- C:\_OTM
2012-04-10 16:44 . 2012-04-10 16:44 -------- d-----w- c:\programdata\Kaspersky SDK
2012-04-10 16:24 . 2012-04-10 16:24 -------- d-----w- C:\PUB
2012-04-10 16:24 . 2012-04-10 16:24 3956 ----a-w- c:\windows\winsbak.reg
2012-04-10 16:24 . 2012-04-10 16:24 142642 ----a-w- c:\windows\winsbak2.reg
2012-04-10 16:24 . 2012-04-10 16:24 -------- d-----w- c:\programdata\OEM Links
2012-04-10 16:24 . 2010-11-21 03:23 227328 ----a-w- c:\windows\SysWow64\T.COM
2012-04-10 16:24 . 2009-07-14 01:14 398336 ----a-w- c:\windows\R.COM
2012-04-10 16:24 . 2012-04-10 16:24 -------- d-----w- c:\program files (x86)\Common Files\MicroWorld
2012-04-10 16:24 . 2008-07-16 14:09 49152 ----a-w- c:\windows\killproc.exe
2012-04-10 16:17 . 2012-04-10 16:17 8388096 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{FD4D296A-FA59-489A-A687-72F21117B4D6}-KapowMulti.exe
2012-04-10 15:16 . 2012-04-10 15:16 511368 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{1F2C9F8C-871F-4371-9E2F-488266F9DBB0}-PbUpdate.exe
2012-04-10 15:15 . 2012-04-10 15:15 1104264 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{0C8ADF2E-E053-4088-A152-6FC250B84F04}-PbLauncher.exe
2012-04-10 13:53 . 2012-04-10 13:53 6755160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{DCC26E83-3103-4115-BF80-02C3F6E32A11}-LaunchEFLC.exe
2012-04-10 12:22 . 2012-04-10 12:22 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-08 15:30 . 2012-04-10 15:56 -------- d-----w- c:\users\MartyDC\AppData\Roaming\.techniclauncher
2012-04-06 13:23 . 2012-04-06 13:23 -------- d-----w- c:\program files\Common Files\Digidesign
2012-04-06 13:23 . 2012-04-06 13:23 -------- d-----w- c:\program files (x86)\Native Instruments
2012-04-06 13:23 . 2012-04-06 13:23 -------- d-----w- c:\program files (x86)\Common Files\Native Instruments
2012-04-06 13:21 . 2012-04-06 13:21 -------- d-----w- c:\program files (x86)\ASIO4ALL v2
2012-04-06 13:21 . 2012-04-06 13:23 -------- d-----w- c:\program files (x86)\VstPlugins
2012-04-06 13:21 . 2006-06-20 08:56 225280 ----a-w- c:\windows\SysWow64\rewire.dll
2012-04-06 13:20 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\SysWow64\vorbis.acm
2012-04-06 13:20 . 2012-04-06 13:20 -------- d-----w- c:\program files (x86)\Outsim
2012-04-06 13:18 . 2012-04-06 13:21 -------- d-----w- c:\program files (x86)\Image-Line
2012-04-06 11:43 . 2012-04-06 11:43 -------- d-----w- c:\program files (x86)\VictorVal
2012-04-06 09:46 . 2012-04-06 09:46 -------- d-----w- c:\program files (x86)\Rovio
2012-04-06 09:38 . 2012-04-11 18:49 -------- d-----w- c:\program files (x86)\Steam
2012-04-02 17:09 . 2012-04-02 17:09 -------- d-----w- c:\users\MartyDC\AppData\Local\Pinnacle
2012-04-02 16:11 . 2012-04-02 16:11 -------- d-----w- c:\program files (x86)\NAMCO BANDAI Games
2012-04-02 16:00 . 2012-04-03 12:41 -------- d-----w- c:\program files (x86)\s
2012-03-27 15:09 . 2012-03-27 15:13 -------- d-----w- c:\program files (x86)\Rayman Origins
2012-03-27 14:41 . 2012-03-27 14:41 -------- d-----w- c:\users\MartyDC\AppData\Roaming\SFBot
2012-03-26 14:54 . 2012-04-04 11:44 -------- d-----w- c:\program files (x86)\GameSpy Arcade
2012-03-25 09:27 . 2012-03-25 09:27 -------- d-----w- c:\program files (x86)\GameSpy
2012-03-24 17:57 . 2012-03-24 19:09 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-03-24 17:57 . 2012-03-24 17:57 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-03-14 10:13 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 10:13 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 10:13 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 10:01 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 10:01 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 10:01 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 09:59 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 09:59 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 09:59 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 09:59 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 09:59 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 09:59 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 09:59 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-10 12:22 . 2011-10-27 19:08 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-24 17:57 . 2011-11-26 16:56 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-03-14 03:27 . 2011-10-27 19:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-05 18:04 . 2012-03-05 18:04 33344 ----a-w- c:\windows\system32\drivers\hamachi.sys
