Internet je připojený k síti,ale prohlížeč nenačte stránky.

[Moody]

Dobrý den , před pár dny jsem spustil PC a vyskočil mi příkazový řádek , který spustil nějaký proces svchost.exe.
Zdálo se mi to divné , proto jsem našel v regeditu umístění tohoto souboru v PC. Nechal jsem ho prohledat Avastem , našel v něm jistý vir typu Win32:Rootkit-gen[Rtk] Soubor je uložen v Avastu v truhle , ale od té doby mi nejdou načíst stránky v prohlížeči, Skype a ICQ klient funguje, ale když vypnu AvastFirewall , prohlížeč načte stránku. Jinak pingnul jsem Seznam a vše je v pořádku - odesílá i přijímá pakety. Co byste mi prosím poradili? Právě teď to zde píšu s vypnutým AvastFirewallem , bojím se aby ten vir dál nepracoval.

Zde přikládám log z HijackThis 2.0.4:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:34:02, on 31.3.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.7930.16406)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Razer\Abyssus\razerhid.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Razer\Abyssus\razertra.exe
C:\Program Files (x86)\Razer\Abyssus\razerofa.exe
C:\Users\Petr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petr\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://seznam.cz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://google.cz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.cz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search13.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)
O2 - BHO: FBLayouts Plugin - {FF4E1D1D-705B-4379-AB33-22D98C1ABF55} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
O3 - Toolbar: HopSurf toolbar - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files (x86)\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Abyssus] C:\Program Files (x86)\Razer\Abyssus\razerhid.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files (x86)\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\iobit\advanced systemcare 3\spictrl.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\iobit\advanced systemcare 3\spictrl.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\iobit\advanced systemcare 3\spictrl.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\iobit\advanced systemcare 3\spictrl.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} (Active602XMLFiller Control) - https://www.mojedatovaschranka.cz/stati ... ?3,16,13,0
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{94B0A123-6D1F-49EA-8810-E21AA1CEE75C}: NameServer = 213.46.172.36,213.46.172.37
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9833 bytes


Děkuji za rady . Petr

[Moody]

Nikdo neví?

[Rudy]

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[Moody]

