VIRY.CZ

Dobrý den.
Prosim o radu a zkontrolovani logu. Asi tak pred pul rokem jsem necekane chytil nejaky zakerny vir. Okamzite byl v celem PC a antivir AVG mu v tom moc nezabranilo. Docela mne to vydesilo, protoze avg zahlasilo, dal jsem zablokovat a s PC uz neslo skora pracovat a po restartu se uz hlasil. Bohuzel uz si nepamatuji jak se jmenoval. Okamzite jsem se pustil do pokusu o odvirovani. Bohuzel ani ruzna resourse antivir CD si s tim plne neporadila. Nakonec jsem se do odstranovani souboru pustil rucne. Na prvni pohled se zdalo ze rucni odmazani souboru viru a jeho zaznamu pomohlo. System od te doby slape, avsak s jednim problemem. Na to jak mam velkou ram pamet (16Gb), tak se mi behem 3 denniho provozu PC dokaze zcela zaplnit. Toto se mi deje od te nakazy a pokusu o odvirovani. Prosim o kontrolu a pripadnou radu s dalsi haveti. Prikladam log z RSIT a prosincovi log z Combofixu. Predem dekuji za rady

Logfile of random's system information tool 1.09 (written by random/random)
Run by Tomas at 2013-05-03 03:20:03
Microsoft Windows 7 Ultimate
System drive C: has 80 GB (28%) free of 286 GB
Total RAM: 16364 MB (7% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:20:08, on 3.5.2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.17153)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Program Files (x86)\Rohos\ntserv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
C:\Windows\SysWOW64\ASDR.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Common Files\BinarySense\hldasvc.exe
C:\Program Files (x86)\Common Files\BinarySense\hldasvc.exe
C:\Windows\SysWOW64\NPSService.exe
C:\Program Files (x86)\Powerware\Shutdown Agent\pwagsrvc.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\WiselinkPro.exe
C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\http_ss_win_pro.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\vsnpstd3.exe
C:\Program Files (x86)\Sticky Password\stpass.exe
C:\Windows\OETRN.EXE
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files (x86)\Clip2Net\clip2net.exe
C:\Program Files (x86)\Free Download Manager\fdm.exe
C:\Program Files (x86)\Creative\Shared Files\CTSched.exe
C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe
C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
c:\program files (x86)\teamviewer\version8\TeamViewer_Desktop.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\trend micro\Tomas.exe

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

Pokracovani logu RSIT:

======List of files/folders created in the last 3 months======

2013-05-03 02:44:12 ----D---- C:\rsit
-----------------EOF-----------------

Log z prosince aplikace Combofix:

