VIRY.CZ

Dobrý večer,
prosím Vás tímto o kontrolu logu.
Jedná se o počítač od kamaráda, který mě požádal o pomoc. Bohužel si nevím rady a tak bych Vás chtěl poprosit o pomoc. (proč má 64bit Windows a 1GB RAM nechápu ani já, tak mě za to prosím nekamenujte )

Počítač funguje normálně do chvíle, kdy se na internetu prohlíží jakákoliv stránka. Někdy se počítač vypne hned, někdy až po určité době. (cca do 1 min) - při prohlížení youtube videa okamžitě.
(reinstall flashplayeru nepomohl)
Stejně se projevuje s Explorerem, Mozilou i s Chrome.
Pokud počítač připojím k internetu pomocí Wi-fi klíčenky přes wi-fi (jako právě teď) problém s vypnutím se nevyskytne a surfovat lze bez problému.
Podezříval jsem vadnou integrovanou síťovou kartu, ale bohužel stejný problém nastane i při použití PCI síťové karty a vypnutí integrované v BIOS.
Prozatím jsem počítač projel MBAM rychlým skenem a pročistil přes Ccleaner. Obojí bezúspěšně. MBAMB nenašel nic rychlým ani úplným scanem.
Právě se mi kolega svěřil, že na vlastní pěst projel PC Combofixem, ale ani ten nic neobjevil.

Prosím Vás tedy o kontrolu logu, zda něco není v systému, nebo zda mu neumřela základní deska, což je můj názor. (Paměti, zdroj,grafickou kartu i síťovou kartu jsem zkoušel měnit za jiné funkční,bohužel beze změny)
PS: Dřívější bod obnovení bohužel v systému není uložen.

Moc děkuji předem za Vaši ochotu a čas.

Logfile of random's system information tool 1.09 (written by random/random)
Run by GIUSEPPE at 2012-04-14 19:55:23
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 11 GB (36%) free of 30 GB
Total RAM: 1023 MB (24% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:55:30, on 14.4.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Users\GIUSEPPE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GIUSEPPE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GIUSEPPE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\GIUSEPPE.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Movies_on_DVD_7_TerraTec_Edition\TrayServer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAP 10 Alpha] "C:\Program Files (x86)\DAP10\DAP.EXE" /STARTUP
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s ... wflash.cab
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Stavová služba ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7142 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE 0x258
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
"C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
"taskhost.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe" avshadowcontrol0_0000053c
\??\C:\Windows\system32\conhost.exe "9675022611364398553-1677450094-625925486-1665388690-881772821530853815-1440745256
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe"
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe" -Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Users\GIUSEPPE\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\GIUSEPPE\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest="CacheSize/CacheSizeGroup_3/DnsImpact/_max_2 concurrent_prefetch/GlobalSdch/_global_enable_sdch/IPv6_Probe/_IPv6_probe_skipped/" --channel=2968.04F75180.1498850483
"C:\Users\GIUSEPPE\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll --lang=cs --plugin-data-dir="C:\Users\GIUSEPPE\AppData\Local\Google\Chrome\User Data\Default" --channel=2968.04143E00.983352463
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
"C:\Users\GIUSEPPE\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

=========Mozilla firefox=========

ProfilePath - C:\Users\GIUSEPPE\AppData\Roaming\Mozilla\Firefox\Profiles\k44056oj.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "www.seznam.cz"
prefs.js - "extensions.enabledItems" - "{ea614400-e918-4741-9a97-7a972ff7c30b}:2.0.10, {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.7.0.7, {0329E7D6-6F54-462D-93F6-F5C3118BADF2}:2.4.2, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, searchpredict@speedbit.com:1.0.1.0, {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29, {800b5000-a755-47e1-992b-48a1c1357f07}:1.3.4, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.24"
prefs.js - "keyword.URL" - "http://search.sweetim.com/search.asp?src=2&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.233 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.233 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{ea614400-e918-4741-9a97-7a972ff7c30b}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsILegitCheckPlugin.xpt
nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
npLegitCheckPlugin.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
babylon.xml
firmycz.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
mapycz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
zbocz.xml

C:\Users\GIUSEPPE\AppData\Roaming\Mozilla\Firefox\Profiles\k44056oj.default\extensions\
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
{ea614400-e918-4741-9a97-7a972ff7c30b}

