Prosím o kontrolu

[Noviik]

Ahoj,


"něco" určitě není v pořádku, pokusil jsem se vyřešit problém s "dosearches", který se už neobjevuje, ale pravděpodobně to nebyl ten hlavní problém. Prosím proto o kontrolu logu.

Díky moc

Martin

-----------

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-10-2013
Ran by Martin (administrator) on MARTIN-PC on 28-10-2013 15:58:55
Running from C:\Users\Martin\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Preventon Technologies Limited) C:\Program Files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe
(Preventon Technologies Limited) C:\Program Files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVWatchService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SPAMfighter ApS) C:\Program Files (x86)\Fighters\FighterSuiteService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
(SPAMfighter ApS) C:\Program Files (x86)\Fighters\Tray\FightersTray.exe
(SPAMfighter) C:\Program Files (x86)\Fighters\SPYWAREfighter\swproTray.exe
(Google Inc.) C:\Users\Martin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Martin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Martin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Martin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Martin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Martin\AppData\Local\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Martin\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RtsFT] - C:\Windows\RTFTrack.exe [6334096 2012-08-27] (Realtek semiconductor)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [SpywareTerminatorShield] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM\...\Run: [SpywareTerminatorUpdater] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Google Update] - C:\Users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-09-04] (Google Inc.)
HKCU\...\Run: [DAEMON Tools Pro Agent] - C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [4527424 2011-08-17] (DT Soft Ltd)
MountPoints2: {64f86e35-1529-11e3-be1e-806e6f6e6963} - D:\SetupLauncher.exe
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ContentTransferWMDetector.exe] - C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe [423200 2008-07-11] (Sony Corporation)
HKLM-x32\...\Run: [CommonToolkitTray] - C:\Program Files (x86)\Fighters\Tray\FightersTray.exe [1659424 2013-09-05] (SPAMfighter ApS)
HKLM-x32\...\Run: [SWPROguard] - C:\Program Files (x86)\Fighters\SPYWAREfighter\swproTray.exe [1260072 2013-09-05] (SPAMfighter)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [266448 2013-06-21] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [214448 2013-06-21] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dosearches.com/?utm_source=b ... 1382375472
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dosearches.com/?utm_source=b ... 1382375472
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.dosearches.com/?utm_source=b ... 1382375472
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: avast! Ad Blocker - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker64.dll (AVAST Software)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: avast! Ad Blocker - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

Chrome:
=======
CHR HomePage: hxxp://www.google.cz/
CHR Plugin: (Shockwave Flash) - C:\Users\Martin\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Martin\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Martin\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Google Update) - C:\Users\Martin\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Extension: (Google Docs) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Extended Protection) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0
CHR Extension: (Google Search) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Calendar) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0
CHR Extension: (avast! Ad Blocker) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fplhdcjmbpfkejbhngmlngaecbjmoimd\8.0_0
CHR Extension: (AdBlock) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0
CHR Extension: (avast! Online Security) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0
CHR Extension: (Last.fm Scrobbler) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhinaapppaileiechjoiifaancjggfjm\1.22_0
CHR Extension: (Fiery Music) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmfeiddljnkcdgcfcfhpenipgmaocon\1_0
CHR Extension: (Last.fm scrobbler for Google Play) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhlmaloocaogaldcbpimhlbimmhaonep\1.2.4_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [cekcjpgehmohobmdiikfnopibipmgnml] - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\
CHR HKLM-x32\...\Chrome\Extension: [fplhdcjmbpfkejbhngmlngaecbjmoimd] - C:\Program Files\AVAST Software\Avast\AdBlocker\Chrome\avast-adblocker-chrome.crx

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-06-25] ()
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-19] ()
R2 Suite Service; C:\Program Files (x86)\Fighters\FighterSuiteService.exe [1281568 2013-04-30] (SPAMfighter ApS)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)
R2 AV Engine Scanning Service; C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe [x]
R2 AV Watch Service; C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe [x]