ComboFix 12-12-25.02 - Tomas 26.12.2012 21:06:47.3.8 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.16364.13236 [GMT 1:00]
Spuštěný z: c:\users\Tomas\Desktop\ComboFix.exe
AV: AVG Anti-Virus 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tomas\AppData\Local\Temp\c25e8b3d-33a7-42bf-85e6-6880c6753136\CliSecureRT.dll
C:\win32.exe
c:\windows\SysWow64\update
c:\windows\SysWow64\update\diablo121016.cl
c:\windows\SysWow64\update\diakgcn121016.cl
c:\windows\SysWow64\update\libcurl-4.dll
c:\windows\SysWow64\update\libeay32.dll
c:\windows\SysWow64\update\libidn-11.dll
c:\windows\SysWow64\update\libusb-1.0.dll
c:\windows\SysWow64\update\phatk121016.cl
c:\windows\SysWow64\update\poclbm121016.cl
c:\windows\SysWow64\update\poclbm121016GeForce GTX 560 Tigv1w256l4.bin
c:\windows\SysWow64\update\pthreadGC2.dll
c:\windows\SysWow64\update\sbs_wminet_utils.dat
c:\windows\SysWow64\update\ssleay32.dll
c:\windows\SysWow64\update\zlib1.dll
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-26 do 2012-12-26 )))))))))))))))))))))))))))))))
.
.
2012-12-26 20:13 . 2012-12-26 20:13 -------- d-----w- c:\programdata\AutoKMS
2012-12-26 20:11 . 2012-12-26 20:11 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-26 20:11 . 2012-12-26 20:11 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-12-26 20:11 . 2012-12-26 20:11 -------- d-----w- c:\users\PC\AppData\Local\temp
2012-12-26 20:11 . 2012-12-26 20:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-26 19:55 . 2012-12-26 20:02 -------- d-----r- c:\users\Tomas\Virtual Machines
2012-12-26 19:51 . 2012-12-26 19:51 -------- d-----w- c:\windows\system32\drivers\zh-TW
2012-12-26 19:50 . 2009-09-23 01:52 3584 ----a-w- c:\windows\system32\drivers\cs-CZ\vpchbus.sys.mui
2012-12-25 17:24 . 2012-12-25 17:24 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-12-25 17:24 . 2012-12-25 17:24 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-22 18:41 . 2012-12-22 18:48 410112 ----a-w- c:\windows\system32\sbs_mscorrc.dat
2012-12-22 18:41 . 2012-12-22 18:48 309760 ----a-w- c:\windows\system32\SharedReg.dll
2012-12-20 16:21 . 2012-12-20 16:21 -------- d-----w- c:\users\Tomas\AppData\Roaming\RealNetworks
2012-12-20 16:21 . 2012-12-20 16:21 -------- d-----w- c:\program files (x86)\RealNetworks
2012-12-20 16:21 . 2012-12-20 16:21 -------- d-----w- c:\programdata\RealNetworks
2012-12-20 16:21 . 2012-12-20 16:21 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-12-20 16:21 . 2012-12-20 16:21 153296 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2012-12-20 16:21 . 2012-12-20 16:21 124056 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
2012-12-13 13:30 . 2012-12-13 13:30 5955856 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-11-27 14:15 . 2012-11-27 14:17 -------- d-----w- C:\UBCD4Win
2012-11-26 22:08 . 2012-11-26 22:09 -------- d-----w- c:\program files (x86)\nLite
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-25 17:24 . 2012-02-25 16:30 859072 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-12-25 17:24 . 2011-10-28 12:49 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-12-25 17:08 . 2012-03-17 06:21 1825 ----a-w- c:\users\Tomas\advanced_ip_scanner_Favorites.bin
2012-12-25 17:08 . 2011-11-01 19:38 1164 ----a-w- c:\users\Tomas\advanced_ip_scanner_MAC.bin
2012-12-20 18:21 . 2011-10-27 22:40 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-10-16 21:20 . 2012-12-20 18:20 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 21:20 . 2012-12-20 18:20 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 20:34 . 2012-12-20 18:20 559104 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-10 20:23 . 2012-10-10 20:23 247144 ----a-w- c:\windows\system32\nvinitx.dll
2012-10-10 20:23 . 2012-10-10 20:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-10 20:23 . 2011-11-10 13:53 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-10 20:23 . 2012-09-21 19:35 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-10 20:23 . 2012-10-10 20:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-10 20:23 . 2012-10-10 20:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-10 20:23 . 2012-10-10 20:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-10 20:23 . 2012-10-10 20:23 831848 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-10-10 20:23 . 2012-10-10 20:23 202600 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-10-10 20:23 . 2012-09-21 19:35 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-10 20:23 . 2011-10-27 15:34 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-10 20:23 . 2012-08-12 20:29 973672 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-10-10 20:23 . 2011-11-10 13:53 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-10 20:23 . 2012-08-12 20:29 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-10 20:23 . 2012-10-10 20:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-10 20:23 . 2012-10-10 20:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-10 20:23 . 2012-10-10 20:23 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-10 20:22 . 2012-10-10 20:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-10 20:22 . 2012-10-10 20:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-10 20:22 . 2011-11-28 22:55 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-10 20:22 . 2011-11-10 13:53 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-10 20:22 . 2012-10-10 20:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-10 20:22 . 2012-10-10 20:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-10 20:22 . 2012-10-10 20:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-10 20:22 . 2012-10-10 20:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-04 16:45 . 2012-12-20 18:20 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-02 19:51 . 2012-08-12 20:29 3536817 ----a-w- c:\windows\system32\nvcoproc.bin
