log z Combofix - prosím o kontrolu

[m.b.]

AComboFix 12-10-14.03 - milda 15.10.2012 17:23:38.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.4094.2410 [GMT 2:00]
Spuštěný z: c:\users\milda\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\404Fix.exe
c:\windows\SysWow64\Agent.OMZ.Fix.exe
c:\windows\SysWow64\dumphive.exe
c:\windows\SysWow64\IEDFix.C.exe
c:\windows\SysWow64\IEDFix.exe
c:\windows\SysWow64\o4Patch.exe
c:\windows\SysWow64\SrchSTS.exe
c:\windows\SysWow64\tmp.reg
c:\windows\SysWow64\VACFix.exe
c:\windows\SysWow64\VCCLSID.exe
c:\windows\SysWow64\WS2Fix.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-15 do 2012-10-15 )))))))))))))))))))))))))))))))
.
.
2012-10-15 15:42 . 2012-10-15 15:42 -------- d-----w- c:\users\milda\AppData\Local\temp
2012-10-15 15:42 . 2012-10-15 15:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-15 15:42 . 2012-10-15 15:42 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-10-14 19:39 . 2012-10-14 19:39 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-10-14 19:39 . 2012-10-14 19:38 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-10-14 19:38 . 2012-10-14 19:38 -------- d-----w- c:\program files (x86)\Java
2012-10-14 19:31 . 2012-10-14 19:31 -------- d-----w- c:\programdata\McAfee
2012-10-12 11:38 . 2012-10-12 11:38 -------- d-----w- c:\programdata\ATI
2012-10-12 11:38 . 2012-10-12 11:38 -------- d-----w- c:\program files (x86)\AMD APP
2012-10-09 17:35 . 2012-06-02 00:20 1268736 ----a-w- c:\windows\system32\crypt32.dll
2012-10-09 17:35 . 2012-06-02 00:20 174592 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-09 17:35 . 2012-06-02 00:20 132096 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-09 17:35 . 2012-06-02 00:02 985088 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-09 17:35 . 2012-06-02 00:02 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-09 17:35 . 2012-06-02 00:02 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-09 17:35 . 2012-09-13 13:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-09 17:35 . 2012-09-13 13:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-09 17:35 . 2012-08-24 16:07 218624 ----a-w- c:\windows\system32\wintrust.dll
2012-10-09 17:35 . 2012-08-24 15:53 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-09 17:35 . 2012-08-29 11:40 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-09-26 18:46 . 2012-08-08 17:50 43680 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2012-09-26 18:39 . 2012-10-03 05:45 -------- d-----w- c:\windows\system32\drivers\N360x64\1401010.002
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-15 07:03 . 2012-04-04 18:39 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-15 07:03 . 2011-05-20 04:18 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-14 19:38 . 2010-08-28 07:25 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-14 17:28 . 2009-10-27 20:38 111928 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-10-09 17:37 . 2006-11-02 12:35 65309168 ----a-w- c:\windows\system32\mrt.exe
2012-09-26 18:41 . 2011-03-31 18:19 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-09-13 23:03 . 2012-07-28 04:09 5557416 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-09-13 23:01 . 2012-09-13 23:01 10695168 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-09-13 22:46 . 2012-09-13 22:46 23825920 ----a-w- c:\windows\system32\atio6axx.dll
2012-09-13 22:46 . 2012-09-13 22:46 70144 ----a-w- c:\windows\system32\coinst_9.001.dll
2012-09-13 22:42 . 2012-09-13 22:42 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-09-13 22:40 . 2012-09-13 22:40 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-09-13 22:40 . 2012-09-13 22:40 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-09-13 22:40 . 2012-09-13 22:40 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-09-13 22:40 . 2012-09-13 22:40 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-09-13 22:40 . 2012-09-13 22:40 16082432 ----a-w- c:\windows\system32\aticaldd64.dll
2012-09-13 22:36 . 2012-09-13 22:36 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-09-13 22:27 . 2012-07-28 02:15 934912 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-09-13 22:27 . 2012-09-13 22:27 19624960 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-09-13 22:25 . 2012-09-13 22:25 1120768 ----a-w- c:\windows\system32\aticfx64.dll
2012-09-13 22:23 . 2012-07-28 02:07 6477824 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-09-13 22:19 . 2012-09-13 22:19 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-09-13 22:19 . 2012-09-13 22:19 536064 ----a-w- c:\windows\system32\atieclxx.exe