ComboFix 11-03-30.03 - Petr 31.03.2011 19:07:43.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.2046.887 [GMT 2:00]
Spuštěný z: c:\users\Petr\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\users\Petr\AppData\Roaming\chrtmp
c:\windows\usgwmt
c:\windows\usgwmt\BReWErS.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_IlvMoneyDRIVER53
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-28 do 2011-03-31 )))))))))))))))))))))))))))))))
.
.
2011-03-31 17:21 . 2011-03-31 17:21 -------- d-----w- c:\users\Klárka\AppData\Local\temp
2011-03-31 17:21 . 2011-03-31 17:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-31 17:21 . 2011-03-31 17:21 -------- d-----w- c:\users\Ája\AppData\Local\temp
2011-03-31 16:05 . 2011-02-23 14:50 18232 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-03-31 16:05 . 2011-02-23 14:50 32136 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-03-31 15:45 . 2011-03-31 15:45 -------- d-----w- c:\program files\trend micro
2011-03-31 15:45 . 2011-03-31 15:45 -------- d-----w- C:\rsit
2011-03-31 15:41 . 2011-03-31 15:41 -------- d-----w- c:\users\Petr\AppData\Roaming\Malwarebytes
2011-03-31 15:41 . 2011-03-31 15:41 -------- d-----w- c:\programdata\Malwarebytes
2011-03-31 15:41 . 2010-12-20 16:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-31 15:41 . 2011-03-31 15:41 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-03-31 15:41 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-30 19:18 . 2011-03-23 08:11 8424784 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0A71CA0D-BA07-451B-A6F5-7968A2E02FCC}\mpengine.dll
2011-03-30 13:10 . 2011-03-30 16:15 -------- d-----w- c:\windows\system32\Wat
2011-03-30 13:10 . 2011-03-30 16:15 -------- d-----w- c:\windows\SysWow64\Wat
2011-03-29 20:13 . 2011-03-30 16:15 -------- d-----w- c:\program files\Windows Live
2011-03-29 20:11 . 2011-03-29 20:17 -------- d-----w- c:\program files (x86)\Bing Bar Installer
2011-03-29 19:47 . 2011-03-30 16:15 -------- d-----w- c:\windows\system32\SPReview
2011-03-29 19:47 . 2011-03-29 19:47 -------- d-----w- c:\windows\system32\EventProviders
2011-03-29 13:46 . 2011-03-29 13:47 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2011-03-28 15:42 . 2011-02-23 13:57 280408 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-03-28 15:42 . 2011-02-23 13:54 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-28 15:42 . 2011-02-23 13:57 505176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-28 15:42 . 2011-02-23 13:55 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-03-28 15:42 . 2011-02-23 13:55 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-03-28 15:42 . 2011-02-23 13:55 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-03-28 15:41 . 2011-02-23 14:04 40648 ----a-w- c:\windows\avastSS.scr
2011-03-28 15:41 . 2011-02-23 14:04 190016 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-03-28 15:41 . 2011-03-28 15:41 -------- d-----w- c:\programdata\AVAST Software
2011-03-28 15:41 . 2011-03-28 15:41 -------- d-----w- c:\program files\AVAST Software
2011-03-27 20:19 . 2011-03-27 20:19 -------- d-----w- c:\users\Petr\AppData\Local\Opera
2011-03-27 20:10 . 2011-03-27 20:18 -------- d-----w- c:\program files (x86)\Opera
2011-03-27 18:50 . 2011-03-27 18:52 -------- d-----w- c:\program files (x86)\AutoTune Files
2011-03-27 18:50 . 2011-03-27 18:50 -------- d-----w- c:\program files (x86)\Nová složka
2011-03-19 23:12 . 2011-03-28 19:13 -------- d-----w- c:\program files (x86)\Zrychleni Pocitace
2011-03-18 20:57 . 2003-07-06 12:07 372736 ----a-w- c:\windows\SysWow64\_IJL11.DLL
2011-03-14 18:34 . 2011-03-14 18:34 -------- d-----w- c:\users\Petr\AppData\Roaming\Pamela
2011-03-14 18:34 . 2011-03-15 17:23 -------- d-----w- c:\users\Petr\AppData\Roaming\Pamela Call Recorder
2011-03-14 18:14 . 2011-03-14 18:14 -------- d-----w- c:\users\Klárka\AppData\Local\COMODO
2011-03-14 15:24 . 2011-03-14 15:24 -------- d-----w- c:\users\Petr\AppData\Roaming\Logitech
2011-03-11 18:43 . 2011-03-30 18:03 -------- d-----w- c:\users\Petr\AppData\Local\Browser Plugin
2011-03-11 11:29 . 2011-03-30 17:52 -------- d-----w- C:\Warcraft III
2011-03-05 18:09 . 2011-03-05 18:09 -------- d-----w- c:\users\Petr\AppData\Roaming\Samsung