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
R3 AVFSFilter; C:\Windows\System32\DRIVERS\avfsfilter.sys [13720 2013-09-05] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [271424 2013-09-07] (DT Soft Ltd)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8227216 2012-08-27] (Realtek Semiconductor Corp.)
U3 pxdiypow; \??\C:\Users\Martin\AppData\Local\Temp\pxdiypow.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-28 15:58 - 2013-10-28 15:58 - 00000000 ____D C:\FRST
2013-10-28 15:57 - 2013-10-28 15:57 - 01956538 _____ (Farbar) C:\Users\Martin\Desktop\FRST64.exe
2013-10-28 15:56 - 2013-10-28 15:56 - 00112128 _____ (forum.viry.cz) C:\Users\Martin\Desktop\FRSTLauncher.exe
2013-10-28 14:43 - 2013-10-28 14:43 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Malwarebytes
2013-10-28 14:42 - 2013-10-28 14:42 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-28 14:42 - 2013-10-28 14:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-28 14:42 - 2013-10-28 14:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-28 14:42 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-28 11:10 - 2013-10-28 11:41 - 00000000 ____D C:\ProgramData\clp
2013-10-28 11:10 - 2013-10-28 11:11 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Fighters
2013-10-28 11:10 - 2013-10-28 11:10 - 00002004 _____ C:\Users\Public\Desktop\SPYWAREfighter.lnk
2013-10-28 11:10 - 2013-10-28 11:10 - 00000000 ____D C:\ProgramData\Common Toolkit Suite
2013-10-28 11:10 - 2013-10-28 11:10 - 00000000 ____D C:\Program Files (x86)\Fighters
2013-10-28 11:09 - 2013-10-28 11:10 - 00000000 ____D C:\ProgramData\Fighters
2013-10-27 21:23 - 2013-10-27 21:38 - 00000000 ____D C:\AdwCleaner
2013-10-27 20:41 - 2013-10-27 20:41 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2013-10-27 20:35 - 2013-10-27 20:41 - 00000000 ____D C:\Windows\027B5748C40941FE949B7B81A8304EF4.TMP
2013-10-27 19:12 - 2013-10-27 19:12 - 00000000 _____ C:\autoexec.bat
2013-10-27 19:11 - 2013-10-27 19:11 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-10-27 19:08 - 2013-10-27 20:36 - 00000000 ____D C:\Windows\86CA3695A4124BAE92B649A60C2AC663.TMP
2013-10-27 19:02 - 2013-10-28 09:25 - 00001418 _____ C:\Windows\AutoKMS.log
2013-10-27 19:00 - 2013-10-28 15:29 - 00000336 _____ C:\Windows\setupact.log
2013-10-27 19:00 - 2013-10-27 19:00 - 00000000 _____ C:\Windows\setuperr.log
2013-10-27 18:59 - 2013-10-28 15:29 - 00001422 _____ C:\Windows\PFRO.log
2013-10-20 09:18 - 2013-10-20 09:18 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Sony Corporation
2013-10-20 09:16 - 2013-10-20 09:16 - 00000000 ____D C:\Users\Martin\AppData\Local\Downloaded Installations
2013-10-19 16:25 - 2013-10-19 16:26 - 00000000 ____D C:\Program Files (x86)\FarCry 3
2013-10-19 13:41 - 2013-10-19 16:28 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-10-19 13:41 - 2013-10-19 16:28 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-10-19 13:41 - 2013-10-19 13:41 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-10-19 13:41 - 2013-10-19 13:41 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-10-19 13:33 - 2013-09-26 01:19 - 78106760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2013-10-19 09:42 - 2013-10-19 09:42 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2013-10-19 09:42 - 2013-10-19 09:42 - 00000000 ____D C:\ProgramData\BlueStacks
2013-10-18 14:50 - 2013-10-18 14:50 - 00000000 ____D C:\Program Files (x86)\AVAST Software
2013-10-10 21:12 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-10 21:12 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-10 21:12 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-10 21:12 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-10 21:12 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-10 21:12 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-10 21:12 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-10 21:12 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-10 21:12 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-10 21:12 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-10 21:12 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-10 21:12 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-10 21:12 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-10 21:12 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 21:12 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 21:12 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-10 21:12 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-10 21:12 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 21:12 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-10 21:12 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 21:12 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-10 21:12 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 21:12 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-10 21:12 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-10 21:12 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-10 21:12 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 21:12 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-10 21:12 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-10 21:12 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-10 21:12 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-10 21:12 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-10 19:36 - 2013-10-10 19:45 - 00000000 ____D C:\Users\Martin\Documents\Soubory aplikace Outlook
2013-10-10 18:50 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 18:50 - 2013-07-12 11:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-10 18:50 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-10 18:50 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 18:50 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-10 18:50 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 18:50 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 18:50 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-10 18:50 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-10 18:50 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-10 18:50 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-10 18:50 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-10 18:50 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-10 18:50 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-10 18:50 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-10 18:50 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 18:50 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-10 18:50 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-10 18:48 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-10 18:48 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 18:48 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-07 18:12 - 2013-10-07 19:07 - 00011922 _____ C:\Users\Martin\Župan.xlsx
2013-10-06 09:28 - 2013-10-21 17:43 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2013-10-06 09:28 - 2013-10-06 09:28 - 00000000 ____D C:\ProgramData\McAfee
2013-10-06 09:27 - 2013-10-06 16:18 - 00000000 ____D C:\ProgramData\Adobe
2013-10-06 09:27 - 2013-10-06 09:27 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-10-06 09:26 - 2013-10-06 09:29 - 00000000 ____D C:\Users\Martin\AppData\Local\Adobe
2013-09-29 15:56 - 2013-10-28 15:34 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-09-29 15:56 - 2013-09-29 15:56 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-09-29 15:56 - 2013-08-30 08:48 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-09-29 15:56 - 2013-08-30 08:48 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-09-29 15:56 - 2013-08-30 08:48 - 00204880 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-09-29 15:56 - 2013-08-30 08:48 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-09-29 15:56 - 2013-08-30 08:48 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-09-29 15:56 - 2013-08-30 08:48 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-09-29 15:56 - 2013-08-30 08:48 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-09-29 15:56 - 2013-08-30 08:48 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-09-29 15:56 - 2013-08-30 08:47 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-09-29 15:55 - 2013-08-30 08:47 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-09-29 15:54 - 2013-09-29 15:54 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-29 15:53 - 2013-09-29 15:54 - 00000000 ____D C:\ProgramData\AVAST Software