2012-09-13 22:18 . 2012-09-13 22:18 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-09-13 22:17 . 2012-09-13 22:17 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-09-13 22:17 . 2012-09-13 22:17 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-09-13 22:16 . 2012-09-13 22:16 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-09-13 22:16 . 2012-09-13 22:16 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-09-13 22:13 . 2012-09-13 22:13 3127296 ----a-w- c:\windows\system32\atiumd6a.dll
2012-09-13 22:08 . 2012-09-13 22:08 7107072 ----a-w- c:\windows\system32\atidxx64.dll
2012-09-13 22:06 . 2012-09-13 22:06 6704128 ----a-w- c:\windows\system32\atiumd64.dll
2012-09-13 22:05 . 2012-07-28 01:32 2691584 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-09-13 21:56 . 2012-09-13 21:56 595456 ----a-w- c:\windows\system32\atiadlxx.dll
2012-09-13 21:56 . 2012-09-13 21:56 405504 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-09-13 21:56 . 2012-09-13 21:56 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-09-13 21:56 . 2012-09-13 21:56 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-09-13 21:56 . 2012-09-13 21:56 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-09-13 21:55 . 2012-09-13 21:55 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-09-13 21:55 . 2012-09-13 21:55 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-09-13 21:55 . 2012-09-13 21:55 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-09-13 21:55 . 2012-09-13 21:55 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-09-13 21:55 . 2012-09-13 21:55 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-09-13 21:55 . 2012-09-13 21:55 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-09-13 21:55 . 2012-09-13 21:55 459776 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-09-13 21:54 . 2012-09-13 21:54 129536 ----a-w- c:\windows\system32\atiuxp64.dll
2012-09-13 21:54 . 2012-07-28 01:13 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-09-13 21:54 . 2010-12-05 10:28 103424 ----a-w- c:\windows\system32\atiu9p64.dll
2012-09-13 21:53 . 2012-07-28 01:13 82944 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-09-13 21:53 . 2010-12-05 10:28 45056 ----a-w- c:\windows\system32\atitmp64.dll
2012-09-13 21:53 . 2012-09-13 21:53 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-09-13 16:47 . 2012-09-13 16:47 221696 ----a-w- c:\windows\system32\clinfo.exe
2012-09-13 16:46 . 2012-09-13 16:46 75776 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-09-13 16:46 . 2012-09-13 16:46 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-09-13 16:46 . 2012-09-13 16:46 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-09-13 16:46 . 2012-09-13 16:46 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-09-13 16:46 . 2012-09-13 16:46 32635904 ----a-w- c:\windows\system32\amdocl64.dll
2012-09-13 16:42 . 2012-09-13 16:42 27341824 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-07-28 02:10 . 2012-07-28 02:10 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"HP Photosmart 5510 series (NET)"="c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" [2011-09-16 2676584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-02-10 2770432]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\milda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Sledovat výstrahy inkoustu - HP Photosmart 5510 series (Síť).lnk - c:\windows\system32\RunDll32.exe [2006-11-2 46592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-15 250808]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 07:03]
.
2012-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-799720458-3794550435-3954298393-1000Core.job
- c:\users\milda\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-25 18:23]
.
2012-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-799720458-3794550435-3954298393-1000UA.job
- c:\users\milda\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-25 18:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\SYSTEM32\blank.htm
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
mLocal Page = c:\windows\SYSTEM32\blank.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{ECF7FB3A-D8A2-425D-96E1-48D4E5283C8A}: NameServer = 193.85.1.100,193.85.2.100
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.1.1.2\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.1.1.2\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2012-10-15 17:45:50
ComboFix-quarantined-files.txt 2012-10-15 15:45
.
Před spuštěním: Volných bajtů: 36 982 657 024
Po spuštění: Volných bajtů: 36 909 871 104
.
- - End Of File - - 199A19142DFA646B6786AB78EAC558C4

[Rudy]

Proč spouštíte ComboFix, utilitu určenou odborníkům, bez předchozí kontroly logu RSIT, nebo konzultace s rádcem? Chcete si zbořit systém?

Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

File::
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-799720458-3794550435-3954298393-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-799720458-3794550435-3954298393-1000UA.job

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[m.b.]

Rudo sypu si popel na hlavu.. děkuji za pomoc a posílám:

ComboFix 12-10-14.03 - milda 15.10.2012 19:58:20.2.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.4094.2325 [GMT 2:00]
Spuštěný z: C:\Users\milda\Desktop\ComboFix.exe
Použité ovládací přepínače :: C:\Users\milda\Desktop\CFScript.txt..txt
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-799720458-3794550435-3954298393-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-799720458-3794550435-3954298393-1000UA.job"

[m.b.]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:35:17, on 15.10.2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton 360\Engine\20.1.1.2\ccSvcHst.exe
C:\Users\milda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\milda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\milda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\milda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\milda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\milda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\milda\Desktop\hijackthis.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... x_homepage
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.1.1.2\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.1.1.2\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.1.1.2\coIEPlg.dll
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{ECF7FB3A-D8A2-425D-96E1-48D4E5283C8A}: NameServer = 193.85.1.100,193.85.2.100
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Služba brány aplikačního rozhraní (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AMD RAIDXpert (AMD_RAIDXpert) - AMD - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
O23 - Service: AODService - Unknown owner - C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM - C:\ASUS.SYS\config\DVMExportService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Koordinátor distribuovaných transakcí (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\20.1.1.2\ccSvcHst.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7221 bytes

[Rudy]

Teď už dejte poslední log CF. HiajckThis je po předchozím spuštění CF k ničemu.

[m.b.]