2011-03-05 18:03 . 2011-03-05 18:09 -------- d-----w- c:\users\Petr\AppData\Roaming\Youtube Downloader HD
2011-03-04 21:38 . 2011-03-04 21:39 -------- d-----w- c:\windows\SysWow64\Samsung_USB_Drivers
2011-03-04 21:38 . 2009-03-31 08:39 24064 ----a-w- c:\windows\SysWow64\FsExService64.Exe
2011-03-04 21:38 . 2009-03-31 08:39 16392 ----a-w- c:\windows\SysWow64\drivers\TFsExDisk.Sys
2011-03-04 21:36 . 2011-03-04 21:36 -------- d-----w- c:\users\Klárka\AppData\Roaming\Samsung
2011-03-04 21:36 . 2011-03-04 21:36 -------- d-----w- c:\program files (x86)\MarkAny
2011-03-04 21:35 . 2011-03-04 21:35 -------- d-----w- c:\program files (x86)\PC Connectivity Solution
2011-03-04 21:35 . 2011-03-04 21:35 -------- d-----w- c:\program files (x86)\Samsung
2011-03-04 21:32 . 2011-03-04 21:32 -------- d-----w- c:\users\Klárka\AppData\Local\Downloaded Installations
2011-03-04 21:12 . 2011-03-04 21:23 -------- d-----w- c:\users\Klárka\AppData\Roaming\Youtube Downloader HD
2011-03-04 21:09 . 2011-03-04 21:10 -------- d-----w- c:\program files (x86)\Youtube Downloader HD
2011-03-04 16:50 . 2011-03-04 16:50 53248 ----a-r- c:\users\Klárka\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-03-04 16:50 . 2011-03-04 16:50 -------- d-----w- c:\users\Klárka\AppData\Roaming\Leadertech
2011-03-04 16:18 . 2011-03-31 17:24 -------- d-----w- c:\windows\SysWow64\logishrd
2011-03-04 16:18 . 2011-03-31 17:24 -------- d-----w- c:\windows\system32\logishrd
2011-03-04 16:18 . 2011-03-04 19:53 -------- d-----w- c:\program files\Common Files\Logishrd
2011-03-04 16:18 . 2011-03-04 16:18 -------- d-----w- c:\programdata\Logitech
2011-03-04 16:18 . 2011-03-04 16:18 -------- d-----w- c:\program files (x86)\Common Files\LWS
2011-03-04 16:17 . 2011-03-05 09:21 -------- d-----w- c:\program files (x86)\Logitech
2011-03-04 16:17 . 2011-03-04 19:53 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-26 19:29 . 2010-06-30 09:40 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-03-26 19:29 . 2010-06-30 09:41 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-03-15 17:08 . 2010-09-25 10:16 729088 ----a-w- c:\windows\iun6002.exe
2011-03-04 16:50 . 2011-03-04 16:50 53248 ----a-r- c:\users\Klárka\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-03-04 16:50 . 2011-03-04 16:50 53248 ----a-r- c:\users\Klárka\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-02-23 14:04 . 2011-01-05 16:26 238968 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-02 16:11 . 2010-06-30 08:08 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-01-29 15:23 . 2011-01-29 15:23 137344 ----a-w- c:\windows\SysWow64\drivers\hwpsgt.sys
2011-01-29 15:23 . 2011-01-29 15:23 9472 ----a-w- c:\windows\SysWow64\drivers\lemsgt.sys
2011-01-15 13:23 . 2011-01-15 13:23 84104 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-01-08 03:27 . 2011-02-28 17:32 67176 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-08 03:27 . 2011-02-28 17:32 6604904 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-08 03:27 . 2011-02-28 17:32 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-01-08 03:27 . 2011-02-28 17:32 4941928 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-01-08 03:27 . 2011-02-28 17:32 3112040 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-08 03:27 . 2011-02-28 17:32 2895976 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-01-08 03:27 . 2011-02-28 17:32 2479720 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-08 03:27 . 2011-02-28 17:32 2251368 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-01-08 03:27 . 2011-02-28 17:32 20471912 ----a-w- c:\windows\system32\nvoglv64.dll
2011-01-08 03:27 . 2011-02-28 17:32 1614440 ----a-w- c:\windows\system32\nvdispco642090.dll
2011-01-08 03:27 . 2011-02-28 17:32 15047272 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-01-08 03:27 . 2011-02-28 17:32 1359976 ----a-w- c:\windows\system32\nvgenco642040.dll
2011-01-08 03:27 . 2011-02-28 17:32 12961640 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-01-08 03:27 . 2011-02-28 17:32 12859496 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-01-08 03:27 . 2011-02-28 17:32 10078312 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-01-08 03:27 . 2011-02-28 17:32 1965672 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-01-08 03:27 . 2011-02-28 17:32 18580072 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-08 03:27 . 2011-02-28 17:32 13011560 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-01-08 03:27 . 2010-11-12 10:35 5653096 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-01-08 03:27 . 2010-06-29 19:57 2200680 ----a-w- c:\windows\system32\nvapi64.dll