2012-02-10 11:16 . 2012-02-10 11:16 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B426C702-48B2-4811-9F02-829C9487087B}\gapaengine.dll
2012-02-04 12:27 . 2012-02-04 12:27 525544 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-03 13:36 . 2012-02-03 13:36 37888 ----a-w- c:\users\MartyDC\AppData\Roaming\start_me.exe
2012-01-31 12:44 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-04-06 1242448]
"BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2012-02-18 650104]
"Facebook Update"="c:\users\MartyDC\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-10-30 137536]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"Vagex"="c:\users\MartyDC\Desktop\byODJ\lol\Vagex.exe" [2012-04-02 153088]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Comrade.exe"="c:\program files (x86)\GameSpy\Comrade\Comrade.exe" [2007-06-29 36864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"eScan Updater"="c:\progra~2\eScan\TRAYICOS.EXE" [2008-07-11 1772032]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\MartyDC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Steam – zástupce (2).lnk - g:\programfiles\STEAM\Steam.exe [2009-9-14 1242448]
Vagex – zástupce.lnk - c:\users\MartyDC\Desktop\byODJ\lol\Vagex.exe [2012-1-8 153088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 Adobe Licensing Console;Adobe Licensing Console;c:\windows\system32\msvfd32.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 253600]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-12-08 1038088]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 eScan-trayicos;eScan Server-Updater;c:\progra~2\eScan\TRAYSSER.EXE [2008-07-16 78848]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 ProcObsrvesx;Process Creation Monitor;c:\progra~2\eScan\ProcObsrvesx.sys [2008-04-15 12808]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 12:22]
.
2012-04-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1012452847-1662401569-1411899620-1000Core.job
- c:\users\MartyDC\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-30 17:14]
.
2012-04-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1012452847-1662401569-1411899620-1000UA.job
- c:\users\MartyDC\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-30 17:14]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\uninstall.exe
AddRemove-Minecraft 1.2.0_02 - c:\users\MartyDC\AppData\Roaming\Uninstal.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-Steam App 105600 - e:\programfiles\STEAM\steam.exe
AddRemove-Steam App 12120 - e:\programfiles\STEAM\steam.exe
AddRemove-Steam App 12210 - e:\programfiles\STEAM\steam.exe
AddRemove-Steam App 12220 - e:\programfiles\STEAM\steam.exe
AddRemove-Steam App 1520 - e:\programfiles\STEAM\steam.exe
AddRemove-Steam App 18500 - e:\programfiles\STEAM\steam.exe
AddRemove-Steam App 33130 - e:\programfiles\STEAM\steam.exe
AddRemove-Steam App 39530 - e:\programfiles\STEAM\steam.exe
AddRemove-Steam App 41000 - e:\programfiles\STEAM\steam.exe
AddRemove-Steam App 55110 - e:\programfiles\STEAM\steam.exe
AddRemove-Steam App 56400 - e:\programfiles\STEAM\steam.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1012452847-1662401569-1411899620-1000\Software\SecuROM\License information*]
"datasecu"=hex:bd,ca,34,02,09,a8,9c,c5,db,7f,63,c5,ae,07,84,71,65,d0,30,1a,86,
0d,d5,f2,93,77,2f,1e,ab,81,5e,0d,78,ed,6a,1a,6d,51,46,b4,fd,cf,f6,66,37,9e,\
"rkeysecu"=hex:bf,7f,21,87,a7,c2,b0,13,91,95,c3,77,d3,c8,7d,97
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\MicroWorld\Agent\MWASER.EXE
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\MicroWorld\Agent\MWAgent.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Celkový čas: 2012-04-11 20:56:13 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-11 18:56
.
Před spuštěním: Volných bajtů: 87 374 036 992
Po spuštění: Volných bajtů: 86 557 265 920
.
- - End Of File - - D0B4067B360C98C5013DD6E033F8EA71