ComboFix 12-10-15.02 - milda 16.10.2012 6:07.3.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.4094.2580 [GMT 2:00]
Spuštěný z: c:\users\milda\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-16 do 2012-10-16 )))))))))))))))))))))))))))))))
.
.
2012-10-16 04:26 . 2012-10-16 04:26 -------- d-----w- c:\users\milda\AppData\Local\temp
2012-10-16 04:26 . 2012-10-16 04:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-16 04:26 . 2012-10-16 04:26 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-10-15 19:41 . 2012-10-15 19:41 -------- d-----w- c:\windows\system32\0405
2012-10-15 19:41 . 2012-10-15 19:41 -------- d-----w- C:\inetpub
2012-10-15 17:46 . 2012-10-16 04:04 -------- d-----w- C:\32788R22FWJFW
2012-10-14 19:39 . 2012-10-14 19:39 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-10-14 19:39 . 2012-10-14 19:38 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-10-14 19:38 . 2012-10-14 19:38 -------- d-----w- c:\program files (x86)\Java
2012-10-14 19:31 . 2012-10-14 19:31 -------- d-----w- c:\programdata\McAfee
2012-10-12 11:38 . 2012-10-12 11:38 -------- d-----w- c:\programdata\ATI
2012-10-12 11:38 . 2012-10-12 11:38 -------- d-----w- c:\program files (x86)\AMD APP
2012-10-09 17:35 . 2012-06-02 00:20 1268736 ----a-w- c:\windows\system32\crypt32.dll
2012-10-09 17:35 . 2012-06-02 00:20 174592 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-09 17:35 . 2012-06-02 00:20 132096 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-09 17:35 . 2012-06-02 00:02 985088 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-09 17:35 . 2012-06-02 00:02 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-09 17:35 . 2012-06-02 00:02 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-09 17:35 . 2012-09-13 13:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-09 17:35 . 2012-09-13 13:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-09 17:35 . 2012-08-24 16:07 218624 ----a-w- c:\windows\system32\wintrust.dll
2012-10-09 17:35 . 2012-08-24 15:53 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-09 17:35 . 2012-08-29 11:40 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-09-26 18:46 . 2012-08-08 17:50 43680 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2012-09-26 18:39 . 2012-10-03 05:45 -------- d-----w- c:\windows\system32\drivers\N360x64\1401010.002
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-15 07:03 . 2012-04-04 18:39 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-15 07:03 . 2011-05-20 04:18 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-14 19:38 . 2010-08-28 07:25 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-14 17:28 . 2009-10-27 20:38 111928 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-10-09 17:37 . 2006-11-02 12:35 65309168 ----a-w- c:\windows\system32\mrt.exe
2012-09-26 18:41 . 2011-03-31 18:19 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-09-13 23:03 . 2012-07-28 04:09 5557416 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-09-13 23:01 . 2012-09-13 23:01 10695168 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-09-13 22:46 . 2012-09-13 22:46 23825920 ----a-w- c:\windows\system32\atio6axx.dll
2012-09-13 22:46 . 2012-09-13 22:46 70144 ----a-w- c:\windows\system32\coinst_9.001.dll
2012-09-13 22:42 . 2012-09-13 22:42 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-09-13 22:40 . 2012-09-13 22:40 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-09-13 22:40 . 2012-09-13 22:40 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-09-13 22:40 . 2012-09-13 22:40 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-09-13 22:40 . 2012-09-13 22:40 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-09-13 22:40 . 2012-09-13 22:40 16082432 ----a-w- c:\windows\system32\aticaldd64.dll
2012-09-13 22:36 . 2012-09-13 22:36 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-09-13 22:27 . 2012-07-28 02:15 934912 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-09-13 22:27 . 2012-09-13 22:27 19624960 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-09-13 22:25 . 2012-09-13 22:25 1120768 ----a-w- c:\windows\system32\aticfx64.dll
2012-09-13 22:23 . 2012-07-28 02:07 6477824 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-09-13 22:19 . 2012-09-13 22:19 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-09-13 22:19 . 2012-09-13 22:19 536064 ----a-w- c:\windows\system32\atieclxx.exe
2012-09-13 22:18 . 2012-09-13 22:18 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-09-13 22:17 . 2012-09-13 22:17 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-09-13 22:17 . 2012-09-13 22:17 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-09-13 22:16 . 2012-09-13 22:16 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-09-13 22:16 . 2012-09-13 22:16 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-09-13 22:13 . 2012-09-13 22:13 3127296 ----a-w- c:\windows\system32\atiumd6a.dll
2012-09-13 22:08 . 2012-09-13 22:08 7107072 ----a-w- c:\windows\system32\atidxx64.dll
2012-09-13 22:06 . 2012-09-13 22:06 6704128 ----a-w- c:\windows\system32\atiumd64.dll
2012-09-13 22:05 . 2012-07-28 01:32 2691584 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-09-13 21:56 . 2012-09-13 21:56 595456 ----a-w- c:\windows\system32\atiadlxx.dll
2012-09-13 21:56 . 2012-09-13 21:56 405504 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-09-13 21:56 . 2012-09-13 21:56 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-09-13 21:56 . 2012-09-13 21:56 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-09-13 21:56 . 2012-09-13 21:56 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-09-13 21:55 . 2012-09-13 21:55 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-09-13 21:55 . 2012-09-13 21:55 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-09-13 21:55 . 2012-09-13 21:55 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-09-13 21:55 . 2012-09-13 21:55 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-09-13 21:55 . 2012-09-13 21:55 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-09-13 21:55 . 2012-09-13 21:55 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-09-13 21:55 . 2012-09-13 21:55 459776 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-09-13 21:54 . 2012-09-13 21:54 129536 ----a-w- c:\windows\system32\atiuxp64.dll
2012-09-13 21:54 . 2012-07-28 01:13 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-09-13 21:54 . 2010-12-05 10:28 103424 ----a-w- c:\windows\system32\atiu9p64.dll
2012-09-13 21:53 . 2012-07-28 01:13 82944 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-09-13 21:53 . 2010-12-05 10:28 45056 ----a-w- c:\windows\system32\atitmp64.dll
2012-09-13 21:53 . 2012-09-13 21:53 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-09-13 16:47 . 2012-09-13 16:47 221696 ----a-w- c:\windows\system32\clinfo.exe
2012-09-13 16:46 . 2012-09-13 16:46 75776 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-09-13 16:46 . 2012-09-13 16:46 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-09-13 16:46 . 2012-09-13 16:46 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-09-13 16:46 . 2012-09-13 16:46 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-09-13 16:46 . 2012-09-13 16:46 32635904 ----a-w- c:\windows\system32\amdocl64.dll
2012-09-13 16:42 . 2012-09-13 16:42 27341824 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-07-28 02:10 . 2012-07-28 02:10 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-15 250808]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\SYSTEM32\blank.htm
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
mLocal Page = c:\windows\SYSTEM32\blank.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{ECF7FB3A-D8A2-425D-96E1-48D4E5283C8A}: NameServer = 193.85.1.100,193.85.2.100
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.1.1.2\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.1.1.2\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Celkový čas: 2012-10-16 06:29:45
ComboFix-quarantined-files.txt 2012-10-16 04:29
ComboFix2.txt 2012-10-15 15:45
.
Před spuštěním: Volných bajtů: 35 058 970 624
Po spuštění: Volných bajtů: 34 888 028 160
.
- - End Of File - - 62719012487F0A926A0CE02B2312230D