2011-01-08 03:27 . 2009-07-13 21:59 7729256 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-01-07 19:50 . 2011-01-07 19:50 795752 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-01-07 19:50 . 2011-01-07 19:50 6143080 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-07 19:49 . 2011-01-07 19:49 3156072 ----a-w- c:\windows\system32\nvsvc64.dll
2011-01-07 19:49 . 2011-01-07 19:49 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-01-07 19:49 . 2011-01-07 19:49 2558568 ----a-w- c:\windows\system32\nvsvcr.dll
2011-01-07 19:49 . 2011-01-07 19:49 1005160 ----a-w- c:\windows\system32\nvvsvc.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartRAM"="c:\program files (x86)\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2010-07-21 198864]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Abyssus"="c:\program files (x86)\Razer\Abyssus\razerhid.exe" [2010-05-10 223744]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-08 136176]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2010-12-27 30528]
R3 MarkFun_NT;MarkFun_NT;c:\program files (x86)\GIGABYTE\ET5Pro\markfun.a64 [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 X6va003;X6va003;c:\users\Petr\AppData\Local\Temp\003C319.tmp [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/08/27 18:07];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-03-13 10:58 146928]
S2 602XML Updater;602Updater;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [2010-04-14 73728]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-03-28 2111368]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-12-14 2019648]
S3 Abyssus;Razer Abyssus;c:\windows\system32\drivers\Abyssus.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam C210(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-07 11856]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-02-15 c:\windows\Tasks\At1.job
- c:\windows\system32\Shutdown.exe [2009-07-13 01:14]
.
2011-03-31 c:\windows\Tasks\AWC Startup.job
- c:\program files (x86)\IObit\Advanced SystemCare 3\AWC.exe [2010-06-30 11:53]
.
2011-03-27 c:\windows\Tasks\AWC Update.job
- c:\program files (x86)\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-06-30 13:24]
.
2011-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-08 18:47]
.
2011-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-08 18:47]
.
2011-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3571306171-2943904893-4274187742-1000Core.job
- c:\users\Petr\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-29 19:00]
.
2011-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3571306171-2943904893-4274187742-1000UA.job
- c:\users\Petr\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-29 19:00]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF13370.cfxxe" [X]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://seznam.cz/
uDefault_Search_URL = hxxp://google.cz/
mStart Page = hxxp://seznam.cz/
mSearch Bar = hxxp://google.cz/
mLocal Page = hxxp://seznam.cz/
uSearchAssistant = hxxp://www.Google.com/
uCustomizeSearch = hxxp://www.Google.com/
LSP: c:\program files (x86)\IObit\Advanced SystemCare 3\SPICtrl.dll
TCP: {94B0A123-6D1F-49EA-8810-E21AA1CEE75C} = 213.46.172.36,213.46.172.37
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/static/pages/ ... ?3,16,13,0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\adobe\SHOCKW~1\UNWISE.EXE
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MarkFun_NT]
"ImagePath"="\??\c:\program files (x86)\GIGABYTE\ET5Pro\markfun.a64"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\Petr\AppData\Local\Temp\003C319.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
.
**************************************************************************
.
Celkový čas: 2011-03-31 19:39:56 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-31 17:39
.
Před spuštěním: Volných bajtů: 39 882 461 184
Po spuštění: Volných bajtů: 38 925 053 952
.
- - End Of File - - 7C69BAB876ADCFDCF3105B4A72A1BAC3