C:\Users\GIUSEPPE\AppData\Roaming\Mozilla\Firefox\Profiles\k44056oj.default\searchplugins\
askcom.xml
icqplugin-1.xml
icqplugin-2.xml
icqplugin.xml
speedbit.xml
sweetim.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-02-24 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-02-24 42272]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-05-16 153136]
"DAP 10 Alpha"=C:\Program Files (x86)\DAP10\DAP.EXE /STARTUP []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2011-04-21 281768]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]
"TrayServer"=C:\Program Files (x86)\MAGIX\Movies_on_DVD_7_TerraTec_Edition\TrayServer.exe [2008-04-09 90112]
"TaskTray"= []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2011-10-20 249344]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"VIDC.I420"=emYUV.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.ACDV"=ACDV.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2012-04-14 19:55:25 ----D---- C:\Program Files\trend micro
2012-04-14 19:55:23 ----D---- C:\rsit
2012-04-14 12:30:40 ----D---- C:\ProgramData\McAfee
2012-04-14 12:13:41 ----D---- C:\Windows\Minidump
2012-04-13 22:26:45 ----D---- C:\Program Files (x86)\Driver-Soft
2012-04-13 22:02:55 ----D---- C:\Users\GIUSEPPE\AppData\Roaming\Malwarebytes
2012-04-13 21:58:41 ----D---- C:\ProgramData\Malwarebytes
2012-04-13 21:58:40 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-13 21:53:36 ----D---- C:\Program Files (x86)\Geeks3D
2012-04-13 21:52:18 ----SHD---- C:\$RECYCLE.BIN
2012-04-13 14:36:00 ----A---- C:\ComboFix.txt
2012-04-13 14:15:44 ----A---- C:\Windows\zip.exe
2012-04-13 14:15:44 ----A---- C:\Windows\SWSC.exe
2012-04-13 14:15:44 ----A---- C:\Windows\SWREG.exe
2012-04-13 14:15:44 ----A---- C:\Windows\sed.exe
2012-04-13 14:15:44 ----A---- C:\Windows\PEV.exe
2012-04-13 14:15:44 ----A---- C:\Windows\NIRCMD.exe
2012-04-13 14:15:44 ----A---- C:\Windows\MBR.exe
2012-04-13 14:15:44 ----A---- C:\Windows\grep.exe
2012-04-13 14:15:37 ----D---- C:\Windows\ERDNT
2012-04-13 14:15:36 ----D---- C:\ComboFix
2012-04-13 14:15:17 ----D---- C:\Qoobox
2012-04-13 14:07:45 ----D---- C:\Program Files\CCleaner
2012-04-13 13:12:06 ----D---- C:\Program Files (x86)\HD Tune
2012-04-13 13:11:44 ----D---- C:\Program Files\CPUID
2012-04-13 13:11:44 ----A---- C:\Windows\system32\drivers\cpuz135_x64.sys
2012-04-12 14:49:29 ----A---- C:\Windows\system32\mshtmled.dll
2012-04-12 14:49:28 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-04-12 14:49:28 ----A---- C:\Windows\system32\iertutil.dll
2012-04-12 14:49:27 ----A---- C:\Windows\SYSWOW64\url.dll
2012-04-12 14:49:27 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-04-12 14:49:27 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-04-12 14:49:27 ----A---- C:\Windows\system32\url.dll
2012-04-12 14:49:27 ----A---- C:\Windows\system32\jscript9.dll
2012-04-12 14:49:26 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-04-12 14:49:26 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-04-12 14:49:26 ----A---- C:\Windows\system32\ieui.dll
2012-04-12 14:49:25 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-04-12 14:49:25 ----A---- C:\Windows\system32\urlmon.dll
2012-04-12 14:49:25 ----A---- C:\Windows\system32\jscript.dll
2012-04-12 14:49:24 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-04-12 14:49:24 ----A---- C:\Windows\system32\jsproxy.dll
2012-04-12 14:49:23 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-04-12 14:49:23 ----A---- C:\Windows\system32\wininet.dll
2012-04-12 14:49:21 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-04-12 14:49:20 ----A---- C:\Windows\system32\mshtml.dll
2012-04-12 14:49:19 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-04-12 14:49:17 ----A---- C:\Windows\system32\ieframe.dll
2012-04-12 14:48:46 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-04-12 14:48:45 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2012-04-12 14:48:45 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2012-04-12 14:46:48 ----A---- C:\Windows\SYSWOW64\imagehlp.dll
