Policie ČR Vás sleduje - jak se toho zbavit?

[bojimso]

Ahoj, dnes mi při surfování vyběhlo přesně toto

http://www.viry.cz/policie-cr-vas-sleduje/

samozřejmě mi došlo, že to je nějaký fake, ale teď se bojím, že mi to bude vyskakovat znovu a znovu až dojde k celkovému zablokování PC. Avast našel nějaký trojský kůn, ale obávám se, že to nebude vše, proto prosím o kontrolu LOGu.

Logfile of random's system information tool 1.08 (written by random/random)
Run by David at 2013-04-02 00:37:44
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 59 GB (10%) free of 610 GB
Total RAM: 4094 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:38:02, on 2.4.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe
C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files\trend micro\David.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=110231 ... f049e2a6ce
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: Shell=C:\PROGRA~3\3iwbh.bat
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [OscarEditor] "C:\Program Files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe" Minimum
O4 - HKCU\..\Run: [Dyyno Launcher] "C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe" 30100 30101 30102 30103 30104
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Mobile Partner] C:\Program Files (x86)\HiSuite\HiSuite.exe -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\PROGRA~3\rundll32.exe C:\PROGRA~3\hbwi3.dat,FG00
O4 - Startup: msconfig.lnk = C:\Windows\System32\rundll32.exe
O4 - Global Startup: LOLRecorder.lnk = C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Dyyno Service (Dyyno Launcher) - Unknown owner - C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HiSuiteOuc64.exe - Unknown owner - C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HuaweiHiSuiteService64.exe - Unknown owner - C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
O23 - Service: JMB36X - Unknown owner - C:\Windows\SysWOW64\XSrvSetup.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O&O Defrag (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe
O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10856 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe"
"C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe"
"C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE"
"C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe" -/service
"C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe"
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
"C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe" -/service
C:\Windows\SysWOW64\XSrvSetup.exe
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files\OO Software\Defrag\oodag.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe"
"C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe"
"C:\Program Files\OO Software\Defrag\oodtray.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe" Minimum
"C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe" 30100 30101 30102 30103 30104
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
"C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 3204
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-7afdb5de-34d4-4a69-bb30-efd25fed5367 -SystemEventPortName:HostProcess-52f2d3dc-734e-4538-a9ea-1481676f1ea1 -IoCancelEventPortName:HostProcess-d45513fa-01e9-41a0-8d94-dda69867bdcb -NonStateChangingEventPortName:HostProcess-0b14a036-7d39-4669-a85a-94379a0fa306 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:a1e326e7-1211-45eb-857a-1c57090a2d44
"taskhost.exe"
"C:\Program Files\Opera x64\opera.exe"
"C:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper.exe" -newprocess "7824 2 0 1 4" -logfolder "C:\Users\David\AppData\Local\Opera\Opera x64\logs"
"C:\Users\David\Desktop\RSITx64.exe"
taskeng.exe {E4912226-16E5-46AC-95D5-BED60366567B}
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ua /installsource scheduler

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2777513043-250176279-151607989-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2777513043-250176279-151607989-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-03-07 1497560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
SteadyVideoBHO Class - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-13 81024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-01-31 6304888]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 66280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
SteadyVideoBHO Class - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-13 69760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-03-07 1224568]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-01-31 4528760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-03-07 1497560]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-03-07 1224568]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HP LaserJet M1522 MFP Series Fax"=C:\Program Files (x86)\HP\hp LaserJet M1522\hppfaxprintersrv.exe [2009-09-22 3700736]
"OODefragTray"=C:\Program Files\OO Software\Defrag\oodtray.exe [2012-11-30 4000112]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2012-06-11 12503184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OscarEditor"=C:\Program Files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe [2009-12-22 2647040]
"Dyyno Launcher"=C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe [2012-03-03 2146304]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Google Update"=C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-18 116648]
"Mobile Partner"=C:\Program Files (x86)\HiSuite\HiSuite.exe [2013-03-12 555840]
"ctfmon.exe"=C:\PROGRA~3\rundll32.exe [2013-04-02 44544]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2007-03-20 36864]
"NUSB3MON"=C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2009-11-20 106496]
"ToolBoxFX"=C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe [2010-03-03 53248]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-03-07 4767304]
"BCU"=C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [2009-08-04 346320]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-12-19 642808]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
LOLRecorder.lnk - C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
WDDMStatus.lnk - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
msconfig.lnk - C:\Windows\System32\rundll32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2011-08-24 249344]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\FlashGet\FlashGet3.exe"="C:\Program Files\FlashGet\FlashGet3.exe:*:Enabled:Flashget3"
"C:\Users\David\Desktop\Flash-Player.exe"="C:\Users\David\Desktop\Flash-Player.exe:*:Enabled:C:\Users\David\Desktop\Flash-Player.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2013-04-02 00:27:28 ----A---- C:\ProgramData\3iwbh.bat
2013-04-02 00:27:13 ----A---- C:\ProgramData\rundll32.exe
2013-03-20 14:55:46 ----A---- C:\Windows\system32\drivers\aswVmm.sys
2013-03-20 14:55:45 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2013-03-15 23:55:50 ----D---- C:\ProgramData\HiSuiteOuc
2013-03-15 23:55:50 ----D---- C:\ProgramData\HandSetService