==================== One Month Modified Files and Folders =======

2013-10-28 15:58 - 2013-10-28 15:58 - 00000000 ____D C:\FRST
2013-10-28 15:57 - 2013-10-28 15:57 - 01956538 _____ (Farbar) C:\Users\Martin\Desktop\FRST64.exe
2013-10-28 15:57 - 2013-09-04 18:12 - 00000000 ____D C:\Users\Martin\Desktop\Aktuální
2013-10-28 15:56 - 2013-10-28 15:56 - 00112128 _____ (forum.viry.cz) C:\Users\Martin\Desktop\FRSTLauncher.exe
2013-10-28 15:40 - 2013-09-04 07:18 - 01232013 _____ C:\Windows\WindowsUpdate.log
2013-10-28 15:40 - 2009-07-14 05:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-28 15:40 - 2009-07-14 05:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-28 15:36 - 2009-07-14 16:18 - 00666656 _____ C:\Windows\system32\perfh005.dat
2013-10-28 15:36 - 2009-07-14 16:18 - 00140320 _____ C:\Windows\system32\perfc005.dat
2013-10-28 15:36 - 2009-07-14 06:13 - 01577410 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-28 15:34 - 2013-09-29 15:56 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-10-28 15:29 - 2013-10-27 19:00 - 00000336 _____ C:\Windows\setupact.log
2013-10-28 15:29 - 2013-10-27 18:59 - 00001422 _____ C:\Windows\PFRO.log
2013-10-28 15:29 - 2013-09-21 10:46 - 00000202 _____ C:\Windows\Tasks\AutoKMS.job
2013-10-28 15:29 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-28 15:14 - 2013-09-07 00:14 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-28 15:01 - 2013-09-04 17:49 - 00000966 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3754952095-1263816399-3501759939-1000UA.job
2013-10-28 14:43 - 2013-10-28 14:43 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Malwarebytes
2013-10-28 14:42 - 2013-10-28 14:42 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-28 14:42 - 2013-10-28 14:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-28 14:42 - 2013-10-28 14:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-28 14:36 - 2013-09-07 19:43 - 00000000 ____D C:\Users\Martin\Documents\FIFA 13
2013-10-28 14:24 - 2013-09-04 17:57 - 00000000 ____D C:\Users\Martin\AppData\Local\Last.fm
2013-10-28 11:41 - 2013-10-28 11:10 - 00000000 ____D C:\ProgramData\clp
2013-10-28 11:13 - 2013-09-07 10:08 - 00000000 ____D C:\Users\Martin\Hanka
2013-10-28 11:13 - 2013-09-04 07:25 - 00000000 ____D C:\Users\Martin
2013-10-28 11:11 - 2013-10-28 11:10 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Fighters
2013-10-28 11:10 - 2013-10-28 11:10 - 00002004 _____ C:\Users\Public\Desktop\SPYWAREfighter.lnk
2013-10-28 11:10 - 2013-10-28 11:10 - 00000000 ____D C:\ProgramData\Common Toolkit Suite
2013-10-28 11:10 - 2013-10-28 11:10 - 00000000 ____D C:\Program Files (x86)\Fighters
2013-10-28 11:10 - 2013-10-28 11:09 - 00000000 ____D C:\ProgramData\Fighters
2013-10-28 11:06 - 2013-09-07 09:53 - 00000000 ____D C:\Users\Martin\Martin
2013-10-28 09:25 - 2013-10-27 19:02 - 00001418 _____ C:\Windows\AutoKMS.log
2013-10-28 09:19 - 2009-07-14 06:08 - 00026856 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-27 21:38 - 2013-10-27 21:23 - 00000000 ____D C:\AdwCleaner
2013-10-27 20:41 - 2013-10-27 20:41 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2013-10-27 20:41 - 2013-10-27 20:35 - 00000000 ____D C:\Windows\027B5748C40941FE949B7B81A8304EF4.TMP
2013-10-27 20:36 - 2013-10-27 19:08 - 00000000 ____D C:\Windows\86CA3695A4124BAE92B649A60C2AC663.TMP
2013-10-27 20:01 - 2013-09-04 17:49 - 00000914 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3754952095-1263816399-3501759939-1000Core.job
2013-10-27 19:12 - 2013-10-27 19:12 - 00000000 _____ C:\autoexec.bat
2013-10-27 19:11 - 2013-10-27 19:11 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-10-27 19:09 - 2013-09-04 17:50 - 00002335 _____ C:\Users\Martin\Desktop\Google Chrome.lnk
2013-10-27 19:00 - 2013-10-27 19:00 - 00000000 _____ C:\Windows\setuperr.log
2013-10-21 18:11 - 2013-09-04 18:38 - 00001713 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-21 17:43 - 2013-10-06 09:28 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2013-10-20 12:46 - 2013-09-10 19:11 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-10-20 12:46 - 2013-09-10 19:11 - 00000000 ____D C:\Windows\system32\NV
2013-10-20 12:33 - 2009-07-14 16:36 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-10-20 09:18 - 2013-10-20 09:18 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Sony Corporation
2013-10-20 09:17 - 2013-09-04 20:44 - 00000000 ____D C:\Program Files (x86)\Sony
2013-10-20 09:16 - 2013-10-20 09:16 - 00000000 ____D C:\Users\Martin\AppData\Local\Downloaded Installations
2013-10-19 17:00 - 2013-09-14 21:26 - 00000000 ____D C:\Program Files (x86)\Far Cry 3
2013-10-19 16:28 - 2013-10-19 13:41 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-10-19 16:28 - 2013-10-19 13:41 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-10-19 16:26 - 2013-10-19 16:25 - 00000000 ____D C:\Program Files (x86)\FarCry 3
2013-10-19 13:41 - 2013-10-19 13:41 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-10-19 13:41 - 2013-10-19 13:41 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-10-19 09:49 - 2013-09-20 16:40 - 00000000 ____D C:\Windows\Minidump
2013-10-19 09:42 - 2013-10-19 09:42 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2013-10-19 09:42 - 2013-10-19 09:42 - 00000000 ____D C:\ProgramData\BlueStacks
2013-10-18 14:50 - 2013-10-18 14:50 - 00000000 ____D C:\Program Files (x86)\AVAST Software
2013-10-13 16:41 - 2013-09-04 19:17 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Skype
2013-10-11 17:51 - 2009-07-14 05:45 - 00416952 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-10 21:15 - 2013-09-21 10:26 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-10 21:09 - 2013-09-10 19:04 - 01556632 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-10 21:03 - 2013-09-04 17:58 - 00000000 ____D C:\Windows\system32\MRT
2013-10-10 21:01 - 2013-09-04 17:58 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 19:45 - 2013-10-10 19:36 - 00000000 ____D C:\Users\Martin\Documents\Soubory aplikace Outlook
2013-10-09 18:56 - 2013-09-04 17:49 - 00003938 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3754952095-1263816399-3501759939-1000UA
2013-10-09 18:56 - 2013-09-04 17:49 - 00003542 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3754952095-1263816399-3501759939-1000Core
2013-10-08 18:14 - 2013-09-07 00:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-08 18:14 - 2013-09-07 00:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-08 18:14 - 2013-09-07 00:14 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-07 19:07 - 2013-10-07 18:12 - 00011922 _____ C:\Users\Martin\Župan.xlsx
2013-10-06 16:18 - 2013-10-06 09:27 - 00000000 ____D C:\ProgramData\Adobe
2013-10-06 09:29 - 2013-10-06 09:26 - 00000000 ____D C:\Users\Martin\AppData\Local\Adobe
2013-10-06 09:29 - 2013-09-04 21:05 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Adobe
2013-10-06 09:28 - 2013-10-06 09:28 - 00000000 ____D C:\ProgramData\McAfee
2013-10-06 09:27 - 2013-10-06 09:27 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-09-29 17:44 - 2013-09-04 19:40 - 00000000 ____D C:\Users\Martin\MP3
2013-09-29 15:56 - 2013-09-29 15:56 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-09-29 15:54 - 2013-09-29 15:54 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-29 15:54 - 2013-09-29 15:53 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-29 15:48 - 2013-09-13 17:10 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2013-09-29 15:48 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF

Some content of TEMP:
====================
C:\Users\Martin\AppData\Local\Temp\Quarantine.exe
C:\Users\Martin\AppData\Local\Temp\SHSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-15 19:34




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:931.29 GB) (Free:785.92 GB) NTFS

Available physical RAM: 2044.5 MB
Total physical RAM: 3949.53 MB
Percentage of memory in use: 48%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 932 GB) (Disk ID: 9ED40981)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3754952095-1263816399-3501759939-1000Core.job => C:\Users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3754952095-1263816399-3501759939-1000UA.job => C:\Users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: SPYWAREfighter (Enabled - Up to date) {11BFB622-B506-BBFD-BBD5-E74259B04899}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 28_09_2013 (06)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Martin\Desktop" je 13 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[Rudy]

Zdravím!
Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dosearches.com/?utm_source=b ... 1382375472
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dosearches.com/?utm_source=b ... 1382375472
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.dosearches.com/?utm_source=b ... 1382375472
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
U3 pxdiypow; \??\C:\Users\Martin\AppData\Local\Temp\pxdiypow.sys [x]
C:\Users\Martin\AppData\Local\Temp
C:\Windows\027B5748C40941FE949B7B81A8304EF4.TMP
C:\Windows\86CA3695A4124BAE92B649A60C2AC663.TMP
C:\Windows\AutoKMS.log
C:\Windows\Tasks\AutoKMS.job
C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3754952095-1263816399-3501759939-1000Core.job => C:\Users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3754952095-1263816399-3501759939-1000UA.job => C:\Users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[Noviik]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-10-2013
Ran by Martin at 2013-10-28 17:22:41 Run:1
Running from C:\Users\Martin\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dosearches.com/?utm_source=b ... 1382375472
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dosearches.com/?utm_source=b ... 1382375472
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.dosearches.com/?utm_source=b ... 1382375472
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
U3 pxdiypow; \??\C:\Users\Martin\AppData\Local\Temp\pxdiypow.sys [x]
C:\Users\Martin\AppData\Local\Temp
C:\Windows\027B5748C40941FE949B7B81A8304EF4.TMP
C:\Windows\86CA3695A4124BAE92B649A60C2AC663.TMP
C:\Windows\AutoKMS.log
C:\Windows\Tasks\AutoKMS.job
C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3754952095-1263816399-3501759939-1000Core.job => C:\Users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3754952095-1263816399-3501759939-1000UA.job => C:\Users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe
End
*****************

HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
pxdiypow => Service deleted successfully.

"C:\Users\Martin\AppData\Local\Temp" directory move:

C:\Users\Martin\AppData\Local\Temp\13ca2641-0514-4394-b046-ebff45fae4af.dmp => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\498b5d7e-c4b1-4230-aff6-9fa072203ad0.dmp => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\AdobeARM.log => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\AdwCleaner.jpg => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\Cleaning.ico => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\DMI168E.tmp => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\Donate.ico => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\EsgScanner.inf => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\ESGScanner.sys => Moved successfully.
Could not move "C:\Users\Martin\AppData\Local\Temp\etilqs_ecOYURierC558db" => Scheduled to move on reboot.
Could not move "C:\Users\Martin\AppData\Local\Temp\etilqs_Tlc5v1GZh65gUkv" => Scheduled to move on reboot.
Could not move "C:\Users\Martin\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot.
C:\Users\Martin\AppData\Local\Temp\MSI9b73f.LOG => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\preferences => Moved successfully.
Could not move "C:\Users\Martin\AppData\Local\Temp\qtsingleapp-fmlast-93b-1-lockfile" => Scheduled to move on reboot.
C:\Users\Martin\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\Reader.log.txt => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\Report.ico => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\Scan.ico => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\SHSetup.exe => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\StructuredQuery.log => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\SWPRO_msi.log.txt => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\Uninstall.ico => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\users00 => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\Version.txt => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\wmplog00.sqm => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\wmsetup.log => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\~3D00.tmp => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\~DCA8.tmp => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\~F2F6.tmp => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\Rar$EXa0.479\gmer.exe => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\Rar$EXa0.117\gmer.exe => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\MSS\3.8.130.8\ftconfig.ini => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\MSS\3.8.130.8\mcbrwsr2.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\MSS\3.8.130.8\McInstallerRes.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\MSS\3.8.130.8\McInstallerRes_LD.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\MSS\3.8.130.8\McInstallerStartup.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\MSS\3.8.130.8\McUICnt.exe => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\MSS\3.8.130.8\SecurityScanner.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\MSS\3.8.130.8\uninstaller.ini => Moved successfully.
Could not move "C:\Users\Martin\AppData\Local\Temp" directory. => Scheduled to move on reboot.

C:\Windows\027B5748C40941FE949B7B81A8304EF4.TMP => Moved successfully.
C:\Windows\86CA3695A4124BAE92B649A60C2AC663.TMP => Moved successfully.
C:\Windows\AutoKMS.log => Moved successfully.
C:\Windows\Tasks\AutoKMS.job => Moved successfully.
"C:\Windows\AutoKMS.exe" => File/Directory not found.
C:\Windows\Tasks\AutoKMS.job not found.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3754952095-1263816399-3501759939-1000Core.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3754952095-1263816399-3501759939-1000UA.job => Moved successfully.

=========== Result of Scheduled Files to move ===========

C:\Users\Martin\AppData\Local\Temp\etilqs_ecOYURierC558db => Is moved successfully.
C:\Users\Martin\AppData\Local\Temp\etilqs_Tlc5v1GZh65gUkv => Is moved successfully.
"C:\Users\Martin\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => File could not move.
C:\Users\Martin\AppData\Local\Temp\qtsingleapp-fmlast-93b-1-lockfile => Moved successfully.
"C:\Users\Martin\AppData\Local\Temp" => Directory could not move.