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Folder::
c:\users\MartyDC\AppData\Local\Facebook\Update

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"=-

Regnull::
[HKEY_USERS\S-1-5-21-1012452847-1662401569-1411899620-1000\Software\SecuROM\License information*]

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Dnes už se na pc nedostanú... (Sem z mobilu) tak se na to mrknu až zítra.. A děkuji za pohotovostní reakce..
Přeju hezky strávený zbytek vecera

Zatím není zač, zítra zde opět budu.

Kód: Vybrat vše

ComboFix 12-04-11.03 - MartyDC 12.04.2012  17:17:43.2.3 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1250.420.1029.18.4095.2291 [GMT 2:00]
Spuštěný z: c:\users\MartyDC\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\MartyDC\Desktop\CFScript.txt.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Ostatní výmazy   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\MartyDC\AppData\Local\Facebook\Update
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\FacebookCrashHandler.exe
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\FacebookUpdate.exe
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\FacebookUpdateHelper.msi
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdate.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ar.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_bg.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_bn.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ca.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_cs.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_da.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_de.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_el.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_en-GB.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_en.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_es-419.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_es.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_et.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fa.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fi.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fil.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fr.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_gu.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hi.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hr.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hu.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_id.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_is.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_it.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_iw.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ja.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_kn.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ko.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_lt.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_lv.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ml.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_mr.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ms.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_nl.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_no.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_or.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pl.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pt-BR.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pt-PT.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ro.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ru.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sk.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sl.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sr.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sv.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ta.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_te.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_th.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_tr.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_uk.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ur.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_vi.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_zh-CN.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_zh-TW.dll
c:\users\MartyDC\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
.
(((((((((((((((((((((((((   Soubory vytvořené od 2012-03-12 do 2012-04-12  )))))))))))))))))))))))))))))))
.
.
2012-04-12 15:35 . 2012-04-12 15:35	69000	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7A7CBACC-54FA-4E1F-91CE-5BD26AA3A654}\offreg.dll
2012-04-12 15:33 . 2012-04-12 15:33	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-04-12 15:33 . 2012-04-12 15:33	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-04-11 19:07 . 2012-03-14 03:27	8669240	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7A7CBACC-54FA-4E1F-91CE-5BD26AA3A654}\mpengine.dll
2012-04-10 17:16 . 2012-04-10 17:16	--------	d-----w-	c:\users\MartyDC\AppData\Roaming\Malwarebytes
2012-04-10 17:16 . 2012-04-10 17:16	--------	d-----w-	c:\programdata\Malwarebytes
2012-04-10 17:16 . 2012-04-10 17:16	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-10 17:16 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-04-10 17:12 . 2012-04-10 17:12	--------	d-----w-	C:\_OTM
2012-04-10 16:44 . 2012-04-10 16:44	--------	d-----w-	c:\programdata\Kaspersky SDK
2012-04-10 16:24 . 2012-04-10 16:24	--------	d-----w-	C:\PUB
2012-04-10 16:24 . 2012-04-10 16:24	3956	----a-w-	c:\windows\winsbak.reg
2012-04-10 16:24 . 2012-04-10 16:24	142642	----a-w-	c:\windows\winsbak2.reg
2012-04-10 16:24 . 2012-04-10 16:24	--------	d-----w-	c:\programdata\OEM Links
2012-04-10 16:24 . 2010-11-21 03:23	227328	----a-w-	c:\windows\SysWow64\T.COM