======List of files/folders modified in the last 1 months======

2013-04-02 00:38:03 ----D---- C:\Windows\Prefetch
2013-04-02 00:37:55 ----D---- C:\Program Files\trend micro
2013-04-02 00:29:04 ----D---- C:\Windows\temp
2013-04-02 00:28:51 ----D---- C:\ProgramData
2013-04-01 23:02:34 ----D---- C:\Users\David\AppData\Roaming\TS3Client
2013-04-01 11:01:25 ----D---- C:\Windows\system32\config
2013-04-01 10:50:06 ----SHD---- C:\System Volume Information
2013-04-01 03:22:45 ----D---- C:\Users\David\AppData\Roaming\foobar2000
2013-04-01 00:05:49 ----D---- C:\Users\David\AppData\Roaming\Skype
2013-03-30 13:11:33 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-03-29 00:31:07 ----D---- C:\Windows\system32\NDF
2013-03-26 01:42:48 ----SHD---- C:\Windows\Installer
2013-03-26 01:42:47 ----HD---- C:\Config.Msi
2013-03-26 01:42:18 ----D---- C:\Program Files (x86)\Google
2013-03-25 15:57:32 ----D---- C:\Games
2013-03-24 18:14:46 ----D---- C:\Windows\System32
2013-03-24 18:14:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-03-24 18:14:45 ----D---- C:\Windows\inf
2013-03-22 19:33:41 ----D---- C:\Program Files\TeamSpeak 3 Client
2013-03-22 02:46:04 ----D---- C:\Windows\system32\DriverStore
2013-03-22 02:46:04 ----D---- C:\Windows\system32\drivers
2013-03-22 02:46:04 ----D---- C:\Windows\system32\catroot
2013-03-22 01:11:57 ----D---- C:\Program Files (x86)\HiSuite
2013-03-20 14:56:57 ----D---- C:\Windows\system32\Tasks
2013-03-20 14:55:30 ----D---- C:\Windows
2013-03-14 15:51:51 ----D---- C:\ProgramData\Skype
2013-03-14 15:51:44 ----RD---- C:\Program Files (x86)\Skype
2013-03-14 15:51:44 ----D---- C:\Program Files (x86)\Common Files
2013-03-13 18:41:16 ----D---- C:\Windows\SysWOW64
2013-03-13 18:41:14 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-03-12 22:23:06 ----D---- C:\Users\David\AppData\Roaming\BSplayer
2013-03-08 02:16:43 ----D---- C:\Users\David\AppData\Roaming\DAEMON Tools Lite
2013-03-07 01:32:22 ----A---- C:\Windows\system32\aswBoot.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2013-03-07 65336]
R0 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys [2009-10-29 115824]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-07-28 503352]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2013-03-07 70992]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2013-03-07 1025808]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2013-03-07 377920]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2013-03-07 68920]
R2 AODDriver4.01;AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2013-03-07 33400]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-03-07 80816]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2011-10-28 314016]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2011-10-28 43680]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2010-01-27 47632]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-12-19 11278336]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-12-19 552960]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
R3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2013-03-30 25640]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-06-19 4065296]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
R3 WinUSB;Android USB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys [2010-11-20 41984]
S2 AODDriver4.2;AODDriver4.2; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 tandpl;tandpl; C:\Windows\System32\drivers\tandpl.sys []
S3 aq2kqydz;aq2kqydz; C:\Windows\system32\drivers\aq2kqydz.sys []
S3 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2013-03-07 178624]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 HPFXBULK;HPFXBULK; C:\Windows\system32\drivers\hpfx64bulk.sys [2007-07-16 20504]
S3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2009-12-02 213280]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 19968]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464]
S3 WinRing0_1_2_0;WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-12-19 240640]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-03-07 45248]
R2 BCUService;Browser Configuration Utility Service; C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
R2 Dyyno Launcher;Dyyno Service; C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [2012-03-03 409600]
R2 ES lite Service;ES lite Service for program management.; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
R2 HiSuiteOuc64.exe;HiSuiteOuc64.exe; C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe [2013-03-12 137024]
R2 HP LaserJet Service;HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2010-03-03 136192]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 HuaweiHiSuiteService64.exe;HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe [2012-11-21 201608]
R2 JMB36X;JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [2009-08-06 65536]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2009-10-16 73728]
R2 OODefragAgent;O&O Defrag; C:\Program Files\OO Software\Defrag\oodag.exe [2012-11-30 3293552]
R2 Skype C2C Service;Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-01-31 3289208]
R2 WDDMService;WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-09-08 288256]
R2 WDFME;WD File Management Engine; C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe [2010-09-08 1034752]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-19 136176]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
S2 WDSC;WD File Management Shadow Engine; C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe [2010-09-08 485376]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-13 253656]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-19 136176]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2010-09-10 411432]
S4 NetMsmqActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[vyosek]

Zdravim

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane

  Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill iExplore.exe:
  http://download.bleepingcomputer.com/gr ... xplore.exe
  
  Rkill uSeRiNiT.exe:
  http://download.bleepingcomputer.com/gr ... eRiNiT.exe
  
  Rkill WiNlOgOn.exe:
  http://download.bleepingcomputer.com/gr ... NlOgOn.exe

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• Na plose vznikne log Rkill.txt ten mi sem vlozte
• Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[bojimso]

Hotovo, tady jsou výsledky.

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/02/2013 12:54:24 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\SysWOW64\XSrvSetup.exe (PID: 2340) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

ÿþ1 2 7 . 0 . 0 . 1 l o c a l h o s t

: : 1 l o c a l h o s t



Program finished at: 04/02/2013 12:54:40 AM
Execution time: 0 hours(s), 0 minute(s), and 15 seconds(s)