==== End of Fixlog ====

[Rudy]

Smazáno. Nastala nějaká změna?

[Noviik]

Přihlášení do pc je pomalejší, při naskočení plochy se ohlásil explorer s tím, že neodpovídá.

[Rudy]

Zkuste obnovu systému k datu, kdy korektně fungoval.

[Noviik]

Po obnově nabíhají rychle programy (celá plocha), ale stále trvá samotné načtení systému (necelé tři minuty černá obrazovka). Čím by to mohlo ještě být?

[Rudy]

Startmenu>přík. řádek>(napsat) msconfig>Enter. V otevřeném okně na záložkách "Po spuštění" a "Služby" odstraňte zatržítka u všech položek, které nemusí automaticky startovat. Obcně všechny ne-microsoftí, kromě ovladačů, antiviru a příp. jiných bezpečnostních programů.

[Noviik]

Tak start PC je stále pomalý, je to ve chvíli načítání Windows. Ještě nějaká možnost?

[Rudy]

Jak velký je adresář C:\Users\Martin\Desktop?

[Noviik]

1,25 MB (1 311 564 bajtů)

[Rudy]

To je OK. Ještě poprosím o log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

[Noviik]

ComboFix 13-10-30.01 - Martin 30.10.2013 19:26:48.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3950.2709 [GMT 1:00]
Spuštěný z: c:\users\Martin\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\Roaming
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-09-28 do 2013-10-30 )))))))))))))))))))))))))))))))
.
.
2013-10-30 18:31 . 2013-10-30 18:31 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-10-30 18:31 . 2013-10-30 18:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-29 17:09 . 2013-10-16 00:20 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF51ECDC-1A27-421C-8451-0517E4E70719}\mpengine.dll
2013-10-29 17:07 . 2013-10-29 17:07 -------- d-----w- c:\users\Martin\AppData\Local\NVIDIA
2013-10-28 14:58 . 2013-10-28 16:27 -------- d-----w- C:\FRST
2013-10-28 13:43 . 2013-10-28 13:43 -------- d-----w- c:\users\Martin\AppData\Roaming\Malwarebytes
2013-10-28 13:42 . 2013-10-28 13:42 -------- d-----w- c:\programdata\Malwarebytes
2013-10-28 13:42 . 2013-10-28 16:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-10-28 10:10 . 2013-10-28 17:03 -------- d-----w- c:\programdata\clp
2013-10-28 10:10 . 2013-10-28 10:11 -------- d-----w- c:\users\Martin\AppData\Roaming\Fighters
2013-10-28 10:10 . 2013-10-28 16:04 -------- d-----w- c:\program files (x86)\Common Files\Common Toolkit Suite
2013-10-28 10:10 . 2013-10-28 17:03 -------- d-----w- c:\program files (x86)\Fighters
2013-10-28 10:10 . 2013-10-28 10:10 -------- d-----w- c:\programdata\Common Toolkit Suite
2013-10-28 10:09 . 2013-10-28 10:10 -------- d-----w- c:\programdata\Fighters
2013-10-27 20:23 . 2013-10-27 20:38 -------- d-----w- C:\AdwCleaner
2013-10-27 18:11 . 2013-10-27 18:11 -------- d-----w- c:\program files\Enigma Software Group
2013-10-20 08:18 . 2013-10-20 08:18 -------- d-----w- c:\users\Martin\AppData\Roaming\Sony Corporation
2013-10-20 08:17 . 2013-10-20 08:17 -------- d-----w- c:\program files (x86)\Common Files\Sony Shared
2013-10-20 08:16 . 2013-10-20 08:16 -------- d-----w- c:\users\Martin\AppData\Local\Downloaded Installations
2013-10-19 15:25 . 2013-10-19 15:26 -------- d-----w- c:\program files (x86)\FarCry 3
2013-10-19 12:41 . 2013-10-19 15:28 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-10-19 12:41 . 2013-10-19 12:41 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-10-19 12:41 . 2013-10-19 15:28 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-10-19 12:41 . 2013-10-19 12:41 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-10-19 08:42 . 2013-10-19 08:42 -------- d-----w- c:\programdata\BlueStacks
2013-10-18 13:50 . 2013-10-18 13:50 -------- d-----w- c:\program files (x86)\AVAST Software
2013-10-10 17:50 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll
2013-10-10 17:48 . 2013-07-20 10:33 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 17:48 . 2013-07-20 10:33 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 17:48 . 2013-08-01 12:09 983488 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-10-06 08:28 . 2013-10-06 08:28 -------- d-----w- c:\programdata\McAfee
2013-10-06 08:27 . 2013-10-06 08:28 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-10-06 08:26 . 2013-10-06 08:29 -------- d-----w- c:\users\Martin\AppData\Local\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-10 20:01 . 2013-09-04 16:58 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-10-08 17:14 . 2013-09-06 23:14 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-08 17:14 . 2013-09-06 23:14 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-21 09:46 . 2013-09-21 09:46 614400 ----a-w- c:\windows\AutoKMS.exe
2013-09-14 19:07 . 2013-09-14 18:59 794408 ----a-w- c:\windows\SysWow64\pbsvc.exe
2013-09-07 11:54 . 2013-09-07 11:54 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2013-09-07 11:08 . 2013-09-07 11:08 271424 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-09-06 17:50 . 2013-09-06 17:50 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-09-06 17:50 . 2013-09-06 17:50 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-09-06 17:50 . 2013-09-06 17:50 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-09-06 17:50 . 2013-09-06 17:50 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-09-06 17:50 . 2013-09-06 17:50 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-09-06 17:50 . 2013-09-06 17:50 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-09-06 17:50 . 2013-09-06 17:50 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-09-06 17:50 . 2013-09-06 17:50 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-09-06 17:50 . 2013-09-06 17:50 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-09-06 17:50 . 2013-09-06 17:50 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-09-06 17:50 . 2013-09-06 17:50 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-09-06 17:50 . 2013-09-06 17:50 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-09-06 17:50 . 2013-09-06 17:50 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-09-06 17:50 . 2013-09-06 17:50 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-09-06 17:50 . 2013-09-06 17:50 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-09-06 17:50 . 2013-09-06 17:50 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-09-06 17:50 . 2013-09-06 17:50 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-09-06 17:50 . 2013-09-06 17:50 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-09-06 17:50 . 2013-09-06 17:50 216064 ----a-w- c:\windows\system32\msls31.dll
2013-09-06 17:50 . 2013-09-06 17:50 197120 ----a-w- c:\windows\system32\msrating.dll
2013-09-06 17:50 . 2013-09-06 17:50 81408 ----a-w- c:\windows\system32\icardie.dll
2013-09-06 17:50 . 2013-09-06 17:50 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-09-06 17:50 . 2013-09-06 17:50 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-09-06 17:50 . 2013-09-06 17:50 441856 ----a-w- c:\windows\system32\html.iec
2013-09-06 17:50 . 2013-09-06 17:50 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-09-06 17:50 . 2013-09-06 17:50 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-09-06 17:50 . 2013-09-06 17:50 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-09-06 17:50 . 2013-09-06 17:50 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-09-06 17:50 . 2013-09-06 17:50 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-09-06 17:50 . 2013-09-06 17:50 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-09-06 17:50 . 2013-09-06 17:50 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-09-06 17:50 . 2013-09-06 17:50 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-09-06 17:50 . 2013-09-06 17:50 235008 ----a-w- c:\windows\system32\url.dll