2012-04-12 14:46:48 ----A---- C:\Windows\system32\imagehlp.dll
2012-04-12 14:46:48 ----A---- C:\Windows\system32\drivers\fs_rec.sys
2012-04-12 14:46:46 ----A---- C:\Windows\SYSWOW64\wmi.dll
2012-04-12 14:46:46 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2012-04-12 14:46:46 ----A---- C:\Windows\system32\wmi.dll
2012-04-12 14:46:46 ----A---- C:\Windows\system32\wintrust.dll
2012-04-06 09:29:05 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe
2012-04-06 09:07:02 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2012-03-23 20:37:04 ----D---- C:\Users\GIUSEPPE\AppData\Roaming\Ulozto File Manager
2012-03-23 09:42:30 ----D---- C:\Users\GIUSEPPE\AppData\Roaming\Babylon
2012-03-23 09:42:30 ----D---- C:\ProgramData\Babylon
2012-03-16 20:08:11 ----D---- C:\Users\GIUSEPPE\AppData\Roaming\MAGIX
2012-03-16 20:05:38 ----A---- C:\Windows\SYSWOW64\TTIC32.dll
2012-03-16 20:05:38 ----A---- C:\Windows\SYSWOW64\TTI32.dll
2012-03-16 20:05:38 ----A---- C:\Windows\SYSWOW64\STRING32.dll
2012-03-16 20:05:38 ----A---- C:\Windows\SYSWOW64\MXRestore.exe
2012-03-16 20:05:38 ----A---- C:\Windows\SYSWOW64\mgxcdr.txt
2012-03-16 20:05:38 ----A---- C:\Windows\SYSWOW64\DLLTPO32.dll
2012-03-16 20:05:38 ----A---- C:\Windows\SYSWOW64\DLLRES32.dll
2012-03-16 20:05:38 ----A---- C:\Windows\SYSWOW64\DLLRD32.dll
2012-03-16 20:05:38 ----A---- C:\Windows\SYSWOW64\DLLPTL32.dll
2012-03-16 20:05:38 ----A---- C:\Windows\SYSWOW64\DLLPRJ32.dll
2012-03-16 20:05:38 ----A---- C:\Windows\SYSWOW64\DLLPRF32.dll
2012-03-16 20:05:38 ----A---- C:\Windows\SYSWOW64\DLLPNT32.dll
2012-03-16 20:05:38 ----A---- C:\Windows\SYSWOW64\DLLMSC32.dll
2012-03-16 20:05:38 ----A---- C:\Windows\SYSWOW64\DLLIX.dll
2012-03-16 20:05:38 ----A---- C:\Windows\SYSWOW64\DLLISO32.dll
2012-03-16 20:05:38 ----A---- C:\Windows\SYSWOW64\DLLIO32.dll
2012-03-16 20:05:37 ----A---- C:\Windows\SYSWOW64\DLLIMG32.dll
2012-03-16 20:05:37 ----A---- C:\Windows\SYSWOW64\DLLDRV32.dll
2012-03-16 20:05:37 ----A---- C:\Windows\SYSWOW64\DLLDIR32.dll
2012-03-16 20:05:37 ----A---- C:\Windows\SYSWOW64\DLLDEV32.dll
2012-03-16 20:05:37 ----A---- C:\Windows\SYSWOW64\DLLCPY32.dll
2012-03-16 20:05:37 ----A---- C:\Windows\SYSWOW64\DLLCDF32.dll
2012-03-16 20:05:37 ----A---- C:\Windows\SYSWOW64\DLLCDA32.dll
2012-03-16 20:05:37 ----A---- C:\Windows\SYSWOW64\DLLAV32.dll
2012-03-16 20:03:37 ----D---- C:\ProgramData\MAGIX
2012-03-16 20:02:46 ----D---- C:\Program Files (x86)\MAGIX
2012-03-16 20:02:46 ----A---- C:\Windows\SYSWOW64\DLLDEV32i.dll
2012-03-16 20:02:15 ----D---- C:\Windows\SYSWOW64\MAGIX
2012-03-16 20:02:15 ----A---- C:\Windows\SYSWOW64\mgxoschk.dll
2012-03-16 20:02:15 ----A---- C:\Windows\mgxoschk.ini
2012-03-16 19:50:39 ----D---- C:\ProgramData\TerraTec
2012-03-16 19:50:30 ----A---- C:\Windows\SYSWOW64\msvcr71.dll
2012-03-16 19:50:30 ----A---- C:\Windows\SYSWOW64\msvcp71.dll
2012-03-16 19:50:30 ----A---- C:\Windows\SYSWOW64\MFC71u.dll
2012-03-16 19:50:30 ----A---- C:\Windows\SYSWOW64\MFC71KOR.DLL
2012-03-16 19:50:30 ----A---- C:\Windows\SYSWOW64\MFC71JPN.DLL
2012-03-16 19:50:30 ----A---- C:\Windows\SYSWOW64\MFC71ITA.DLL
2012-03-16 19:50:30 ----A---- C:\Windows\SYSWOW64\MFC71FRA.DLL
2012-03-16 19:50:30 ----A---- C:\Windows\SYSWOW64\MFC71ESP.DLL
2012-03-16 19:50:30 ----A---- C:\Windows\SYSWOW64\MFC71ENU.DLL
2012-03-16 19:50:30 ----A---- C:\Windows\SYSWOW64\MFC71DEU.DLL
2012-03-16 19:50:29 ----A---- C:\Windows\SYSWOW64\MFC71CHT.DLL
2012-03-16 19:50:29 ----A---- C:\Windows\SYSWOW64\MFC71CHS.DLL
2012-03-16 19:50:29 ----A---- C:\Windows\SYSWOW64\MFC71.dll
2012-03-16 19:50:29 ----A---- C:\Windows\SYSWOW64\gdiplus.dll
2012-03-16 19:48:49 ----D---- C:\Users\GIUSEPPE\AppData\Roaming\TerraTec
2012-03-16 19:43:14 ----A---- C:\Windows\system32\drivers\emscan64.sys
2012-03-16 19:43:14 ----A---- C:\Windows\system32\drivers\emFilter64.sys
2012-03-16 19:43:14 ----A---- C:\Windows\system32\drivers\emDevice64.sys