ComboFix 13-04-01.01 - David 02.04.2013 1:03.6.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4094.2663 [GMT 2:00]
Spuštěný z: c:\users\David\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\3iwbh.bat
c:\programdata\3iwbh.pad
c:\programdata\hbwi3.dat
c:\programdata\rundll32.exe
c:\users\David\4317793.dll
c:\users\David\AppData\Roaming\Dyyno
c:\users\David\AppData\Roaming\Dyyno\dgcsrv.xml
c:\users\David\AppData\Roaming\Dyyno\dyyno.xml
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-03-01 do 2013-04-01 )))))))))))))))))))))))))))))))
.
.
2013-04-01 23:09 . 2013-04-01 23:09 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-04-01 23:09 . 2013-04-01 23:09 -------- d-----w- c:\users\Mamka\AppData\Local\temp
2013-04-01 23:09 . 2013-04-01 23:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-01 23:09 . 2013-04-01 23:09 -------- d-----w- c:\users\AppData\AppData\Local\temp
2013-04-01 23:09 . 2013-04-01 23:09 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-04-01 22:27 . 2013-04-01 22:27 151 ----a-w- c:\programdata\3iwbh.reg
2013-03-28 15:57 . 2013-03-28 15:57 74136 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2013-03-28 15:57 . 2013-03-28 15:57 2954136 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2013-03-28 15:57 . 2013-03-28 15:57 193584 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2013-03-28 15:57 . 2013-03-28 15:57 131480 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2013-03-28 15:57 . 2013-03-28 15:57 115608 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2013-03-28 15:56 . 2013-03-28 15:56 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2013-03-28 15:56 . 2013-03-28 15:56 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2013-03-28 15:56 . 2013-03-28 15:56 96664 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2013-03-28 15:56 . 2013-03-28 15:56 170232 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2013-03-20 12:55 . 2013-03-06 23:33 178624 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-20 12:55 . 2013-03-06 23:33 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-15 21:55 . 2013-03-15 21:55 -------- d-----w- c:\programdata\HandSetService
2013-03-15 21:55 . 2013-03-15 21:55 -------- d-----w- c:\programdata\HiSuiteOuc
2013-03-14 13:51 . 2013-03-14 13:51 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-03-04 03:43 . 2013-03-04 03:43 -------- d-----w- c:\users\David\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-01 23:12 . 2010-10-04 12:51 25640 ----a-w- c:\windows\gdrv.sys
2013-03-13 16:41 . 2012-11-03 17:52 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 16:41 . 2011-05-23 12:17 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-06 23:33 . 2012-03-23 19:37 70992 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-03-06 23:33 . 2011-08-23 17:20 377920 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2011-08-23 17:20 68920 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2011-08-23 17:20 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2011-08-23 17:20 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:33 . 2011-08-23 17:20 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 23:32 . 2011-08-23 17:20 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 23:32 . 2011-08-23 17:20 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-02-13 00:26 . 2013-02-13 00:26 42880 ----a-w- c:\windows\SysWow64\xfcodec.dll
2013-02-13 00:26 . 2013-02-13 00:26 28544 ----a-w- c:\windows\system32\xfcodec64.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OscarEditor"="c:\program files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe" [2009-12-22 2647040]
"Dyyno Launcher"="c:\program files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe" [2012-03-03 2146304]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Mobile Partner"="c:\program files (x86)\HiSuite\HiSuite.exe" [2013-03-12 555840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"ToolBoxFX"="c:\program files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2010-03-03 53248]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
.
c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
msconfig.lnk - c:\windows\System32\rundll32.exe [2009-7-14 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe [2013-2-14 523264]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-9-8 6163456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="c:\progra~3\3iwbh.bat"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 aswVmm;aswVmm; [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]
S0 aswRvrt;aswRvrt; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-07-28 503352]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
S2 Dyyno Launcher;Dyyno Service;c:\program files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [2012-03-03 409600]
S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
S2 HiSuiteOuc64.exe;HiSuiteOuc64.exe;c:\programdata\HiSuiteOuc\HiSuiteOuc64.exe [2013-03-12 137024]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2010-03-03 136192]
S2 HuaweiHiSuiteService64.exe;HuaweiHiSuiteService64.exe;c:\programdata\HandSetService\HuaweiHiSuiteService64.exe [2012-11-21 201608]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2009-08-06 65536]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2012-11-30 3293552]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-01-31 3289208]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-09-08 288256]
S2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe [2010-09-08 1034752]
S2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe [2010-09-08 485376]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-10-16 10:49 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-04-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-03 16:41]
.
2013-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-19 19:35]
.
2013-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-19 19:35]
.
2013-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2777513043-250176279-151607989-1000Core.job
- c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-18 03:01]
.
2013-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2777513043-250176279-151607989-1000UA.job