2013-09-06 17:50 . 2013-09-06 17:50 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-09-06 17:50 . 2013-09-06 17:50 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-09-06 17:50 . 2013-09-06 17:50 144896 ----a-w- c:\windows\system32\wextract.exe
2013-09-06 17:50 . 2013-09-06 17:50 102912 ----a-w- c:\windows\system32\inseng.dll
2013-09-06 17:50 . 2013-09-06 17:50 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-09-06 17:50 . 2013-09-06 17:50 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-09-06 17:50 . 2013-09-06 17:50 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-09-06 17:50 . 2013-09-06 17:50 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-09-06 17:50 . 2013-09-06 17:50 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-09-06 17:50 . 2013-09-06 17:50 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-09-06 17:50 . 2013-09-06 17:50 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-09-06 17:50 . 2013-09-06 17:50 149504 ----a-w- c:\windows\system32\occache.dll
2013-09-06 17:50 . 2013-09-06 17:50 13824 ----a-w- c:\windows\system32\mshta.exe
2013-09-06 17:50 . 2013-09-06 17:50 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-09-06 17:50 . 2013-09-06 17:50 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-09-06 17:50 . 2013-09-06 17:50 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-09-06 17:49 . 2013-09-06 17:49 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-06 17:49 . 2013-09-06 17:49 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-09-06 17:49 . 2013-09-06 17:49 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-09-06 17:49 . 2013-09-06 17:49 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-09-06 17:49 . 2013-09-06 17:49 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-09-06 17:49 . 2013-09-06 17:49 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-06 17:49 . 2013-09-06 17:49 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-09-06 17:49 . 2013-09-06 17:49 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-09-06 17:49 . 2013-09-06 17:49 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-09-06 17:49 . 2013-09-06 17:49 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-09-06 17:49 . 2013-09-06 17:49 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-09-06 17:49 . 2013-09-06 17:49 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-09-06 17:49 . 2013-09-06 17:49 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-09-06 17:49 . 2013-09-06 17:49 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-09-06 17:49 . 2013-09-06 17:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-09-06 17:49 . 2013-09-06 17:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-09-06 17:49 . 2013-09-06 17:49 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-09-06 17:49 . 2013-09-06 17:49 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-09-06 17:49 . 2013-09-06 17:49 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-09-06 17:49 . 2013-09-06 17:49 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-09-06 17:49 . 2013-09-06 17:49 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-09-06 17:49 . 2013-09-06 17:49 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-09-06 17:49 . 2013-09-06 17:49 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-09-06 17:49 . 2013-09-06 17:49 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-09-06 17:49 . 2013-09-06 17:49 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-09-06 17:49 . 2013-09-06 17:49 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-09-06 17:49 . 2013-09-06 17:49 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-09-06 17:49 . 2013-09-06 17:49 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-09-06 17:49 . 2013-09-06 17:49 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-09-06 17:49 . 2013-09-06 17:49 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-09-06 17:49 . 2013-09-06 17:49 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-09-06 17:49 . 2013-09-06 17:49 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-09-06 17:49 . 2013-09-06 17:49 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-09-06 17:49 . 2013-09-06 17:49 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-09-06 17:49 . 2013-09-06 17:49 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-09-06 17:49 . 2013-09-06 17:49 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-09-06 17:49 . 2013-09-06 17:49 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-09-06 17:49 . 2013-09-06 17:49 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-09-06 17:49 . 2013-09-06 17:49 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-09-06 17:49 . 2013-09-06 17:49 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-09-06 17:49 . 2013-09-06 17:49 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-09-06 17:49 . 2013-09-06 17:49 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-09-06 17:49 . 2013-09-06 17:49 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-09-06 17:49 . 2013-09-06 17:49 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AMPPALP;Protokol Intel® Centrino® Wireless Bluetooth® + High Speed;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
R4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S3 AMPPAL;Virtuální adaptér Intel® Centrino® Wireless Bluetooth® + High Speed;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rtsuvc;Lenovo EasyCamera;c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2013-10-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-06 17:14]
.
2013-10-30 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS.exe [2013-09-21 09:46]
.
2013-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3754952095-1263816399-3501759939-1000Core.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-04 16:34]
.
2013-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3754952095-1263816399-3501759939-1000UA.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-04 16:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
"RtsFT"="RTFTrack.exe" [2012-08-27 6334096]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88} - c:\program files (x86)\c:\program files (x86)\InstallShield Installation Information\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}\setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3754952095-1263816399-3501759939-1000\Software\SecuROM\License information*]
"datasecu"=hex:6e,80,a9,a1,51,90,22,8c,14,11,a1,92,7c,bb,9e,32,6f,39,49,11,ed,
c5,54,15,b8,cd,91,2e,71,c9,08,22,97,f1,5b,3c,73,d9,53,bf,fb,43,46,50,b3,02,\
"rkeysecu"=hex:5e,71,81,ec,8d,f2,16,1e,5b,97,3f,9f,24,9b,57,2e
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-10-30 19:33:17
ComboFix-quarantined-files.txt 2013-10-30 18:33
.
Před spuštěním: Volných bajtů: 846 421 848 064
Po spuštění: Volných bajtů: 846 272 679 936
.
- - End Of File - - D2EE34AE065A24BC5706E282FCD3AC22
5FB38429D5D77768867C76DCBDB35194