======List of files/folders modified in the last 1 month======

2012-04-14 19:55:30 ----D---- C:\Windows\Prefetch
2012-04-14 19:55:25 ----RD---- C:\Program Files
2012-04-14 19:55:18 ----D---- C:\Windows\Temp
2012-04-14 19:53:26 ----D---- C:\Windows\system32\LogFiles
2012-04-14 19:26:59 ----D---- C:\Windows\system32\drivers
2012-04-14 19:22:25 ----D---- C:\Windows\system32\config
2012-04-14 16:45:42 ----AD---- C:\Windows
2012-04-14 16:34:14 ----D---- C:\Windows\system32\catroot
2012-04-14 15:05:19 ----SHD---- C:\System Volume Information
2012-04-14 14:21:51 ----RSD---- C:\Windows\assembly
2012-04-14 14:21:51 ----D---- C:\Windows\Microsoft.NET
2012-04-14 14:12:09 ----RD---- C:\Program Files (x86)
2012-04-14 14:12:09 ----D---- C:\ProgramData
2012-04-14 12:34:45 ----SD---- C:\Users\GIUSEPPE\AppData\Roaming\Microsoft
2012-04-14 12:13:54 ----RD---- C:\Users
2012-04-13 22:21:53 ----SD---- C:\ProgramData\Microsoft
2012-04-13 22:21:11 ----D---- C:\Windows\inf
2012-04-13 22:21:10 ----D---- C:\Windows\system32\DriverStore
2012-04-13 14:25:23 ----A---- C:\Windows\system.ini
2012-04-13 14:20:21 ----D---- C:\Windows\SYSWOW64\drivers
2012-04-13 14:20:21 ----D---- C:\Windows\SysWOW64
2012-04-13 14:20:21 ----D---- C:\Windows\System32
2012-04-13 14:20:20 ----D---- C:\Windows\AppPatch
2012-04-13 14:20:18 ----D---- C:\Program Files\Common Files
2012-04-13 14:20:18 ----D---- C:\Program Files (x86)\Common Files
2012-04-13 14:14:47 ----D---- C:\Windows\SoftwareDistribution
2012-04-13 14:08:52 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-04-13 14:08:37 ----D---- C:\Windows\Panther
2012-04-13 14:08:37 ----D---- C:\Windows\Logs
2012-04-13 14:08:37 ----D---- C:\Windows\debug
2012-04-13 13:52:08 ----D---- C:\Windows\system32\catroot2
2012-04-13 07:57:48 ----SHD---- C:\Windows\Installer
2012-04-13 07:54:28 ----D---- C:\Windows\winsxs
2012-04-13 07:53:13 ----D---- C:\Windows\SYSWOW64\migration
2012-04-13 07:53:13 ----D---- C:\Windows\system32\migration
2012-04-13 07:53:13 ----D---- C:\Program Files\Internet Explorer
2012-04-13 07:53:13 ----D---- C:\Program Files (x86)\Internet Explorer
2012-04-12 14:50:15 ----D---- C:\ProgramData\Microsoft Help
2012-04-12 14:47:06 ----A---- C:\Windows\system32\MRT.exe
2012-04-06 21:53:46 ----D---- C:\Users\GIUSEPPE\AppData\Roaming\ICQ
2012-04-06 09:07:03 ----D---- C:\Windows\Tasks
2012-04-06 09:07:03 ----D---- C:\Windows\system32\Tasks
2012-03-30 12:44:19 ----D---- C:\Program Files (x86)\Opera
2012-03-23 20:46:22 ----D---- C:\Program Files (x86)\QuickTime
2012-03-20 09:24:28 ----D---- C:\ProgramData\Apple Computer
2012-03-20 09:24:03 ----DC---- C:\Windows\system32\DRVSTORE
2012-03-19 08:47:13 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-03-16 20:15:24 ----D---- C:\Windows\twain_32
2012-03-16 20:07:59 ----RSD---- C:\Windows\Fonts
2012-03-16 19:49:49 ----HD---- C:\Program Files (x86)\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2011-07-21 123784]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2011-07-21 88288]
R2 cpuz135;cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2009-07-14 120320]
R3 atikmdag;atikmdag; C:\Windows\system32\drivers\atikmdag.sys [2009-07-13 5020672]
R3 rt70x64;ASUS RT2500 USB Wireless LAN Driver; C:\Windows\system32\DRIVERS\netr7064.sys [2006-12-27 308224]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 DCamUSBEMPIA;Grabster AV 350 service; C:\Windows\system32\DRIVERS\emDevice64.sys [2009-11-10 222016]
S3 FiltUSBEMPIA;USB Device Lower Filter; C:\Windows\system32\DRIVERS\emFilter64.sys [2009-11-10 12608]
S3 irsir;Microsoft Serial Infrared Driver; C:\Windows\system32\DRIVERS\irsir.sys [2008-01-19 27648]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver; C:\Windows\system32\DRIVERS\Rtnic64.sys [2009-06-10 51712]
S3 ScanUSBEMPIA;USB Still Image Capture Device; C:\Windows\system32\DRIVERS\emScan64.sys [2009-11-10 12352]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-07-21 269480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-02-19 1255736]

-----------------EOF-----------------

Zdravím!
Z tohoto logu nezjistíme nic, protože před ním byl dnes dělán sken ComboFix, který smazal veškeré stopy po případné infekci. Dejte log Combofix. Najdete ho v C:\combofix.txt .