- c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-18 03:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP LaserJet M1522 MFP Series Fax"="c:\program files (x86)\HP\hp LaserJet M1522\hppfaxprintersrv.exe" [2009-09-22 3700736]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2012-11-30 4000112]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?affID=110231&tt=5112_5&babsrc=HP_ss&mntrId=ecdfde350000000000006cf049e2a6ce
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: ????3?? - c:\users\David\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\users\David\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
TCP: DhcpNameServer = 185.7.44.10 185.7.44.86
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\tr3jll00.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=110231&tt=5112_5&babsrc=HP_ss&mntrId=ecdfde350000000000006cf049e2a6ce
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2777513043-250176279-151607989-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@Allowed: (Read) (RestrictedCode)
@="c:\\Users\\David\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-2777513043-250176279-151607989-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@Allowed: (Read) (RestrictedCode)
@="c:\\Users\\David\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
[HKEY_USERS\S-1-5-21-2777513043-250176279-151607989-1000\Software\SecuROM\License information*]
"datasecu"=hex:53,4f,95,94,da,d1,87,9a,37,c7,ef,d3,ca,55,2c,01,a5,70,82,95,68,
57,32,67,7c,b8,f0,bb,54,12,14,00,ab,ba,3c,b3,f6,5a,ed,c7,cd,e6,fe,ac,de,13,\
"rkeysecu"=hex:2b,6c,8d,6d,33,20,4e,d1,55,0e,c7,dc,12,84,9e,ef
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="8A8905EF0B1D1B8A20A997AE788D5599B9102B7AE6A4F10386AB02ED5E2EE202B8B408721143BBAA8919A2D7103A73CAFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808C038D530D6EB3452FEBC9E127BECC74CA6171C11EC38DE3D66A3B9B7CB383BC663A1F72036CBC13DD3DB7D4A687589847A8DA700E0A11C7AA1A3C58050717AFE24A66A994CAAC6D1C8310152CD33CB05E873C1260325D408E9CC6ACC72E6CD2C02704B17645EB752569DA15A2BACF19B61E3C8E8AC7D49A6A9FAB11CCB68DF664BAB33728DD8DF84D13FA4B4A31401D25E8DCB3437415C4DA21017968B8B122FA609AB2BEB523C0F65B8C2D8F1E1341C2FA4521A0FC6275667700F05F1AB79E58CBEB5E3B544FEFC8DB0A564DFD1F94BF460534FB5AB727D6083FE545763DD534908C2E336EB0D3E1D526F16CE61F398A7FCBDAC404F40654836BF982593BB20FD21B995CC4C7F263A4BB35233547922923AEFAED7D54392B0FA21075A63445C9ECA7508ECAA246B5E4F7A9F9533956554DAC277BA2763EEFBC3E378883A5BF8744CC66E9E92FD295715BF2C904606C8DDA77BC9B9F0BBC6E18C3F6BD5C7994D1D6E6F1FFB51C0DFC556F247D620BC14F86B5910B8A01BCC6FCEDA827C794B93887F261734F8D573A1D1F7E32B9162743EF58CD7B36D0796838C5882CC87F1E87BD017F18CDEDCA9B24B281AE5B14FF89C9A3ACF364D349CD0CAC6D525E9C0518EB76075D920A52F9709CEA573DC9297D732FB4F617C91BCE191AD0B7F5E2234AE8E15068896B5124154AC67D332EFA686185ECC6B7CBB3810ED0652646431599D323DB017E84747F7FC73639C14DCE492AAE1671C1108B50C70BE03F1433EEFEE0552A29AF8C7265255CDBF742A83F13BCD7C5ED2C17C3CD82DB9975B034E0B8C6B44B038F4D7E840B457CA18DE43D1146B17187F5AD53ACFBDCCAB66711A2131D07650AC48CE2E03F51EF1D8E1AE6C02EB8D9C27EC83021BBDC1836D9E0E0C70A23F1DC625B3FB30F5A8CA1AA60B0EC1C1321964CBA8C7BBCE5704DEDFC989ACD06955E903C6B8B1196E0C53E3D3E8E15FC9DD638F9CA40595BE363C50A33E20D2345B8D1C772FC4C459931395B71143BB8D606594EB181F3A9EC91CC9232ED62153B7BB6D6C0F7BE4CBDF777919FC9E532AB9C07AD4828568118FA9F00445313A6D95153A7E6C3CE61994B5148F8A7E2641265D27CBA707D3A27DA2A8B8D1E51F1EC14D083B3D40BE89F9152B627941376607B940F733492D58ADD91A64067BD5F230292065DD1662D87CF34B94EE998D23E065B335314231A4DDB3B35F76CFE7EFF70792F08D9D4C362BC042D4730E37F5DD083112143E9974EF2C26362093E28B54553009700E7BC63A01248BF1F9404EC8D82C5230"
"OODEFRAG15.00.00.01PROFESSIONAL"="DF89337811CF76A9EF2E68B686FDDE3B6DEBB3CEB01778B54E73D2A66A674C2AD1AB2A5059E7B3C9ABAA5EA22616C5A3447989A045A44CB387AA03B1C7F2D2C9C03AA72D49623EB18BC648B05EE87AB953951246220230815FE01661476E9519F186DAA443B9447476F1FE7B81FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808C038D530D6EB3452FEBC9E127BECC74CA6171C11EC38DE3D91BE03488C5B60798528C8F198B0AFE25D82B54B7701836F91053F19E4E04767241C528983801E3B2D3F47D55150FC3BB75B200D6AB4905D6ED21DD81FC47711988014E2579FC9ABE4D72DBF484FF159088D58ECF7B756A526D0256493204F141418DFB20F3D7043DF7905AC225923252D177BAB81038C446618ACDB80D5491DB1B4609868457101C44E6EDFB703F38EFD9C40CB9E723E394FE51EA35AAA37DBFDCCD27B53048365AE259DDE17449F08BEE56D9399474A07F51CF3E4C747BB867BF98A04F42EAD76AB71D87482F732092EDE5F0F6FA4E235E23DC28AA53ACED3207AEB9EA4594DBD41CAFB2FEEDE900B7B17888D54130ED115732E4504743C81D6AFF3FB70001449E36A755F851A6D8C4BC26AA02E0128E97B0CEE09A3CBA351FC20AE939600052B0030C91C2533D312B3B91EA118BBDE12FB78530EFD787885E4F43F1C0F9BFAF7F39F8F41DD93A19FC3F7D02A5F7A36E1EF4BBC513E1903E7D37C5B947F7AA04A925D7169758C09C2789DC11A0853047424409F91C3AE604584A94E3D45A5783E24372F7A66CF0E8748EE4614C7C472EA59B286D2A21EFC6E2410759A710C5677E29A1D175D768C8199524500092E82E745A28C5E22B220B7D56BC3764781E31A7D99A0ACBBFA324848553C08E9D384138F3765C0BD17DF7A2F99BF5F41B91C5096EC366718BCFEF5A6263B1CBE5EA0985638D4C824DDA792B91B82240A50D1C8476E6DB9B9FE4928769A65EE0CD850272A12B48B3AFDB7DFF497BB5B0345A8B3981D69D9A1E93C03EF29F4F70E36E4731156F0DF174EA4C851582C5DC0F799470B1CE0437E08542CC06EB4F2B249FD3503B98DE3850ED43535CA2BC70CB172BC90329EB1B6C8E4CE06AA85DD9B4C9427ED159DF606DC85127A80A27B609BD2D2104A032964001198D7C05B7C1F587388B165CABC4CC2C44F70B0911E6FC2AEC9E4F202EFD365D33E3A393FD54A70389E244B539D3E277762D73489991D9B5068DE5F208D87937CF42CBF4D35D877D6308D0C08C5F8D755C2E7893019027C5477BF677BD3358BAB779BA43429BFB794092C10CDA54B85E96E4952410E6B9EABC640044252462E56846EDAB985A25B0DF830E59D70B94795659A540AAF57A09A24885537E0D645C6DE7A7B36E05EF4AFD33E3C059F7A950B2C6DFA6D"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\users\David\AppData\Local\HiSuite\userdata\hwtools\hwtransport.exe
.
**************************************************************************
.
Celkový čas: 2013-04-02 01:19:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-04-01 23:19
ComboFix2.txt 2012-01-13 23:21
ComboFix3.txt 2012-01-13 19:41
ComboFix4.txt 2012-01-13 18:30
.
Před spuštěním: Volných bajtů: 89 026 162 688
Po spuštění: Volných bajtů: 89 382 330 368
.
- - End Of File - - 148807AC0FEFA9812C318391BE79C4A0