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\users\Petr\AppData\Local\Temp\003C319.tmp

Driver::
X6va003

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pustte. CF se spustí a vykoná příkazy ze skriptu.

[Moody]

Takže zde je LOG po použití scriptu CFScript


ComboFix 11-03-30.03 - Petr 31.03.2011 20:39:55.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.2046.1063 [GMT 2:00]
Spuštěný z: c:\users\Petr\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Petr\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_X6VA003
-------\Service_X6va003
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-28 do 2011-03-31 )))))))))))))))))))))))))))))))
.
.
2011-03-31 18:50 . 2011-03-31 18:50 -------- d-----w- c:\users\Klárka\AppData\Local\temp
2011-03-31 18:50 . 2011-03-31 18:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-31 16:05 . 2011-02-23 14:50 18232 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-03-31 16:05 . 2011-02-23 14:50 32136 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-03-31 15:45 . 2011-03-31 15:45 -------- d-----w- c:\program files\trend micro
2011-03-31 15:45 . 2011-03-31 15:45 -------- d-----w- C:\rsit
2011-03-31 15:41 . 2011-03-31 15:41 -------- d-----w- c:\users\Petr\AppData\Roaming\Malwarebytes
2011-03-31 15:41 . 2011-03-31 15:41 -------- d-----w- c:\programdata\Malwarebytes
2011-03-31 15:41 . 2010-12-20 16:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-31 15:41 . 2011-03-31 15:41 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-03-31 15:41 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-30 19:18 . 2011-03-23 08:11 8424784 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0A71CA0D-BA07-451B-A6F5-7968A2E02FCC}\mpengine.dll
2011-03-30 13:10 . 2011-03-30 16:15 -------- d-----w- c:\windows\system32\Wat
2011-03-30 13:10 . 2011-03-30 16:15 -------- d-----w- c:\windows\SysWow64\Wat
2011-03-29 20:13 . 2011-03-30 16:15 -------- d-----w- c:\program files\Windows Live
2011-03-29 20:11 . 2011-03-29 20:17 -------- d-----w- c:\program files (x86)\Bing Bar Installer
2011-03-29 19:47 . 2011-03-30 16:15 -------- d-----w- c:\windows\system32\SPReview
2011-03-29 19:47 . 2011-03-29 19:47 -------- d-----w- c:\windows\system32\EventProviders
2011-03-29 13:46 . 2011-03-29 13:47 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2011-03-28 15:42 . 2011-02-23 13:57 280408 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-03-28 15:42 . 2011-02-23 13:54 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-28 15:42 . 2011-02-23 13:57 505176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-28 15:42 . 2011-02-23 13:55 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-03-28 15:42 . 2011-02-23 13:55 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-03-28 15:42 . 2011-02-23 13:55 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-03-28 15:41 . 2011-02-23 14:04 40648 ----a-w- c:\windows\avastSS.scr
2011-03-28 15:41 . 2011-02-23 14:04 190016 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-03-28 15:41 . 2011-03-28 15:41 -------- d-----w- c:\programdata\AVAST Software
2011-03-28 15:41 . 2011-03-28 15:41 -------- d-----w- c:\program files\AVAST Software
2011-03-27 20:19 . 2011-03-27 20:19 -------- d-----w- c:\users\Petr\AppData\Local\Opera
2011-03-27 20:10 . 2011-03-27 20:18 -------- d-----w- c:\program files (x86)\Opera
2011-03-27 18:50 . 2011-03-27 18:52 -------- d-----w- c:\program files (x86)\AutoTune Files
2011-03-27 18:50 . 2011-03-27 18:50 -------- d-----w- c:\program files (x86)\Nová složka
2011-03-19 23:12 . 2011-03-28 19:13 -------- d-----w- c:\program files (x86)\Zrychleni Pocitace
2011-03-18 20:57 . 2003-07-06 12:07 372736 ----a-w- c:\windows\SysWow64\_IJL11.DLL
2011-03-14 18:34 . 2011-03-14 18:34 -------- d-----w- c:\users\Petr\AppData\Roaming\Pamela
2011-03-14 18:34 . 2011-03-15 17:23 -------- d-----w- c:\users\Petr\AppData\Roaming\Pamela Call Recorder
2011-03-14 18:14 . 2011-03-14 18:14 -------- d-----w- c:\users\Klárka\AppData\Local\COMODO
2011-03-14 15:24 . 2011-03-14 15:24 -------- d-----w- c:\users\Petr\AppData\Roaming\Logitech
2011-03-11 18:43 . 2011-03-30 18:03 -------- d-----w- c:\users\Petr\AppData\Local\Browser Plugin
2011-03-11 11:29 . 2011-03-30 17:52 -------- d-----w- C:\Warcraft III
2011-03-05 18:09 . 2011-03-05 18:09 -------- d-----w- c:\users\Petr\AppData\Roaming\Samsung
2011-03-05 18:03 . 2011-03-05 18:09 -------- d-----w- c:\users\Petr\AppData\Roaming\Youtube Downloader HD
2011-03-04 21:38 . 2011-03-04 21:39 -------- d-----w- c:\windows\SysWow64\Samsung_USB_Drivers
2011-03-04 21:38 . 2009-03-31 08:39 24064 ----a-w- c:\windows\SysWow64\FsExService64.Exe
2011-03-04 21:38 . 2009-03-31 08:39 16392 ----a-w- c:\windows\SysWow64\drivers\TFsExDisk.Sys
2011-03-04 21:36 . 2011-03-04 21:36 -------- d-----w- c:\users\Klárka\AppData\Roaming\Samsung
2011-03-04 21:36 . 2011-03-04 21:36 -------- d-----w- c:\program files (x86)\MarkAny