[Rudy]

Log již vypadá OK.

[m.b.]

I když jsme se zbavili nějaké havěti, PC se mi stále vypíná cca.10 - 15 minut...(děkuji za pokyny!!)

[Rudy]

Stáhněte SpeedFan: http://www.stahuj.centrum.cz/utility_a_ ... /speedfan/ . Nainstalujte, spusťte a v průběhu chodu kontrolujte teploty komponent. Neměly by trvale překračovat 65°C (u NB 70°C).

[m.b.]

teploty jsou ok, ale byly to spuštěné úlohy (přes 82 úloh...) Takže zdravím do Plzně a děkuji!!!

[Rudy]

OK, i toto je možné. Nemáte zač!

[m.b.]

Zdravím, nedalo mi to a ještě jsem zkusil RogueKiller a zde je log.Děkuji!RogueKiller V8.2.0 [10/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Operační systém: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Spuštěno v : Normální režim
Uživatel : milda [Práva správce]
Mód : Kontrola -- Datum : 10/23/2012 19:33:01

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 9 ¤¤¤
[STARTUP][BLACKLIST DLL] Sledovat výstrahy inkoustu - HP Photosmart 5510 series (Síť).lnk @milda : C:\Windows\system32\RunDll32.exe|"C:\Program Files\HP\HP Photosmart 5510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN1BU25C3K05NR;CONNECTION=NW;MONITOR=1; -> NALEZENO
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{ECF7FB3A-D8A2-425D-96E1-48D4E5283C8A} : NameServer (193.85.1.100,193.85.2.100) -> NALEZENO
[DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{ECF7FB3A-D8A2-425D-96E1-48D4E5283C8A} : NameServer (193.85.1.100,193.85.2.100) -> NALEZENO
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> NALEZENO
[HJ] HKLM\[...]\System : EnableLUA (0) -> NALEZENO
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: HDS722516VLSA80 ATA Device +++++
--- User ---
[MBR] d5145efd1f66a53a368e4e0e948cb606
[BSP] 0e8667bab8c11e20a1260a744e6bddf7 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 131061 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD600BB-00CAA1 ATA Device +++++
--- User ---
[MBR] ef8699ce362e7edd78feee35025ed747
[BSP] 40806424bdbee105d55708950955e317 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 57231 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[1].txt >>
RKreport[1].txt

[Rudy]

Také zdravím!
Log vypadá OK.

[m.b.]

Děkuji!

[Rudy]

Nemáte zač!