[vyosek]

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Prohledat
• Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte

[bojimso]

LOG zde

# AdwCleaner v2.115 - Log vytvooen 02/04/2013 v 20:35:13
# Aktualizováno 17/03/2013 Xplode
# Operaení systém : Windows 7 Home Premium Service Pack 1 (64 bits)
# Uživatel : David - PORNOSKRINKA
# Spuštin systém : Normální
# Spuštino z : C:\Users\David\Desktop\adwcleaner.exe
# Volba [Prohledat]


***** [Služby] *****


***** [Soubory / Složky] *****

Složka Nalezeno : C:\Program Files (x86)\FreeRIP
Složka Nalezeno : C:\ProgramData\Babylon
Složka Nalezeno : C:\ProgramData\boost_interprocess
Složka Nalezeno : C:\ProgramData\FreeRIP
Složka Nalezeno : C:\ProgramData\ICQ\ICQToolbar
Složka Nalezeno : C:\ProgramData\Trymedia
Složka Nalezeno : C:\Users\David\AppData\Roaming\Babylon
Složka Nalezeno : C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeRIP
Soubor Nalezeno : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****

Hodnota Nalezeno : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Hodnota Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Klíe Nalezeno : HKCU\Software\APN PIP
Klíe Nalezeno : HKCU\Software\Conduit
Klíe Nalezeno : HKCU\Software\GreenTree Applications
Klíe Nalezeno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Klíe Nalezeno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Klíe Nalezeno : HKLM\Software\Babylon
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Prod.cap
Klíe Nalezeno : HKLM\Software\Conduit
Klíe Nalezeno : HKLM\Software\GreenTree Applications
Klíe Nalezeno : HKLM\Software\PIP
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\14919ea49a8f3b4aa3cf1058d9a64cec
Klíe Nalezeno : HKU\S-1-5-21-2777513043-250176279-151607989-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Klíe Nalezeno : HKU\S-1-5-21-2777513043-250176279-151607989-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v9.0.8112.16448

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=110231&tt=5112_5&babsrc=HP_ss&mntrId=ecdfde350000000000006cf049e2a6ce
[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

-\\ Mozilla Firefox v9.0.1 (cs)

Soubor : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\tr3jll00.default\prefs.js

Nalezeno : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=110231&tt=5112_5&babsrc=NT_ss&mntr[...]
Nalezeno : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Nalezeno : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=110231&tt=5112_5&babsrc=HP_s[...]

-\\ Google Chrome v26.0.1410.43

Soubor : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Soubor je eistý.

Soubor : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Soubor je eistý.

-\\ Opera v12.14.1738.0

Soubor : C:\Users\David\AppData\Roaming\Opera\Opera\operaprefs.ini

Nalezeno : HostName Web Lookup Address=hxxp://search.icq.com/search/afe_results.php?q=%s&ch_id=osd&icid=opera

Soubor : C:\Users\Mamka\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Soubor je eistý.

Soubor : C:\Users\Administrator\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Soubor je eistý.

*************************

AdwCleaner[R1].txt - [3870 octets] - [02/04/2013 20:35:13]

########## EOF - C:\AdwCleaner[R1].txt - [3930 octets] ##########

[vyosek]

Spustte znovu AdwCleaner

• Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
• Kliknete na Smazat
• PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem

[bojimso]

Po restartu se mi nejprve spustil regedit a vyskočilo toto okno.



A zde je LOG.

# AdwCleaner v2.115 - Log vytvooen 02/04/2013 v 20:40:06
# Aktualizováno 17/03/2013 Xplode
# Operaení systém : Windows 7 Home Premium Service Pack 1 (64 bits)
# Uživatel : David - PORNOSKRINKA
# Spuštin systém : Normální
# Spuštino z : C:\Users\David\Desktop\adwcleaner.exe
# Volba [Vymazat]


***** [Služby] *****


***** [Soubory / Složky] *****

Složka Vymazáno : C:\Program Files (x86)\FreeRIP
Složka Vymazáno : C:\ProgramData\Babylon
Složka Vymazáno : C:\ProgramData\boost_interprocess
Složka Vymazáno : C:\ProgramData\FreeRIP
Složka Vymazáno : C:\ProgramData\ICQ\ICQToolbar
Složka Vymazáno : C:\ProgramData\Trymedia
Složka Vymazáno : C:\Users\David\AppData\Roaming\Babylon
Složka Vymazáno : C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeRIP
Soubor Vymazáno : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****