2012-04-10 16:24 . 2009-07-14 01:14	398336	----a-w-	c:\windows\R.COM
2012-04-10 16:24 . 2012-04-10 16:24	--------	d-----w-	c:\program files (x86)\Common Files\MicroWorld
2012-04-10 16:24 . 2008-07-16 14:09	49152	----a-w-	c:\windows\killproc.exe
2012-04-10 12:22 . 2012-04-10 12:22	418464	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-08 15:30 . 2012-04-11 19:19	--------	d-----w-	c:\users\MartyDC\AppData\Roaming\.techniclauncher
2012-04-06 13:23 . 2012-04-06 13:23	--------	d-----w-	c:\program files\Common Files\Digidesign
2012-04-06 13:23 . 2012-04-06 13:23	--------	d-----w-	c:\program files (x86)\Native Instruments
2012-04-06 13:23 . 2012-04-06 13:23	--------	d-----w-	c:\program files (x86)\Common Files\Native Instruments
2012-04-06 13:21 . 2012-04-06 13:21	--------	d-----w-	c:\program files (x86)\ASIO4ALL v2
2012-04-06 13:21 . 2012-04-06 13:23	--------	d-----w-	c:\program files (x86)\VstPlugins
2012-04-06 13:21 . 2006-06-20 08:56	225280	----a-w-	c:\windows\SysWow64\rewire.dll
2012-04-06 13:20 . 2009-09-15 09:14	1554944	----a-w-	c:\windows\SysWow64\vorbis.acm
2012-04-06 13:20 . 2012-04-06 13:20	--------	d-----w-	c:\program files (x86)\Outsim
2012-04-06 13:18 . 2012-04-06 13:21	--------	d-----w-	c:\program files (x86)\Image-Line
2012-04-06 11:43 . 2012-04-06 11:43	--------	d-----w-	c:\program files (x86)\VictorVal
2012-04-06 09:46 . 2012-04-06 09:46	--------	d-----w-	c:\program files (x86)\Rovio
2012-04-02 17:09 . 2012-04-02 17:09	--------	d-----w-	c:\users\MartyDC\AppData\Local\Pinnacle
2012-04-02 16:11 . 2012-04-02 16:11	--------	d-----w-	c:\program files (x86)\NAMCO BANDAI Games
2012-04-02 16:00 . 2012-04-03 12:41	--------	d-----w-	c:\program files (x86)\s
2012-03-27 15:09 . 2012-03-27 15:13	--------	d-----w-	c:\program files (x86)\Rayman Origins
2012-03-27 14:41 . 2012-03-27 14:41	--------	d-----w-	c:\users\MartyDC\AppData\Roaming\SFBot
2012-03-26 14:54 . 2012-04-04 11:44	--------	d-----w-	c:\program files (x86)\GameSpy Arcade
2012-03-25 09:27 . 2012-03-25 09:27	--------	d-----w-	c:\program files (x86)\GameSpy
2012-03-24 17:57 . 2012-03-24 19:09	103736	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-03-24 17:57 . 2012-03-24 17:57	669184	----a-w-	c:\windows\SysWow64\pbsvc.exe
2012-03-14 10:13 . 2011-11-19 15:20	5559152	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-14 10:13 . 2011-11-19 14:50	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 10:13 . 2011-11-19 14:50	3913584	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 10:01 . 2012-02-03 04:34	3145728	----a-w-	c:\windows\system32\win32k.sys
2012-03-14 10:01 . 2012-02-10 06:36	1544192	----a-w-	c:\windows\system32\DWrite.dll
2012-03-14 10:01 . 2012-02-10 05:38	1077248	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-03-14 09:59 . 2012-01-25 06:38	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-03-14 09:59 . 2012-01-25 06:38	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-03-14 09:59 . 2012-01-25 06:33	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-03-14 09:59 . 2012-02-17 06:38	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2012-03-14 09:59 . 2012-02-17 05:34	826880	----a-w-	c:\windows\SysWow64\rdpcore.dll
2012-03-14 09:59 . 2012-02-17 04:58	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-14 09:59 . 2012-02-17 04:57	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M výpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-10 12:22 . 2011-10-27 19:08	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-24 17:57 . 2011-11-26 16:56	66872	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2012-03-14 03:27 . 2011-10-27 19:27	8669240	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-05 18:04 . 2012-03-05 18:04	33344	----a-w-	c:\windows\system32\drivers\hamachi.sys
2012-02-10 11:16 . 2012-02-10 11:16	927800	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B426C702-48B2-4811-9F02-829C9487087B}\gapaengine.dll
2012-02-04 12:27 . 2012-02-04 12:27	525544	----a-w-	c:\windows\system32\deployJava1.dll
2012-02-03 13:36 . 2012-02-03 13:36	37888	----a-w-	c:\users\MartyDC\AppData\Roaming\start_me.exe
2012-01-31 12:44 . 2010-11-21 03:27	279656	------w-	c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-04-11_18.50.07   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-04-12 15:37	45800              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-12 15:37	40502              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-27 18:48 . 2012-04-12 15:37	14236              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1012452847-1662401569-1411899620-1000_UserData.bin
+ 2012-04-12 15:34 . 2012-04-12 15:34	44920              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2012-04-03 18:18 . 2012-04-03 18:18	44920              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-04-12 15:34 . 2012-04-12 15:34	64352              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2012-04-03 18:18 . 2012-04-03 18:18	64352              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-04-12 15:34 . 2012-04-12 15:34	51032              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-04-03 18:18 . 2012-04-03 18:18	51032              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-04-12 15:34 . 2012-04-12 15:34	50552              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2012-04-03 18:18 . 2012-04-03 18:18	50552              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-04-12 15:33 . 2012-04-12 15:33	81784              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-04-03 18:18 . 2012-04-03 18:18	81784              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-04-12 15:34 . 2012-04-12 15:34	81800              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2012-04-03 18:18 . 