2012-10-02 19:51 . 2011-03-23 23:52 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2011-03-23 23:53 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2011-05-16 23:39 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2011-03-23 23:53 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2011-03-23 23:53 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-02 19:50 . 2011-03-23 23:53 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 12:15 . 2012-10-02 12:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2006-05-03 10:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-06 22:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StickyPassword"="c:\program files (x86)\Sticky Password\stpass.exe" [2012-01-27 2906456]
"OEXPRESS"="c:\windows\OETRN.EXE" [2011-10-31 26624]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-09-18 205976]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"DesktopOK"="c:\program files\DesktopOK_x64\DesktopOK_x64.exe" [2010-04-13 264704]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-04 21392]
"ICQ"="c:\program files (x86)\ICQ7.6\ICQ.exe" [2011-11-03 127040]
"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2012-03-11 1516496]
"Clip2Net"="c:\program files (x86)\Clip2Net\clip2net.exe" [2012-08-13 1881088]
"Free Download Manager"="c:\program files (x86)\Free Download Manager\fdm.exe" [2010-04-28 3727411]
"BB0718BACAE07C1D4A0FBDD696DF303B99444ED7._service_run"="c:\users\Tomas\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-12-05 1242728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-19 284440]
"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2010-11-08 465536]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-23 2615624]
"AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-23 906648]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2011-08-22 103536]
"ASUSGamerOSD"="c:\program files (x86)\ASUS\GamerOSD\GamerOSD.exe" [2009-07-30 380928]
"pspNetSystray"="c:\program files (x86)\EATON\PersonalSolutionPac\mgenetsystray.exe" [2008-09-24 1253376]
"RohosLogon"="c:\program files (x86)\Rohos\welcome-user.exe" [2012-02-07 1101936]
"AllShareAgent"="c:\program files (x86)\Samsung\AllShare\AllShareAgent.exe" [2011-02-18 250768]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-05-04 3521424]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
init.cmd [2010-11-25 84]
Serviio.lnk - c:\program files\Serviio\bin\ServiioConsole.exe [2012-8-9 493056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AVerQuick.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2011-11-10 618496]
SATARaid5Manager.lnk - c:\windows\Installer\{2ABC904F-6915-40AC-8CF8-B48743698CEC}\_19B708D90CBD3F24F241B9.exe [2012-2-16 1206]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Rohos]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"NSU_agent"="c:\program files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"TaskTray"=
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"HDD Regenerator"=c:\program files (x86)\HDD Regenerator\HDD Regenerator.exe
.
R2 CardBusService;CardBusService;c:\program files (x86)\Common Files\AVerMedia\Service\CardBusService.exe [2007-04-23 188416]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-19 13592]
R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
R2 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2011-02-18 22464]
R3 3xHybr64;3xHybrid service;c:\windows\system32\DRIVERS\3xHybr64.sys [2009-08-26 1333376]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-01-05 1847296]
R3 bmdrvr;Modified Clusters Tracking Driver;SysWOW64\drivers\bmdrvr.sys [x]
R3 bnsdusb;Panasonic USB Reader Writer Filter Driver;c:\windows\system32\DRIVERS\bnsdusb.sys [2011-05-10 26776]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-02-24 99384]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [2008-04-22 12744]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 prwntdrv;prwntdrv;c:\windows\system32\prwntdrv.sys [2010-08-25 16776]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2011-05-06 19936]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2011-05-06 13280]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2010-01-14 48416]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [2010-01-14 29472]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-24 203320]
R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys [2012-02-24 203320]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2010-01-14 48416]
R3 ts_arusb;[CommView] Atheros Wireless Network Adapter Service;c:\windows\system32\DRIVERS\ts_arusbx.sys [2010-10-08 12:24 1206248]
R3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);c:\windows\system32\DRIVERS\RtVLAN60.sys [2010-01-14 29472]
S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys [2010-11-08 14464]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2012-01-26 37456]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-10-31 834544]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [2011-11-10 16384]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-04-12 224048]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-04-12 130864]
S1 VDiskBus;ASUS Disk Unlocker;c:\windows\system32\DRIVERS\VDiskBus64.sys [2010-09-21 43136]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [2011-10-07 922240]
S2 ASDiskUnlocker;ASDiskUnlocker;c:\program files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe [2010-12-02 258688]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2011-10-07 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-10-07 586880]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 EATON Service module;EATON Service module;c:\program files (x86)\EATON\PersonalSolutionPac\RunSC.exe [2008-10-07 126976]
S2 EkaProt6;Ekahau User Protocol Driver for NDIS 6;c:\windows\system32\DRIVERS\ekaprot6.sys [2011-01-31 27288]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 NPSService;NPSService;c:\windows\SysWOW64\NPSService.exe [2010-03-28 165376]
S2 Powerware Shutdown Agent;Powerware Shutdown Agent;c:\program files (x86)\Powerware\Shutdown Agent\pwagsrvc.exe [2006-04-20 102400]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
S2 Rohos;Rohos welcome screen elements;c:\program files (x86)\Rohos\ntserv.exe [2011-11-01 69632]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2010-01-14 32544]
S2 SamsungAllShare;Samsung AllShare PC Service;c:\program files (x86)\Samsung\AllShare\AllShareDMS\WiselinkPro.exe [2011-02-18 7233952]