Hodnota Vymazáno : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Hodnota Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Klíe Vymazáno : HKCU\Software\APN PIP
Klíe Vymazáno : HKCU\Software\Conduit
Klíe Vymazáno : HKCU\Software\GreenTree Applications
Klíe Vymazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Klíe Vymazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Klíe Vymazáno : HKLM\Software\Babylon
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Prod.cap
Klíe Vymazáno : HKLM\Software\Conduit
Klíe Vymazáno : HKLM\Software\GreenTree Applications
Klíe Vymazáno : HKLM\Software\PIP
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\14919ea49a8f3b4aa3cf1058d9a64cec

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v9.0.8112.16448

Zaminino : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=110231&tt=5112_5&babsrc=HP_ss&mntrId=ecdfde350000000000006cf049e2a6ce --> hxxp://www.google.com
Zaminino : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Mozilla Firefox v9.0.1 (cs)

Soubor : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\tr3jll00.default\prefs.js

Vymazáno : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=110231&tt=5112_5&babsrc=NT_ss&mntr[...]
Vymazáno : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Vymazáno : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=110231&tt=5112_5&babsrc=HP_s[...]

-\\ Google Chrome v26.0.1410.43

Soubor : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Soubor je eistý.

Soubor : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Soubor je eistý.

-\\ Opera v12.14.1738.0

Soubor : C:\Users\David\AppData\Roaming\Opera\Opera\operaprefs.ini

Vymazáno : HostName Web Lookup Address=hxxp://search.icq.com/search/afe_results.php?q=%s&ch_id=osd&icid=opera

Soubor : C:\Users\Mamka\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Soubor je eistý.

Soubor : C:\Users\Administrator\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Soubor je eistý.

*************************

AdwCleaner[R1].txt - [3995 octets] - [02/04/2013 20:35:13]
AdwCleaner[S1].txt - [3692 octets] - [02/04/2013 20:40:06]

########## EOF - C:\AdwCleaner[S1].txt - [3752 octets] ##########

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Collect::
  c:\programdata\3iwbh.reg
  c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "OscarEditor"=-
  "Dyyno Launcher"=-
  "DAEMON Tools Lite"=-
  "Mobile Partner"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  "BCU"=-
  "Adobe ARM"=-
  
  RegNul::
  [HKEY_USERS\S-1-5-21-2777513043-250176279-151607989-1000\Software\SecuROM\License information*]
  [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
  [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
  
  RegLock::
  [HKEY_USERS\S-1-5-21-2777513043-250176279-151607989-1000\Software\Microsoft\Internet Explorer\MenuExt]
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
  [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
  [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
  [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
  [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
  
  ClearJavaCache::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[bojimso]

Hotovo, tady je LOG, program ještě uploadoval nějaký soubor k analýze.