2012-04-03 18:18	81800              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2012-04-03 18:18 . 2012-04-03 18:18	39784              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-04-12 15:34 . 2012-04-12 15:34	39784              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-04-12 15:33 . 2012-04-12 15:33	12128              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-04-03 18:18 . 2012-04-03 18:18	12128              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-04-12 15:33 . 2012-04-12 15:33	17240              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-04-03 18:18 . 2012-04-03 18:18	17240              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-04-12 15:33 . 2012-04-12 15:33	78168              c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-04-03 18:17 . 2012-04-03 18:17	78168              c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-04-03 18:17 . 2012-04-03 18:17	81248              c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-04-12 15:33 . 2012-04-12 15:33	81248              c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-04-12 15:34 . 2012-04-12 15:34	97680              c:\windows\assembly\tmp\X56NAHYS\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-04-12 15:23 . 2012-04-12 15:34	2780              c:\windows\SoftwareDistribution\PostRebootEventCache\{74E41B40-F9E0-430C-87F0-9F809FD56B69}.bin
+ 2012-04-12 15:35 . 2012-04-12 15:35	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-11 18:49 . 2012-04-11 18:49	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-11 18:49 . 2012-04-11 18:49	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-12 15:35 . 2012-04-12 15:35	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-04-12 15:14	907680              c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-12 15:14	362124              c:\windows\system32\perfc009.dat
+ 2011-04-12 08:34 . 2012-04-12 15:14	388452              c:\windows\system32\perfc005.dat
- 2009-07-14 05:01 . 2012-04-11 18:48	496932              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-12 15:34	496932              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-04-03 18:18 . 2012-04-03 18:18	138592              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-04-12 15:34 . 2012-04-12 15:34	138592              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-04-03 18:18 . 2012-04-03 18:18	113512              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-04-12 15:34 . 2012-04-12 15:34	113512              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-04-03 18:18 . 2012-04-03 18:18	261472              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-04-12 15:34 . 2012-04-12 15:34	261472              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-04-12 15:34 . 2012-04-12 15:34	236880              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-04-03 18:18 . 2012-04-03 18:18	236880              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-04-03 18:18 . 2012-04-03 18:18	378720              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-04-12 15:34 . 2012-04-12 15:34	378720              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-04-03 18:18 . 2012-04-03 18:18	134528              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-04-12 15:34 . 2012-04-12 15:34	134528              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2012-04-03 18:18 . 2012-04-03 18:18	120152              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-04-12 15:33 . 2012-04-12 15:33	120152              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-04-12 15:34 . 2012-04-12 15:34	616216              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-04-03 18:18 . 2012-04-03 18:18	395120              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-04-12 15:33 . 2012-04-12 15:33	395120              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-04-12 15:33 . 2012-04-12 15:33	182144              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-04-03 18:18 . 2012-04-03 18:18	182144              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-04-12 15:33 . 2012-04-12 15:33	285072              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2012-04-03 18:18 . 2012-04-03 18:18	285072              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-04-12 15:33 . 2012-04-12 15:33	829280              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-04-03 18:18 . 2012-04-03 18:18	829280              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-04-12 15:33 . 2012-04-12 15:33	747360              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-04-03 18:18 . 2012-04-03 18:18	747360              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-04-03 18:18 . 2012-04-03 18:18	436600              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-04-12 15:34 . 2012-04-12 15:34	436600              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-04-12 15:34 . 2012-04-12 15:34	683872              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2012-04-03 18:18 . 2012-04-03 18:18	683872              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2012-04-03 18:18 . 2012-04-03 18:18	409448              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-04-12 15:33 . 2012-04-12 15:33	409448              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-04-12 15:34 . 2012-04-12 15:34	210816              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-04-03 18:18 . 2012-04-03 18:18	210816              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-04-12 15:34 . 2012-04-12 15:34	149848              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2012-04-03 18:18 . 