S2 SATARaid5 Config Service;SATARaid5 Configuration Service;c:\program files (x86)\Silicon Image\3132-W-R\SATARaid5ConfigService.exe [2005-10-05 131072]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Serviio;Serviio;c:\program files\Serviio\bin\ServiioService.exe [2012-08-09 207872]
S2 SharedReg;Shared Registry;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 SiHbaWakeupService;Silicon Image HBA Wakeup Utility;c:\program files (x86)\Silicon Image\Silicon Image HBA Wakeup Utility\SiHbaWakeupService.exe [2009-07-28 62464]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-09-27 2027840]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-21 846448]
S2 vmware-converter-agent;VMware vCenter Converter Standalone Agent;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [2011-08-19 423536]
S2 vmware-converter-server;VMware vCenter Converter Standalone Server;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2011-08-19 423536]
S2 vmware-converter-worker;VMware vCenter Converter Standalone Worker;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2011-08-19 423536]
S2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2011-08-22 11837440]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 ASFLTDrv.sys;ASFLTDrv.sys;c:\program files (x86)\ASUS\Disk Unlocker\ASFLTDrv64.sys [2010-09-16 16512]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-09-14 129000]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-09-14 394216]
S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x]
S3 AVerBDA3x_x64;AVerMedia SAA713x BDA Service;c:\windows\system32\DRIVERS\AVerBDA3x_x64.sys [2007-08-29 1729024]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2011-10-27 26136]
S3 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys [2010-02-22 23680]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128]
S3 NmPar;PCI Parallel Port;c:\windows\system32\DRIVERS\NmPar.sys [2010-01-12 95744]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-12-16 35112]
S3 ts_arnusb;[CommView] Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\ts_arnusbx.sys [2012-02-27 11:23 1982056]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-07-07 11856]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-04-12 147248]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-04-12 166192]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ASFLTDRV.SYS
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 11:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 18:02 114688 ----a-w- c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-02 21:05]
.
2012-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-02 21:05]
.
2012-12-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3140584908-4095044202-3321497776-1000Core.job
- c:\users\Tomas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-28 09:13]
.
2012-12-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3140584908-4095044202-3321497776-1000UA.job
- c:\users\Tomas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-28 09:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-11-08 15:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-11-08 15:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-11-08 15:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-11-08 15:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-23 140568]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-21 416024]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2012-05-15 5860016]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2012-05-15 70832]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
SharedReg
SharedReg
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Poslat jako MMS - c:\program files (x86)\O2\SMSender\SMSender.E.186.dll/1003
IE: Poslat jako SMS - c:\program files (x86)\O2\SMSender\SMSender.E.186.dll/1001
IE: Poslat MMS na - c:\program files (x86)\O2\SMSender\SMSender.E.186.dll/1002
IE: Poslat SMS na - c:\program files (x86)\O2\SMSender\SMSender.E.186.dll/1000
IE: Stáhnout Free Download Managerem - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 192.168.0.1
DPF: {3360DAE7-B224-4A07-B707-50F59F51D2A4} - hxxp://192.168.0.180:5000/webman/3rdparty/SurveillanceStation/object/SSObject2.cab
DPF: {CAA6C3B6-662B-4D14-BB64-EADB88213BFE} - hxxp://192.168.0.3/IPCamPluginTM.cab
FF - ProfilePath - c:\users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\0ghxsl14.default\
FF - prefs.js: browser.startup.homepage - http://www.google.cz
FF - prefs.js: keyword.URL - hxxp://www.questbasic.com/?tmp=nemo_results_re ... &keywords=
FF - ExtSQL: 2012-11-24 16:59; {c95a4e8e-816d-4655-8c79-d736da1adb6d}; c:\users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\0ghxsl14.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}
FF - ExtSQL: 2012-12-20 17:21; {34712C68-7391-4c47-94F3-8F88D49AD632}; c:\programdata\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-RealPlayer 16.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HID\VID_0463&PID_FFFF\7&274bcb43&0&0000\LogConf]
@DACL=(02 0000)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ASDR.exe
c:\program files (x86)\EATON\PersonalSolutionPac\PCtl.exe
c:\program files (x86)\Common Files\BinarySense\hldasvc.exe
c:\program files (x86)\Common Files\BinarySense\hldasvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe
c:\program files (x86)\Samsung\AllShare\AllShareDMS\http_ss_win_pro.exe
c:\program files (x86)\EATON\PersonalSolutionPac\BIL.exe
c:\program files (x86)\EATON\PersonalSolutionPac\CilUSB.exe
c:\program files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe
c:\program files (x86)\ASUS\SmartDoctor\SmartDoctor.exe
c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
c:\program files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
c:\program files (x86)\ASUS\AI Suite II\AI Suite II.exe
c:\program files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
.
**************************************************************************
.
Celkový čas: 2012-12-26 21:15:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-26 20:15
ComboFix2.txt 2012-11-17 14:50
ComboFix3.txt 2012-11-17 14:39
.
Před spuštěním: Volných bajtů: 78 046 564 352
Po spuštění: Volných bajtů: 81 201 778 688
.
- - End Of File - - 42C7B62FEB3A9846EA71747B66A89F75