ComboFix 13-04-01.01 - David 04.04.2013 10:36:21.7.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4094.2930 [GMT 2:00]
Spuštěný z: c:\users\David\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\David\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-03-04 do 2013-04-04 )))))))))))))))))))))))))))))))
.
.
2013-04-04 08:44 . 2013-04-04 08:44 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-04-04 08:44 . 2013-04-04 08:44 -------- d-----w- c:\users\Mamka\AppData\Local\temp
2013-04-04 08:44 . 2013-04-04 08:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-04 08:44 . 2013-04-04 08:44 -------- d-----w- c:\users\AppData\AppData\Local\temp
2013-04-04 08:44 . 2013-04-04 08:44 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-04-04 03:51 . 2013-04-04 03:51 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{011A0488-E606-42AF-974D-51CC525D86B9}\offreg.dll
2013-04-01 22:27 . 2013-04-01 22:27 151 ------w- c:\programdata\3iwbh.reg
2013-03-28 15:57 . 2013-03-28 15:57 74136 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2013-03-28 15:57 . 2013-03-28 15:57 2954136 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2013-03-28 15:57 . 2013-03-28 15:57 193584 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2013-03-28 15:57 . 2013-03-28 15:57 131480 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2013-03-28 15:57 . 2013-03-28 15:57 115608 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2013-03-28 15:56 . 2013-03-28 15:56 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2013-03-28 15:56 . 2013-03-28 15:56 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2013-03-28 15:56 . 2013-03-28 15:56 96664 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2013-03-28 15:56 . 2013-03-28 15:56 170232 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2013-03-20 12:55 . 2013-03-06 23:33 178624 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-20 12:55 . 2013-03-06 23:33 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-15 21:55 . 2013-03-15 21:55 -------- d-----w- c:\programdata\HandSetService
2013-03-15 21:55 . 2013-03-15 21:55 -------- d-----w- c:\programdata\HiSuiteOuc
2013-03-14 13:51 . 2013-03-14 13:51 -------- d-----w- c:\program files (x86)\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-04 08:45 . 2010-10-04 12:51 25640 ----a-w- c:\windows\gdrv.sys
2013-03-13 16:41 . 2012-11-03 17:52 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 16:41 . 2011-05-23 12:17 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-06 23:33 . 2012-03-23 19:37 70992 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-03-06 23:33 . 2011-08-23 17:20 377920 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2011-08-23 17:20 68920 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2011-08-23 17:20 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2011-08-23 17:20 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:33 . 2011-08-23 17:20 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 23:32 . 2011-08-23 17:20 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 23:32 . 2011-08-23 17:20 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-02-13 00:26 . 2013-02-13 00:26 42880 ----a-w- c:\windows\SysWow64\xfcodec.dll
2013-02-13 00:26 . 2013-02-13 00:26 28544 ----a-w- c:\windows\system32\xfcodec64.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"ToolBoxFX"="c:\program files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2010-03-03 53248]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
.
c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
msconfig.lnk - c:\windows\System32\rundll32.exe [2009-7-14 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe [2013-2-14 523264]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-9-8 6163456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="c:\progra~3\3iwbh.bat"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 aswVmm;aswVmm; [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]
S0 aswRvrt;aswRvrt; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-07-28 503352]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
S2 Dyyno Launcher;Dyyno Service;c:\program files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [2012-03-03 409600]
S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
S2 HiSuiteOuc64.exe;HiSuiteOuc64.exe;c:\programdata\HiSuiteOuc\HiSuiteOuc64.exe [2013-03-12 137024]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2010-03-03 136192]
S2 HuaweiHiSuiteService64.exe;HuaweiHiSuiteService64.exe;c:\programdata\HandSetService\HuaweiHiSuiteService64.exe [2012-11-21 201608]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2009-08-06 65536]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2012-11-30 3293552]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-01-31 3289208]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-09-08 288256]
S2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe [2010-09-08 1034752]
S2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe [2010-09-08 485376]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-10-16 10:49 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-04-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-03 16:41]
.
2013-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-19 19:35]
.
2013-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-19 19:35]
.
2013-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2777513043-250176279-151607989-1000Core.job
- c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-18 03:01]
.
2013-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2777513043-250176279-151607989-1000UA.job
- c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-18 03:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP LaserJet M1522 MFP Series Fax"="c:\program files (x86)\HP\hp LaserJet M1522\hppfaxprintersrv.exe" [2009-09-22 3700736]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2012-11-30 4000112]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: ????3?? - c:\users\David\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\users\David\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
TCP: DhcpNameServer = 185.7.44.10 185.7.44.86
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\tr3jll00.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{501451DE-5808-4599-B544-8BD0915B6B24}_is1 - c:\program files (x86)\FreeRIP\unins000.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2777513043-250176279-151607989-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@="c:\\Users\\David\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-2777513043-250176279-151607989-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@="c:\\Users\\David\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
[HKEY_USERS\S-1-5-21-2777513043-250176279-151607989-1000\Software\SecuROM\License information*]
"datasecu"=hex:53,4f,95,94,da,d1,87,9a,37,c7,ef,d3,ca,55,2c,01,a5,70,82,95,68,
57,32,67,7c,b8,f0,bb,54,12,14,00,ab,ba,3c,b3,f6,5a,ed,c7,cd,e6,fe,ac,de,13,\
"rkeysecu"=hex:2b,6c,8d,6d,33,20,4e,d1,55,0e,c7,dc,12,84,9e,ef
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="8A8905EF0B1D1B8A20A997AE788D5599B9102B7AE6A4F10386AB02ED5E2EE202B8B408721143BBAA8919A2D7103A73CAFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808C038D530D6EB3452FEBC9E127BECC74CA6171C11EC38DE3D66A3B9B7CB383BC663A1F72036CBC13DD3DB7D4A687589847A8DA700E0A11C7AA1A3C58050717AFE24A66A994CAAC6D1C8310152CD33CB05E873C1260325D408E9CC6ACC72E6CD2C02704B17645EB752569DA15A2BACF19B61E3C8E8AC7D49A6A9FAB11CCB68DF664BAB33728DD8DF84D13FA4B4A31401D25E8DCB3437415C4DA21017968B8B122FA609AB2BEB523C0F65B8C2D8F1E1341C2FA4521A0FC6275667700F05F1AB79E58CBEB5E3B544FEFC8DB0A564DFD1F94BF460534FB5AB727D6083FE545763DD534908C2E336EB0D3E1D526F16CE61F398A7FCBDAC404F40654836BF982593BB20FD21B995CC4C7F263A4BB35233547922923AEFAED7D54392B0FA21075A63445C9ECA7508ECAA246B5E4F7A9F9533956554DAC277BA2763EEFBC3E378883A5BF8744CC66E9E92FD295715BF2C904606C8DDA77BC9B9F0BBC6E18C3F6BD5C7994D1D6E6F1FFB51C0DFC556F247D620BC14F86B5910B8A01BCC6FCEDA827C794B93887F261734F8D573A1D1F7E32B9162743EF58CD7B36D0796838C5882CC87F1E87BD017F18CDEDCA9B24B281AE5B14FF89C9A3ACF364D349CD0CAC6D525E9C0518EB76075D920A52F9709CEA573DC9297D732FB4F617C91BCE191AD0B7F5E2234AE8E15068896B5124154AC67D332EFA686185ECC6B7CBB3810ED0652646431599D323DB017E84747F7FC73639C14DCE492AAE1671C1108B50C70BE03F1433EEFEE0552A29AF8C7265255CDBF742A83F13BCD7C5ED2C17C3CD82DB9975B034E0B8C6B44B038F4D7E840B457CA18DE43D1146B17187F5AD53ACFBDCCAB66711A2131D07650AC48CE2E03F51EF1D8E1AE6C02EB8D9C27EC83021BBDC1836D9E0E0C70A23F1DC625B3FB30F5A8CA1AA60B0EC1C1321964CBA8C7BBCE5704DEDFC989ACD06955E903C6B8B1196E0C53E3D3E8E15FC9DD638F9CA40595BE363C50A33E20D2345B8D1C772FC4C459931395B71143BB8D606594EB181F3A9EC91CC9232ED62153B7BB6D6C0F7BE4CBDF777919FC9E532AB9C07AD4828568118FA9F00445313A6D95153A7E6C3CE61994B5148F8A7E2641265D27CBA707D3A27DA2A8B8D1E51F1EC14D083B3D40BE89F9152B627941376607B940F733492D58ADD91A64067BD5F230292065DD1662D87CF34B94EE998D23E065B335314231A4DDB3B35F76CFE7EFF70792F08D9D4C362BC042D4730E37F5DD083112143E9974EF2C26362093E28B54553009700E7BC63A01248BF1F9404EC8D82C5230"
"OODEFRAG15.00.00.01PROFESSIONAL"="DF89337811CF76A9EF2E68B686FDDE3B6DEBB3CEB01778B54E73D2A66A674C2AD1AB2A5059E7B3C9ABAA5EA22616C5A3447989A045A44CB387AA03B1C7F2D2C9C03AA72D49623EB18BC648B05EE87AB953951246220230815FE01661476E9519F186DAA443B9447476F1FE7B81FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808C038D530D6EB3452FEBC9E127BECC74CA6171C11EC38DE3D91BE03488C5B60798528C8F198B0AFE25D82B54B7701836F91053F19E4E04767241C528983801E3B2D3F47D55150FC3BB75B200D6AB4905D6ED21DD81FC47711988014E2579FC9ABE4D72DBF484FF159088D58ECF7B756A526D0256493204F141418DFB20F3D7043DF7905AC225923252D177BAB81038C446618ACDB80D5491DB1B4609868457101C44E6EDFB703F38EFD9C40CB9E723E394FE51EA35AAA37DBFDCCD27B53048365AE259DDE17449F08BEE56D9399474A07F51CF3E4C747BB867BF98A04F42EAD76AB71D87482F732092EDE5F0F6FA4E235E23DC28AA53ACED3207AEB9EA4594DBD41CAFB2FEEDE900B7B17888D54130ED115732E4504743C81D6AFF3FB70001449E36A755F851A6D8C4BC26AA02E0128E97B0CEE09A3CBA351FC20AE939600052B0030C91C2533D312B3B91EA118BBDE12FB78530EFD787885E4F43F1C0F9BFAF7F39F8F41DD93A19FC3F7D02A5F7A36E1EF4BBC513E1903E7D37C5B947F7AA04A925D7169758C09C2789DC11A0853047424409F91C3AE604584A94E3D45A5783E24372F7A66CF0E8748EE4614C7C472EA59B286D2A21EFC6E2410759A710C5677E29A1D175D768C8199524500092E82E745A28C5E22B220B7D56BC3764781E31A7D99A0ACBBFA324848553C08E9D384138F3765C0BD17DF7A2F99BF5F41B91C5096EC366718BCFEF5A6263B1CBE5EA0985638D4C824DDA792B91B82240A50D1C8476E6DB9B9FE4928769A65EE0CD850272A12B48B3AFDB7DFF497BB5B0345A8B3981D69D9A1E93C03EF29F4F70E36E4731156F0DF174EA4C851582C5DC0F799470B1CE0437E08542CC06EB4F2B249FD3503B98DE3850ED43535CA2BC70CB172BC90329EB1B6C8E4CE06AA85DD9B4C9427ED159DF606DC85127A80A27B609BD2D2104A032964001198D7C05B7C1F587388B165CABC4CC2C44F70B0911E6FC2AEC9E4F202EFD365D33E3A393FD54A70389E244B539D3E277762D73489991D9B5068DE5F208D87937CF42CBF4D35D877D6308D0C08C5F8D755C2E7893019027C5477BF677BD3358BAB779BA43429BFB794092C10CDA54B85E96E4952410E6B9EABC640044252462E56846EDAB985A25B0DF830E59D70B94795659A540AAF57A09A24885537E0D645C6DE7A7B36E05EF4AFD33E3C059F7A950B2C6DFA6D"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Celkový čas: 2013-04-04 10:51:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-04-04 08:51
ComboFix2.txt 2013-04-01 23:19
ComboFix3.txt 2012-01-13 23:21
ComboFix4.txt 2012-01-13 19:41
ComboFix5.txt 2013-04-04 08:34
.
Před spuštěním: Volných bajtů: 90 073 354 240
Po spuštění: Volných bajtů: 88 652 750 848
.
- - End Of File - - F1534CA71697E49FE84630A6E2686CCD
Nahr nˇ probŘhlo ŁspŘçnŘ