2012-04-03 18:18	149848              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2012-04-03 18:18 . 2012-04-03 18:18	112976              c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-04-12 15:33 . 2012-04-12 15:33	112976              c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-04-03 18:18 . 2012-04-03 18:18	661352              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-04-12 15:33 . 2012-04-12 15:33	661352              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-04-12 15:33 . 2012-04-12 15:33	746336              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-04-03 18:18 . 2012-04-03 18:18	746336              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-04-12 15:33 . 2012-04-12 15:33	505184              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2012-04-03 18:18 . 2012-04-03 18:18	505184              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2012-04-03 18:17 . 2012-04-03 18:17	109568              c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-04-12 15:33 . 2012-04-12 15:33	109568              c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-04-03 18:17 . 2012-04-03 18:17	246128              c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-04-12 15:33 . 2012-04-12 15:33	246128              c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-04-12 08:34 . 2012-04-12 15:14	1400658              c:\windows\system32\perfh005.dat
+ 2012-04-12 15:33 . 2012-04-12 15:33	3512072              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2012-04-03 18:18 . 2012-04-03 18:18	3512072              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2012-04-03 18:18 . 2012-04-03 18:18	2207568              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-04-12 15:34 . 2012-04-12 15:34	2207568              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-04-12 15:34 . 2012-04-12 15:34	5028200              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-04-03 18:18 . 2012-04-03 18:18	5028200              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-04-12 15:34 . 2012-04-12 15:34	1711496              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-04-03 18:18 . 2012-04-03 18:18	1711496              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-04-12 15:34 . 2012-04-12 15:34	4464480              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-04-03 18:18 . 2012-04-03 18:18	4464480              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-04-03 18:18 . 2012-04-03 18:18	1354584              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-04-12 15:34 . 2012-04-12 15:34	1354584              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-04-12 15:33 . 2012-04-12 15:33	2975064              c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-04-03 18:17 . 2012-04-03 18:17	2975064              c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-04-03 18:17 . 2012-04-03 18:17	5201168              c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-04-12 15:33 . 2012-04-12 15:33	5201168              c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-10-29 17:29 . 2012-04-12 15:24	57249312              c:\windows\system32\MRT.exe
+ 2011-10-29 10:25 . 2012-04-12 15:34	58503816              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1012452847-1662401569-1411899620-1000-12288.dat
- 2011-10-29 10:25 . 2012-04-11 18:48	58503816              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1012452847-1662401569-1411899620-1000-12288.dat
.
-- Snímek resetován k současnému datu --
.
((((((((((((((((((((((((((((((((((   Spouštěcí body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2012-02-18 650104]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"Vagex"="c:\users\MartyDC\Desktop\byODJ\lol\Vagex.exe" [2012-04-02 153088]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Comrade.exe"="c:\program files (x86)\GameSpy\Comrade\Comrade.exe" [2007-06-29 36864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"eScan Updater"="c:\progra~2\eScan\TRAYICOS.EXE" [2008-07-11 1772032]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\MartyDC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Steam – zástupce (2).lnk - g:\programfiles\STEAM\Steam.exe [2009-9-14 1242448]
Vagex – zástupce.lnk - c:\users\MartyDC\Desktop\byODJ\lol\Vagex.exe [2012-1-8 153088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	\0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 Adobe Licensing Console;Adobe Licensing Console;c:\windows\system32\msvfd32.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 253600]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-12-08 1038088]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 eScan-trayicos;eScan Server-Updater;c:\progra~2\eScan\TRAYSSER.EXE [2008-07-16 78848]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 ProcObsrvesx;Process Creation Monitor;c:\progra~2\eScan\ProcObsrvesx.sys [2008-04-15 12808]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 12:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-Steam - c:\program files (x86)\Steam\Steam.exe
AddRemove-Steam App 109410 - c:\program files (x86)\Steam\steam.exe
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\MicroWorld\Agent\MWASER.EXE
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\MicroWorld\Agent\MWAgent.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Celkový čas: 2012-04-12  17:42:49 - počítač byl restartován
ComboFix-quarantined-files.txt  2012-04-12 15:42
ComboFix2.txt  2012-04-11 18:56
.
Před spuštěním: Volných bajtů: 88 002 383 872
Po spuštění: Volných bajtů: 86 564 995 072
.
- - End Of File - - D2A006A4185E96FB99745BDC26AE845A