Děkuji za pochopení a za pomoc...
Tady je log, který jsem našel


ComboFix 12-04-12.03 - GIUSEPPE 13.04.2012 14:17:23.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.1023.170 [GMT 2:00]
Spuštěný z: c:\users\GIUSEPPE\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\FunWebProducts
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-13 do 2012-04-13 )))))))))))))))))))))))))))))))
.
.
2012-04-13 12:25 . 2012-04-13 12:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-13 12:24 . 2012-04-13 12:24 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AAFB56CC-8742-4827-A983-FBF0126E8F64}\offreg.dll
2012-04-13 12:07 . 2012-04-13 12:07 -------- d-----w- c:\program files\CCleaner
2012-04-13 11:12 . 2012-04-13 11:12 -------- d-----w- c:\program files (x86)\HD Tune
2012-04-13 11:11 . 2012-04-13 11:11 -------- d-----w- c:\program files\CPUID
2012-04-13 11:11 . 2010-11-09 12:35 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x64.sys
2012-04-13 07:59 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AAFB56CC-8742-4827-A983-FBF0126E8F64}\mpengine.dll
2012-04-12 12:48 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 12:48 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 12:48 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 12:46 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 12:46 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 12:46 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 12:46 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 12:46 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 12:46 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 12:46 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 16:20 . 2012-04-11 16:20 -------- d-----w- c:\users\GIUSEPPE\AppData\Local\Google
2012-04-08 12:08 . 2012-04-08 12:08 -------- d-----w- c:\users\GIUSEPPE\AppData\Local\ElevatedDiagnostics
2012-04-06 07:29 . 2012-04-06 07:29 8767136 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-06 07:07 . 2012-04-06 07:29 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-03-23 18:37 . 2012-03-23 18:38 -------- d-----w- c:\users\GIUSEPPE\AppData\Roaming\Ulozto File Manager
2012-03-23 07:42 . 2012-03-23 07:42 -------- d-----w- c:\users\GIUSEPPE\AppData\Local\Babylon
2012-03-23 07:42 . 2012-03-23 07:42 -------- d-----w- c:\users\GIUSEPPE\AppData\Roaming\Babylon
2012-03-23 07:42 . 2012-03-23 07:42 -------- d-----w- c:\programdata\Babylon
2012-03-19 06:47 . 2012-03-19 06:47 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 06:47 . 2012-03-19 06:47 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-16 18:08 . 2012-03-16 18:08 -------- d-----w- c:\users\GIUSEPPE\AppData\Roaming\MAGIX
2012-03-16 18:03 . 2012-03-16 18:06 -------- d-----w- c:\programdata\MAGIX
2012-03-16 18:02 . 2012-03-16 18:06 -------- d-----w- c:\program files (x86)\MAGIX
2012-03-16 18:02 . 2007-04-27 09:43 120200 ----a-w- c:\windows\SysWow64\DLLDEV32i.dll
2012-03-16 18:02 . 2012-03-18 16:53 -------- d-----w- c:\windows\SysWow64\MAGIX
2012-03-16 18:02 . 2008-04-15 15:14 700416 ----a-w- c:\windows\SysWow64\mgxoschk.dll
2012-03-16 17:48 . 2012-03-16 17:48 -------- d-----w- c:\users\GIUSEPPE\AppData\Roaming\TerraTec
2012-03-16 17:43 . 2009-11-10 10:02 222016 ----a-w- c:\windows\system32\drivers\emDevice64.sys
2012-03-16 17:43 . 2009-11-10 10:02 12608 ----a-w- c:\windows\system32\drivers\emFilter64.sys
2012-03-16 17:43 . 2009-11-10 10:02 12352 ----a-w- c:\windows\system32\drivers\emscan64.sys
2012-03-16 17:43 . 2012-03-18 16:51 -------- d-----w- c:\program files (x86)\Common Files\TerraTec
2012-03-14 17:19 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 17:19 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 17:19 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-06 07:29 . 2011-09-26 14:51 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-24 09:38 . 2011-09-26 18:20 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-24 07:58 . 2012-02-24 07:58 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-02-23 08:18 . 2011-09-26 15:04 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-19 16:57 . 2011-09-29 06:53 14848 ----a-w- c:\windows\system32\slwga.dll
2012-02-19 16:57 . 2011-09-29 06:52 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2012-02-19 16:57 . 2011-09-29 06:53 419840 ----a-w- c:\windows\system32\systemcpl.dll
2012-02-19 16:57 . 2011-09-29 06:54 1008640 ----a-w- c:\windows\system32\user32.dll
2012-02-19 16:57 . 2011-09-29 06:54 833024 ----a-w- c:\windows\SysWow64\user32.dll
2012-02-17 06:38 . 2012-03-14 07:11 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 07:11 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 07:11 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 07:11 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-07 09:02 . 2012-02-07 09:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-01-25 06:38 . 2012-03-14 07:11 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 07:11 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 07:11 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2012-02-19 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2012-02-19 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"TrayServer"="c:\program files (x86)\MAGIX\Movies_on_DVD_7_TerraTec_Edition\TrayServer.exe" [2008-04-09 90112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 253600]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 07:29]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://home.sweetim.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 62.129.50.20 85.135.32.100
FF - ProfilePath - c:\users\GIUSEPPE\AppData\Roaming\Mozilla\Firefox\Profiles\k44056oj.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108602
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - f4318aee00000000000000161791bfc5
FF - user.js: extensions.BabylonToolbar_i.hardId - f4318aee00000000000000161791bfc5
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15422
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.178:42
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-DAP 10 Alpha - c:\program files (x86)\DAP10\DAP.EXE
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.032"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.abr"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ani"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.arw"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bay"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bmp"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bw"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cr2"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.crw"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cs1"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cur"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcr"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcx"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dib"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djv"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djvu"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dng"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.emf"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.eps"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.erf"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fff"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fpx"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.gif"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.hdr"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icl"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icn"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iff"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ilbm"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.int"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.inta"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iw4"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2c"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2k"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jbr"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jfif"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jif"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jp2"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpc"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpe"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpeg"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-1894224929-1496669272-3994426470-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpg"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpk"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpx"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.kdc"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.lbm"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mef"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mos"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mrw"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.nef"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.orf"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbm"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbr"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcd"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pct"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcx"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pef"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pgm"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pic"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pict"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pix"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.png"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ppm"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psd"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psp"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspbrush"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspimage"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raf"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ras"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raw"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgb"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgba"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rle"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rsb"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rw2"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sgi"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sr2"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.srf"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tga"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.thm"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tif"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tiff"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttc"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttf"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11o"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11p"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11pf"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbm"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbmp"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wmf"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xbm"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xif"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xmp"
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xpm"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-04-13 14:35:55
ComboFix-quarantined-files.txt 2012-04-13 12:35
.
Před spuštěním: Volných bajtů: 11 388 932 096
Po spuštění: Volných bajtů: 11 276 664 832
.
- - End Of File - - 9CEABCE9CAD71596790A06E05B86F728

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Folder::
c:\users\GIUSEPPE\AppData\Local\Babylon
c:\users\GIUSEPPE\AppData\Roaming\Babylon
c:\programdata\Babylon

Firefox::
FF - ProfilePath - c:\users\GIUSEPPE\AppData\Roaming\Mozilla\Firefox\Profiles\k44056oj.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108602
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - f4318aee00000000000000161791bfc5
FF - user.js: extensions.BabylonToolbar_i.hardId - f4318aee00000000000000161791bfc5
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15422
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.178:42
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

RegLock::
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Děkuji moc za pomoc.
Dočištěno dle instrukcí. Bohužel problém přetrvává. Po připojení z wi-fi na síťovou kartu( jak integrovanou, tak ve slotu PCI) a spuštění jakéhokoliv videa na youtube, následuje okamžité vypnutí PC.

ComboFix 12-04-12.03 - GIUSEPPE 14.04.2012 21:34:49.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.1023.257 [GMT 2:00]
Spuštěný z: c:\users\GIUSEPPE\Desktop\serviscomp\ComboFix.exe
Použité ovládací přepínače :: c:\users\GIUSEPPE\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Babylon
c:\users\GIUSEPPE\AppData\Local\Babylon
c:\users\GIUSEPPE\AppData\Local\Babylon\Setup\bab033.tbinst.dat
c:\users\GIUSEPPE\AppData\Local\Babylon\Setup\bab091.norecovericon.dat
c:\users\GIUSEPPE\AppData\Local\Babylon\Setup\Babylon.dat
c:\users\GIUSEPPE\AppData\Local\Babylon\Setup\BExternal-9.0.3.35.zpb
c:\users\GIUSEPPE\AppData\Local\Babylon\Setup\BExternal.dll
c:\users\GIUSEPPE\AppData\Local\Babylon\Setup\HtmlScreens\cmbx.png
c:\users\GIUSEPPE\AppData\Local\Babylon\Setup\HtmlScreens\common.js
c:\users\GIUSEPPE\AppData\Local\Babylon\Setup\HtmlScreens\eula.html
c:\users\GIUSEPPE\AppData\Local\Babylon\Setup\HtmlScreens\lngs.png
c:\users\GIUSEPPE\AppData\Local\Babylon\Setup\HtmlScreens\page1.css
c:\users\GIUSEPPE\AppData\Local\Babylon\Setup\HtmlScreens\page1.html
c:\users\GIUSEPPE\AppData\Local\Babylon\Setup\HtmlScreens\page1.js
c:\users\GIUSEPPE\AppData\Local\Babylon\Setup\HtmlScreens\page1Lrg.css
c:\users\GIUSEPPE\AppData\Local\Babylon\Setup\HtmlScreens\page2.css
c:\users\GIUSEPPE\AppData\Local\Babylon\Setup\HtmlScreens\page2.html
c:\users\GIUSEPPE\AppData\Local\Babylon\Setup\HtmlScreens\page2.js
c:\users\GIUSEPPE\AppData\Local\Babylon\Setup\HtmlScreens\page2Lrg.css
c:\users\GIUSEPPE\AppData\Local\Babylon\Setup\HtmlScreens\page9.html
c:\users\GIUSEPPE\AppData\Local\Babylon\Setup\HtmlScreens\pBar.gif
c:\users\GIUSEPPE\AppData\Local\Babylon\Setup\HtmlScreens\title1.png
c:\users\GIUSEPPE\AppData\Local\Babylon\Setup\HtmlScreens\title2.png
c:\users\GIUSEPPE\AppData\Local\Babylon\Setup\HtmlScreens\toolBar.jpg
c:\users\GIUSEPPE\AppData\Local\Babylon\Setup\HtmlScreens\vIcn.png
c:\users\GIUSEPPE\AppData\Local\Babylon\Setup\IECookieLow.dll
c:\users\GIUSEPPE\AppData\Local\Babylon\Setup\Setup-tbmntr903-9.0.3.35.zpb
c:\users\GIUSEPPE\AppData\Local\Babylon\Setup\Setup.exe
c:\users\GIUSEPPE\AppData\Local\Babylon\Setup\SetupStrings.dat
c:\users\GIUSEPPE\AppData\Local\Babylon\Setup\sqlite3.dll
c:\users\GIUSEPPE\AppData\Roaming\Babylon
c:\users\GIUSEPPE\AppData\Roaming\Babylon\log_file.txt
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-14 do 2012-04-14 )))))))))))))))))))))))))))))))
.
.
2012-04-14 19:44 . 2012-04-14 19:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-14 17:55 . 2012-04-14 17:55 -------- d-----w- c:\program files\trend micro
2012-04-14 17:55 . 2012-04-14 17:55 -------- d-----w- C:\rsit
2012-04-14 10:30 . 2012-04-14 10:30 -------- d-----w- c:\programdata\McAfee
2012-04-14 10:13 . 2012-04-14 10:14 -------- d-----w- c:\users\Admin
2012-04-13 20:26 . 2012-04-13 20:26 -------- d-----w- c:\program files (x86)\Driver-Soft
2012-04-13 20:02 . 2012-04-13 20:02 -------- d-----w- c:\users\GIUSEPPE\AppData\Roaming\Malwarebytes
2012-04-13 19:58 . 2012-04-13 19:58 -------- d-----w- c:\programdata\Malwarebytes
2012-04-13 19:58 . 2012-04-14 14:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-13 19:53 . 2012-04-13 19:53 -------- d-----w- c:\program files (x86)\Geeks3D
2012-04-13 12:07 . 2012-04-13 12:07 -------- d-----w- c:\program files\CCleaner
2012-04-13 11:12 . 2012-04-13 11:12 -------- d-----w- c:\program files (x86)\HD Tune
2012-04-13 11:11 . 2012-04-13 11:11 -------- d-----w- c:\program files\CPUID
2012-04-13 11:11 . 2010-11-09 12:35 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x64.sys
2012-04-13 07:59 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AAFB56CC-8742-4827-A983-FBF0126E8F64}\mpengine.dll
2012-04-12 12:48 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 12:48 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 12:48 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 12:46 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 12:46 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 12:46 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 12:46 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 12:46 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 12:46 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 12:46 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 16:20 . 2012-04-11 16:20 -------- d-----w- c:\users\GIUSEPPE\AppData\Local\Google