Zdravim

Jen se zeptam pouzivate legalni operacni system, nejvyssi licence Ultimate zrovna neni bezna.

Co se tyce ComboFixu, ktery jste pouzil, tak na zaklade licence a pravidel fora ptam, umite s nim pracovat (spusteni, rozlusteni logu, napsani skriptu)?

licencni podminky hovori jasne "Nikdy by nemel byt pouzit v prostredi bez dozoru zkusene osoby"


Nebezpeci CFka

• Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
• Maze stopy po haveti, takze v logu z RSIT neni nic videt
• Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
• CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
• CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

Dobrý den,
Co se tyce legalnosti, tak priznavam, ze ne vse je u mne tak jak by melo byt. Postupne to resim, bohuzel limitujicim faktorem je volny cas, ktereho se mi moc nedostava a proto se snazim vse resit postupne.
Co se tyce combofixu poprve jsem ho pouzil, kdyz jsem si prinesl od kamarada na flesh pameti nejakeho vira vyuzivajici autorun.ini. CF jsem nasel na netu. Skoleny na nej nejsem, ale na internetu jsem si o nem precetl dost veci. Jeho logu take castecne rozumim, bohuzel ne vsemu. Nejsem na nej skoleny. Dle studa ruznych prikladu skryptu pro combofix, bych take snad neco zvladl napsat. Zavisi to ale na spravnem nalezeni problemu v logu CF. To bych si ale musel byt jist, jinak takove veci nedelam. Pokud si nejsem jit co ktery program jak dela, tak zadnym programum nedavam resit neco automaticky. To to radsi udelam rucne a vym co se stalo. Jelikoz ale nejsem zadny profesional, ale castecne pokrocili amater, tak vas zadam o radu a kontrolu logu jestli jsem neco neopomel. Dekuji

Nelegalni system, svevolne pouziti ComboFixu = hned dve poruseni pravidel fora a hlavne to prvni je zasadni...

Je mi lito, ale pravidla plati pro vsechny, a i ja jsem je nucen dodrzovat...

Takze