Ještě nevím jestly to nějak pomůže ale když jsem Microsfot security essensials projížděl PC tak mi nikdy nic nenašel a ted po ComboFixem donuceném restartu mi našel
Obrázek

Log již vypadá OK. Jestli MSE smazal všechny zbytky po viru, měl byste mít čisto.

ok děkuju... ještě bych se chtěl zeptat nemůže to mít nějaké následky na můj Internet..? po nejspíše úspěšném odstranění viru se mi spomalil skoro 10x...
dřív jsem z nejmenovaného serveru stahoval až 1MB/s a ted sotva 120kb/s... a nejde jen o DOWNLOAD ale i o načítání webovek a videa...
nejsíše to je blbost ale co já vím pro jistot use zeptám...

Zkuste restartovat modem, příp. další síť. prvek v datové cestě. Dále zkuste Startmenu>přík. řádek>(napsat) netsh winsock reset>Enter. Restartujte PC.

VIRY.CZ

Jeffo.a-kontrola logu

Jeffo.a-kontrola logu

Re: Jeffo.a-kontrola logu

Re: Jeffo.a-kontrola logu

Re: Jeffo.a-kontrola logu

Re: Jeffo.a-kontrola logu

Re: Jeffo.a-kontrola logu

Re: Jeffo.a-kontrola logu

Re: Jeffo.a-kontrola logu

Re: Jeffo.a-kontrola logu

Re: Jeffo.a-kontrola logu

Re: Jeffo.a-kontrola logu