2012-04-08 12:08 . 2012-04-08 12:08 -------- d-----w- c:\users\GIUSEPPE\AppData\Local\ElevatedDiagnostics
2012-04-06 07:29 . 2012-04-14 10:29 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-06 07:07 . 2012-04-14 10:30 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-03-23 18:37 . 2012-03-23 18:38 -------- d-----w- c:\users\GIUSEPPE\AppData\Roaming\Ulozto File Manager
2012-03-19 06:47 . 2012-03-19 06:47 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 06:47 . 2012-03-19 06:47 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-16 18:08 . 2012-03-16 18:08 -------- d-----w- c:\users\GIUSEPPE\AppData\Roaming\MAGIX
2012-03-16 18:03 . 2012-03-16 18:06 -------- d-----w- c:\programdata\MAGIX
2012-03-16 18:02 . 2012-03-16 18:06 -------- d-----w- c:\program files (x86)\MAGIX
2012-03-16 18:02 . 2007-04-27 09:43 120200 ----a-w- c:\windows\SysWow64\DLLDEV32i.dll
2012-03-16 18:02 . 2012-03-18 16:53 -------- d-----w- c:\windows\SysWow64\MAGIX
2012-03-16 18:02 . 2008-04-15 15:14 700416 ----a-w- c:\windows\SysWow64\mgxoschk.dll
2012-03-16 17:48 . 2012-03-16 17:48 -------- d-----w- c:\users\GIUSEPPE\AppData\Roaming\TerraTec
2012-03-16 17:43 . 2009-11-10 10:02 222016 ----a-w- c:\windows\system32\drivers\emDevice64.sys
2012-03-16 17:43 . 2009-11-10 10:02 12608 ----a-w- c:\windows\system32\drivers\emFilter64.sys
2012-03-16 17:43 . 2009-11-10 10:02 12352 ----a-w- c:\windows\system32\drivers\emscan64.sys
2012-03-16 17:43 . 2012-03-18 16:51 -------- d-----w- c:\program files (x86)\Common Files\TerraTec
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 10:30 . 2011-09-26 14:51 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-24 09:38 . 2011-09-26 18:20 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-24 07:58 . 2012-02-24 07:58 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-02-23 08:18 . 2011-09-26 15:04 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-19 16:57 . 2011-09-29 06:53 14848 ----a-w- c:\windows\system32\slwga.dll
2012-02-19 16:57 . 2011-09-29 06:52 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2012-02-19 16:57 . 2011-09-29 06:53 419840 ----a-w- c:\windows\system32\systemcpl.dll
2012-02-19 16:57 . 2011-09-29 06:54 1008640 ----a-w- c:\windows\system32\user32.dll
2012-02-19 16:57 . 2011-09-29 06:54 833024 ----a-w- c:\windows\SysWow64\user32.dll
2012-02-17 06:38 . 2012-03-14 07:11 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 07:11 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 07:11 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 07:11 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 17:19 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 17:19 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-07 09:02 . 2012-02-07 09:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34 . 2012-03-14 17:19 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 06:38 . 2012-03-14 07:11 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 07:11 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 07:11 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2012-02-19 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2012-02-19 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-04-13_12.25.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-04-14 10:29 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-09 15:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-09 15:34 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-14 10:29 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-09 15:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-14 10:29 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-26 14:48 . 2012-04-14 17:28 34324 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-14 17:54 34084 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-26 12:06 . 2012-04-14 17:54 10468 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1894224929-1496669272-3994426470-1000_UserData.bin
- 2011-11-21 08:36 . 2011-11-21 08:33 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
+ 2011-11-21 08:36 . 2012-04-14 17:26 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
+ 2009-07-14 05:30 . 2012-04-14 17:27 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2012-04-13 11:47 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-06-10 20:35 . 2009-06-10 20:35 51712 c:\windows\system32\drivers\Rtnic64.sys