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

File::
c:\windows\AutoKMS.exe
c:\windows\Tasks\AutoKMS.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3754952095-1263816399-3501759939-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3754952095-1263816399-3501759939-1000UA.job

Regnull::
[HKEY_USERS\S-1-5-21-3754952095-1263816399-3501759939-1000\Software\SecuROM\License information*]

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[Noviik]

ComboFix 13-10-30.01 - Martin 30.10.2013 20:44:40.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3950.2477 [GMT 1:00]
Spuštěný z: c:\users\Martin\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Martin\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\AutoKMS.exe"
"c:\windows\Tasks\AutoKMS.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3754952095-1263816399-3501759939-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3754952095-1263816399-3501759939-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\AutoKMS.exe
c:\windows\Tasks\AutoKMS.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3754952095-1263816399-3501759939-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3754952095-1263816399-3501759939-1000UA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-09-28 do 2013-10-30 )))))))))))))))))))))))))))))))
.
.
2013-10-30 19:49 . 2013-10-30 19:51 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-10-29 17:09 . 2013-10-16 00:20 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF51ECDC-1A27-421C-8451-0517E4E70719}\mpengine.dll
2013-10-29 17:07 . 2013-10-29 17:07 -------- d-----w- c:\users\Martin\AppData\Local\NVIDIA
2013-10-28 14:58 . 2013-10-28 16:27 -------- d-----w- C:\FRST
2013-10-28 13:43 . 2013-10-28 13:43 -------- d-----w- c:\users\Martin\AppData\Roaming\Malwarebytes
2013-10-28 13:42 . 2013-10-28 13:42 -------- d-----w- c:\programdata\Malwarebytes
2013-10-28 13:42 . 2013-10-28 16:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-10-28 10:10 . 2013-10-28 17:03 -------- d-----w- c:\programdata\clp
2013-10-28 10:10 . 2013-10-28 10:11 -------- d-----w- c:\users\Martin\AppData\Roaming\Fighters
2013-10-28 10:10 . 2013-10-28 16:04 -------- d-----w- c:\program files (x86)\Common Files\Common Toolkit Suite
2013-10-28 10:10 . 2013-10-28 17:03 -------- d-----w- c:\program files (x86)\Fighters
2013-10-28 10:10 . 2013-10-28 10:10 -------- d-----w- c:\programdata\Common Toolkit Suite
2013-10-28 10:09 . 2013-10-28 10:10 -------- d-----w- c:\programdata\Fighters
2013-10-27 20:23 . 2013-10-27 20:38 -------- d-----w- C:\AdwCleaner
2013-10-27 18:11 . 2013-10-27 18:11 -------- d-----w- c:\program files\Enigma Software Group
2013-10-20 08:18 . 2013-10-20 08:18 -------- d-----w- c:\users\Martin\AppData\Roaming\Sony Corporation
2013-10-20 08:17 . 2013-10-20 08:17 -------- d-----w- c:\program files (x86)\Common Files\Sony Shared
2013-10-20 08:16 . 2013-10-20 08:16 -------- d-----w- c:\users\Martin\AppData\Local\Downloaded Installations
2013-10-19 15:25 . 2013-10-19 15:26 -------- d-----w- c:\program files (x86)\FarCry 3
2013-10-19 12:41 . 2013-10-19 15:28 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-10-19 12:41 . 2013-10-19 12:41 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-10-19 12:41 . 2013-10-19 15:28 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-10-19 12:41 . 2013-10-19 12:41 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-10-19 08:42 . 2013-10-19 08:42 -------- d-----w- c:\programdata\BlueStacks
2013-10-18 13:50 . 2013-10-18 13:50 -------- d-----w- c:\program files (x86)\AVAST Software
2013-10-10 17:50 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll
2013-10-10 17:48 . 2013-07-20 10:33 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 17:48 . 2013-07-20 10:33 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 17:48 . 2013-08-01 12:09 983488 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-10-06 08:28 . 2013-10-06 08:28 -------- d-----w- c:\programdata\McAfee
2013-10-06 08:27 . 2013-10-06 08:28 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-10-06 08:26 . 2013-10-06 08:29 -------- d-----w- c:\users\Martin\AppData\Local\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-10 20:01 . 2013-09-04 16:58 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-10-08 17:14 . 2013-09-06 23:14 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-08 17:14 . 2013-09-06 23:14 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-14 19:07 . 2013-09-14 18:59 794408 ----a-w- c:\windows\SysWow64\pbsvc.exe
2013-09-07 11:54 . 2013-09-07 11:54 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2013-09-07 11:08 . 2013-09-07 11:08 271424 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-09-06 17:50 . 2013-09-06 17:50 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-09-06 17:50 . 2013-09-06 17:50 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-09-06 17:50 . 2013-09-06 17:50 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-09-06 17:50 . 2013-09-06 17:50 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-09-06 17:50 . 2013-09-06 17:50 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-09-06 17:50 . 2013-09-06 17:50 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-09-06 17:50 . 2013-09-06 17:50 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-09-06 17:50 . 2013-09-06 17:50 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-09-06 17:50 . 2013-09-06 17:50 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-09-06 17:50 . 2013-09-06 17:50 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-09-06 17:50 . 2013-09-06 17:50 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-09-06 17:50 . 2013-09-06 17:50 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-09-06 17:50 . 2013-09-06 17:50 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-09-06 17:50 . 2013-09-06 17:50 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-09-06 17:50 . 2013-09-06 17:50 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-09-06 17:50 . 2013-09-06 17:50 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-09-06 17:50 . 2013-09-06 17:50 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-09-06 17:50 . 2013-09-06 17:50 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-09-06 17:50 . 2013-09-06 17:50 216064 ----a-w- c:\windows\system32\msls31.dll
2013-09-06 17:50 . 2013-09-06 17:50 197120 ----a-w- c:\windows\system32\msrating.dll
2013-09-06 17:50 . 2013-09-06 17:50 81408 ----a-w- c:\windows\system32\icardie.dll
2013-09-06 17:50 . 2013-09-06 17:50 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-09-06 17:50 . 2013-09-06 17:50 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-09-06 17:50 . 2013-09-06 17:50 441856 ----a-w- c:\windows\system32\html.iec