2011-03-04 21:35 . 2011-03-04 21:35 -------- d-----w- c:\program files (x86)\PC Connectivity Solution
2011-03-04 21:35 . 2011-03-04 21:35 -------- d-----w- c:\program files (x86)\Samsung
2011-03-04 21:32 . 2011-03-04 21:32 -------- d-----w- c:\users\Klárka\AppData\Local\Downloaded Installations
2011-03-04 21:12 . 2011-03-04 21:23 -------- d-----w- c:\users\Klárka\AppData\Roaming\Youtube Downloader HD
2011-03-04 21:09 . 2011-03-04 21:10 -------- d-----w- c:\program files (x86)\Youtube Downloader HD
2011-03-04 16:50 . 2011-03-04 16:50 53248 ----a-r- c:\users\Klárka\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-03-04 16:50 . 2011-03-04 16:50 -------- d-----w- c:\users\Klárka\AppData\Roaming\Leadertech
2011-03-04 16:18 . 2011-03-31 18:52 -------- d-----w- c:\windows\system32\logishrd
2011-03-04 16:18 . 2011-03-31 18:52 -------- d-----w- c:\windows\SysWow64\logishrd
2011-03-04 16:18 . 2011-03-04 19:53 -------- d-----w- c:\program files\Common Files\Logishrd
2011-03-04 16:18 . 2011-03-04 16:18 -------- d-----w- c:\programdata\Logitech
2011-03-04 16:18 . 2011-03-04 16:18 -------- d-----w- c:\program files (x86)\Common Files\LWS
2011-03-04 16:17 . 2011-03-05 09:21 -------- d-----w- c:\program files (x86)\Logitech
2011-03-04 16:17 . 2011-03-04 19:53 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-26 19:29 . 2010-06-30 09:40 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-03-26 19:29 . 2010-06-30 09:41 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-03-15 17:08 . 2010-09-25 10:16 729088 ----a-w- c:\windows\iun6002.exe
2011-03-04 16:50 . 2011-03-04 16:50 53248 ----a-r- c:\users\Klárka\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-03-04 16:50 . 2011-03-04 16:50 53248 ----a-r- c:\users\Klárka\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-02-23 14:04 . 2011-01-05 16:26 238968 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-02 16:11 . 2010-06-30 08:08 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-01-29 15:23 . 2011-01-29 15:23 137344 ----a-w- c:\windows\SysWow64\drivers\hwpsgt.sys
2011-01-29 15:23 . 2011-01-29 15:23 9472 ----a-w- c:\windows\SysWow64\drivers\lemsgt.sys
2011-01-15 13:23 . 2011-01-15 13:23 84104 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-01-08 03:27 . 2011-02-28 17:32 67176 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-08 03:27 . 2011-02-28 17:32 6604904 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-08 03:27 . 2011-02-28 17:32 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-01-08 03:27 . 2011-02-28 17:32 4941928 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-01-08 03:27 . 2011-02-28 17:32 3112040 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-08 03:27 . 2011-02-28 17:32 2895976 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-01-08 03:27 . 2011-02-28 17:32 2479720 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-08 03:27 . 2011-02-28 17:32 2251368 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-01-08 03:27 . 2011-02-28 17:32 20471912 ----a-w- c:\windows\system32\nvoglv64.dll
2011-01-08 03:27 . 2011-02-28 17:32 1614440 ----a-w- c:\windows\system32\nvdispco642090.dll
2011-01-08 03:27 . 2011-02-28 17:32 15047272 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-01-08 03:27 . 2011-02-28 17:32 1359976 ----a-w- c:\windows\system32\nvgenco642040.dll
2011-01-08 03:27 . 2011-02-28 17:32 12961640 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-01-08 03:27 . 2011-02-28 17:32 12859496 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-01-08 03:27 . 2011-02-28 17:32 10078312 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-01-08 03:27 . 2011-02-28 17:32 1965672 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-01-08 03:27 . 2011-02-28 17:32 18580072 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-08 03:27 . 2011-02-28 17:32 13011560 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-01-08 03:27 . 2010-11-12 10:35 5653096 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-01-08 03:27 . 2010-06-29 19:57 2200680 ----a-w- c:\windows\system32\nvapi64.dll
2011-01-08 03:27 . 2009-07-13 21:59 7729256 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-01-07 19:50 . 2011-01-07 19:50 795752 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-01-07 19:50 . 2011-01-07 19:50 6143080 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-07 19:49 . 2011-01-07 19:49 3156072 ----a-w- c:\windows\system32\nvsvc64.dll
2011-01-07 19:49 . 2011-01-07 19:49 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-01-07 19:49 . 2011-01-07 19:49 2558568 ----a-w- c:\windows\system32\nvsvcr.dll