- 2011-09-26 11:58 . 2012-04-13 12:17 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-26 11:58 . 2012-04-14 15:18 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-26 11:58 . 2012-04-14 15:18 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-09-26 11:58 . 2012-04-13 12:17 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-13 12:17 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-14 15:18 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-04-13 11:10 . 2012-04-13 12:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-14 19:45 . 2012-04-14 19:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-14 19:45 . 2012-04-14 19:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-13 11:10 . 2012-04-13 12:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-14 10:29 . 2012-04-14 10:30 353440 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_Plugin.exe
+ 2012-04-13 20:29 . 2012-04-13 20:29 353440 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
+ 2012-04-13 20:29 . 2012-04-13 20:29 424608 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.dll
+ 2012-04-06 07:07 . 2012-04-14 10:30 253088 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-04-14 10:29 . 2012-04-14 10:29 630944 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_233_Plugin.exe
+ 2012-04-13 20:29 . 2012-04-13 20:29 630944 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_233_ActiveX.exe
+ 2012-04-13 20:29 . 2012-04-13 20:29 462496 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_233_ActiveX.dll
+ 2009-07-14 05:30 . 2012-04-14 17:27 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-04-13 11:47 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-03-20 07:30 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-04-13 20:21 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-29 14:59 . 2009-07-29 14:59 305152 c:\windows\system32\DriverStore\FileRepository\netr7364.inf_amd64_neutral_b499172e98c6ecc2\RaCoInstx.dll
+ 2009-07-29 15:21 . 2009-07-29 15:21 717312 c:\windows\system32\DriverStore\FileRepository\netr7364.inf_amd64_neutral_b499172e98c6ecc2\netr7364.sys
+ 2007-05-11 16:40 . 2007-05-11 16:40 412672 c:\windows\system32\DriverStore\FileRepository\netr7364.inf_amd64_neutral_750691674e487d54\netr7364.sys
+ 2006-12-27 15:41 . 2006-12-27 15:41 308224 c:\windows\system32\DriverStore\FileRepository\netr7064.inf_amd64_neutral_2922dc9e1c935105\netr7064.sys
+ 2006-12-27 15:41 . 2006-12-27 15:41 308224 c:\windows\system32\drivers\netr7064.sys
+ 2009-07-14 04:46 . 2012-04-14 10:51 101616 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:46 . 2012-04-03 06:17 101616 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 05:01 . 2012-04-14 19:44 297460 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-13 08:19 297460 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-14 14:34 . 2012-04-14 14:34 433560 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1894224929-1496669272-3994426470-1003-4096.dat
+ 2012-04-14 10:29 . 2012-04-14 10:30 8797344 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
+ 2009-07-14 04:45 . 2012-04-13 20:11 7106385 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-03-26 12:27 7106385 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2011-10-28 19:24 . 2012-03-23 20:42 1079556 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1894224929-1496669272-3994426470-1000-12288.dat
+ 2011-10-28 19:24 . 2012-04-14 14:34 1079556 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1894224929-1496669272-3994426470-1000-12288.dat
+ 2012-04-14 10:29 . 2012-04-14 10:29 11589280 c:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"DAP 10 Alpha"="c:\program files (x86)\DAP10\DAP.EXE" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"TrayServer"="c:\program files (x86)\MAGIX\Movies_on_DVD_7_TerraTec_Edition\TrayServer.exe" [2008-04-09 90112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S3 rt70x64;ASUS RT2500 USB Wireless LAN Driver;c:\windows\system32\DRIVERS\netr7064.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 10:30]
.
.
--------- x86-64 -----------
.
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://home.sweetim.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 62.129.50.20 85.135.32.100
FF - ProfilePath - c:\users\GIUSEPPE\AppData\Roaming\Mozilla\Firefox\Profiles\k44056oj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.seznam.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-TaskTray - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1894224929-1496669272-3994426470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttc"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
.
**************************************************************************
.
Celkový čas: 2012-04-14 21:55:44 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-14 19:55
ComboFix2.txt 2012-04-13 12:36
.
Před spuštěním: Volných bajtů: 11 376 029 696
Po spuštění: Volných bajtů: 11 318 894 592
.
- - End Of File - - D309ABCFB5BB5DF6DE98693C1CC0A518

Log vypadá OK. Tady zřejmě nejde o virový problém, nýbrž problém systému. Co jste instaloval těsně před tím, než se problém objevil?

Bohužel PC není můj a na kontaktování majitele je již pozdě. Stejně pochybuji, že by věděl, co posledního instaloval. Pokusím se odebrat co půjde. Prozatím MOC děkuji za veškerou pomoc a přeji dobrou noc.
Pokud zjistím něco nového, tak se s dovolením zítra ozvu.

Děkuji

Zatím nemáte zač!