2013-09-06 17:50 . 2013-09-06 17:50 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-09-06 17:50 . 2013-09-06 17:50 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-09-06 17:50 . 2013-09-06 17:50 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-09-06 17:50 . 2013-09-06 17:50 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-09-06 17:50 . 2013-09-06 17:50 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-09-06 17:50 . 2013-09-06 17:50 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-09-06 17:50 . 2013-09-06 17:50 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-09-06 17:50 . 2013-09-06 17:50 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-09-06 17:50 . 2013-09-06 17:50 235008 ----a-w- c:\windows\system32\url.dll
2013-09-06 17:50 . 2013-09-06 17:50 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-09-06 17:50 . 2013-09-06 17:50 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-09-06 17:50 . 2013-09-06 17:50 144896 ----a-w- c:\windows\system32\wextract.exe
2013-09-06 17:50 . 2013-09-06 17:50 102912 ----a-w- c:\windows\system32\inseng.dll
2013-09-06 17:50 . 2013-09-06 17:50 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-09-06 17:50 . 2013-09-06 17:50 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-09-06 17:50 . 2013-09-06 17:50 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-09-06 17:50 . 2013-09-06 17:50 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-09-06 17:50 . 2013-09-06 17:50 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-09-06 17:50 . 2013-09-06 17:50 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-09-06 17:50 . 2013-09-06 17:50 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-09-06 17:50 . 2013-09-06 17:50 149504 ----a-w- c:\windows\system32\occache.dll
2013-09-06 17:50 . 2013-09-06 17:50 13824 ----a-w- c:\windows\system32\mshta.exe
2013-09-06 17:50 . 2013-09-06 17:50 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-09-06 17:50 . 2013-09-06 17:50 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-09-06 17:50 . 2013-09-06 17:50 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-09-06 17:49 . 2013-09-06 17:49 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-06 17:49 . 2013-09-06 17:49 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-09-06 17:49 . 2013-09-06 17:49 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-09-06 17:49 . 2013-09-06 17:49 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-09-06 17:49 . 2013-09-06 17:49 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-09-06 17:49 . 2013-09-06 17:49 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-06 17:49 . 2013-09-06 17:49 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-09-06 17:49 . 2013-09-06 17:49 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-09-06 17:49 . 2013-09-06 17:49 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-09-06 17:49 . 2013-09-06 17:49 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-09-06 17:49 . 2013-09-06 17:49 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-09-06 17:49 . 2013-09-06 17:49 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-09-06 17:49 . 2013-09-06 17:49 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-09-06 17:49 . 2013-09-06 17:49 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-09-06 17:49 . 2013-09-06 17:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-09-06 17:49 . 2013-09-06 17:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-09-06 17:49 . 2013-09-06 17:49 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-09-06 17:49 . 2013-09-06 17:49 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-09-06 17:49 . 2013-09-06 17:49 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-09-06 17:49 . 2013-09-06 17:49 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-09-06 17:49 . 2013-09-06 17:49 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-09-06 17:49 . 2013-09-06 17:49 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-09-06 17:49 . 2013-09-06 17:49 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-09-06 17:49 . 2013-09-06 17:49 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-09-06 17:49 . 2013-09-06 17:49 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-09-06 17:49 . 2013-09-06 17:49 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-09-06 17:49 . 2013-09-06 17:49 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-09-06 17:49 . 2013-09-06 17:49 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-09-06 17:49 . 2013-09-06 17:49 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-09-06 17:49 . 2013-09-06 17:49 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-09-06 17:49 . 2013-09-06 17:49 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-09-06 17:49 . 2013-09-06 17:49 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-09-06 17:49 . 2013-09-06 17:49 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-09-06 17:49 . 2013-09-06 17:49 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-09-06 17:49 . 2013-09-06 17:49 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-09-06 17:49 . 2013-09-06 17:49 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-09-06 17:49 . 2013-09-06 17:49 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-09-06 17:49 . 2013-09-06 17:49 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-09-06 17:49 . 2013-09-06 17:49 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-09-06 17:49 . 2013-09-06 17:49 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-09-06 17:49 . 2013-09-06 17:49 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-09-06 17:49 . 2013-09-06 17:49 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-09-06 17:49 . 2013-09-06 17:49 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-09-06 17:49 . 2013-09-06 17:49 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-09-06 17:49 . 2013-09-06 17:49 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AMPPALP;Protokol Intel® Centrino® Wireless Bluetooth® + High Speed;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
R4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S3 AMPPAL;Virtuální adaptér Intel® Centrino® Wireless Bluetooth® + High Speed;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rtsuvc;Lenovo EasyCamera;c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2013-10-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-06 17:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
"RtsFT"="RTFTrack.exe" [2012-08-27 6334096]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88} - c:\program files (x86)\c:\program files (x86)\InstallShield Installation Information\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}\setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Celkový čas: 2013-10-30 20:55:44 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-10-30 19:55
ComboFix2.txt 2013-10-30 18:33
.
Před spuštěním: Volných bajtů: 846 058 688 512
Po spuštění: Volných bajtů: 846 144 557 056
.
- - End Of File - - B9B5F552386D75914D32EA1D524FD783
5FB38429D5D77768867C76DCBDB35194