2011-01-07 19:49 . 2011-01-07 19:49 1005160 ----a-w- c:\windows\system32\nvvsvc.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-31_17.25.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-03-31 17:24 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-03-31 18:52 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-03-31 18:52 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-03-31 17:24 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-03-31 17:24 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-03-31 18:52 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2011-03-31 17:26 47300 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-06-29 18:36 . 2011-03-31 17:26 23024 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3571306171-2943904893-4274187742-1000_UserData.bin
- 2011-03-31 17:23 . 2011-03-31 17:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-03-31 18:52 . 2011-03-31 18:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-03-31 17:23 . 2011-03-31 17:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-03-31 18:52 . 2011-03-31 18:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2011-03-31 18:51 495100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-03-31 17:22 495100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-10-10 19:10 . 2011-03-31 18:51 3577508 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3571306171-2943904893-4274187742-1000-8192.dat
- 2010-10-10 19:10 . 2011-03-31 17:22 3577508 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3571306171-2943904893-4274187742-1000-8192.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartRAM"="c:\program files (x86)\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2010-07-21 198864]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Abyssus"="c:\program files (x86)\Razer\Abyssus\razerhid.exe" [2010-05-10 223744]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-08 136176]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2010-12-27 30528]
R3 MarkFun_NT;MarkFun_NT;c:\program files (x86)\GIGABYTE\ET5Pro\markfun.a64 [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/08/27 18:07];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-03-13 10:58 146928]
S2 602XML Updater;602Updater;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [2010-04-14 73728]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-03-28 2111368]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-12-14 2019648]
S3 Abyssus;Razer Abyssus;c:\windows\system32\drivers\Abyssus.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam C210(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-07 11856]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-02-15 c:\windows\Tasks\At1.job
- c:\windows\system32\Shutdown.exe [2009-07-13 01:14]
.
2011-03-31 c:\windows\Tasks\AWC Startup.job
- c:\program files (x86)\IObit\Advanced SystemCare 3\AWC.exe [2010-06-30 11:53]
.
2011-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-08 18:47]
.
2011-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-08 18:47]
.
2011-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3571306171-2943904893-4274187742-1000Core.job
- c:\users\Petr\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-29 19:00]
.
2011-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3571306171-2943904893-4274187742-1000UA.job
- c:\users\Petr\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-29 19:00]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF31579.cfxxe" [X]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://seznam.cz/
uDefault_Search_URL = hxxp://google.cz/
mStart Page = hxxp://seznam.cz/
mSearch Bar = hxxp://google.cz/
mLocal Page = hxxp://seznam.cz/
uSearchAssistant = hxxp://www.Google.com/
uCustomizeSearch = hxxp://www.Google.com/
LSP: c:\program files (x86)\IObit\Advanced SystemCare 3\SPICtrl.dll
TCP: {94B0A123-6D1F-49EA-8810-E21AA1CEE75C} = 213.46.172.36,213.46.172.37
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/static/pages/ ... ?3,16,13,0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MarkFun_NT]
"ImagePath"="\??\c:\program files (x86)\GIGABYTE\ET5Pro\markfun.a64"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
.
**************************************************************************
.
Celkový čas: 2011-03-31 20:58:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-31 18:58
ComboFix2.txt 2011-03-31 17:40
.
Před spuštěním: Volných bajtů: 38 933 118 976
Po spuštění: Volných bajtů: 38 678 921 216
.
- - End Of File - - 819235FD3148952AB3BBAB597FBFB6E1

[Moody]

Jinak problém pořád přetrvává...

[Rudy]

Zkuste startmenu>přík. řádek (napsat) netsh int ip reset>OK. Pak restartujte PC a zkuste načítání.

[Moody]

Vyzkoušel jsem , ale problém stále přetrvává. Musím vždy vypnout AvastFirewall abych mohl načíst web v prohlížeči. Doopravdy už nevím čím to může být..

[Rudy]

Pak je firewall chybně nastaven.

[Moody]

prosím , mohl byste mi poradit , jak bych ho měl správně nastavit? WIN7 Firewall + Avast rezidentní štít je vypnut aby fungoval načítání stránek v prohlížeči.

[Rudy]

Tady: http://forum.zive.cz/viewtopic.php?f=1864&t=1090863 je o tom diskuze. Výhodnější je mít personální firewall, který se dá nastavit mnohem podrobněji.,