[vyosek]

Ano, CF posilal vzorky haveti autorovi CF k dalsimu vyvoji a zlepseni detekce

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  :reg
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  "BCU"=-
  
  :files
  c:\programdata\3iwbh.reg
  c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
  c:\windows\Tasks\*.job
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]
  [EMPTYJAVA]

• Nasledne kliknete na Opravit
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

[bojimso]

Hotovo, LOG zde

All processes killed
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\BCU deleted successfully.
========== FILES ==========
c:\programdata\3iwbh.reg moved successfully.
c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk moved successfully.
c:\windows\Tasks\Adobe Flash Player Updater.job moved successfully.
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2777513043-250176279-151607989-1000Core.job moved successfully.
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2777513043-250176279-151607989-1000UA.job moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
C:\Windows\msdownld.tmp folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: David
->Temp folder emptied: 26012 bytes
->Temporary Internet Files folder emptied: 1268626 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 22446920 bytes
->Google Chrome cache emptied: 7184508 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 35123 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mamka
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3943 bytes
->Opera cache emptied: 56185951 bytes
->Flash cache emptied: 2228 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24566027 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50641 bytes
RecycleBin emptied: 9452527 bytes

Total Files Cleaned = 116,00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: AppData

User: David
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Mamka
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: AppData

User: David
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Mamka

User: Public

Total Java Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04042013_192704

Files\Folders moved on Reboot...
C:\Users\David\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[vyosek]

Fajn, jak se chova PC

[bojimso]

Tak PC vypadá čisté, pěkně vyčistěné, asi vyřešeno, děkuji moc za pomoc!

[vyosek]

Tak jeste uklidime

Odinstalujte Combofix

• Prejmenujte ComboFix na Uninstall
• Spustte jej
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel èistiè

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse