ComboFix 15-12-16.01 - roze 20.12.2015  18:12:40.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1250.420.1029.18.4060.2023 [GMT 1:00]
Sputn z: c:\users\uu\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
FW: Symantec Endpoint Protection *Enabled* {6BFC5632-188D-B806-D13E-C607121B42A0}
SP: Symantec Endpoint Protection *Disabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Vytvoen nov Bod Obnoven
.
.
(((((((((((((((((((((((((((((((((((((((   Ostatn vmazy   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\roze\AppData\Local\assembly\tmp
c:\users\roze\AppData\Roaming\Mozilla\Firefox\Profiles\tdkmtw99.default\extensions\50799f783e953@50799f783e989.com
c:\users\roze\AppData\Roaming\Mozilla\Firefox\Profiles\tdkmtw99.default\extensions\50799f783e953@50799f783e989.com\bootstrap.js
c:\users\roze\AppData\Roaming\Mozilla\Firefox\Profiles\tdkmtw99.default\extensions\50799f783e953@50799f783e989.com\content\zy.xul
c:\users\roze\AppData\Roaming\Mozilla\Firefox\Profiles\tdkmtw99.default\extensions\50799f783e953@50799f783e989.com\chrome.manifest
c:\users\roze\AppData\Roaming\Mozilla\Firefox\Profiles\tdkmtw99.default\extensions\50799f783e953@50799f783e989.com\install.rdf
c:\windows\PFRO.log
O:\install.exe
.
.
(((((((((((((((((((((((((   Soubory vytvoen od 2015-11-20 do 2015-12-20  )))))))))))))))))))))))))))))))
.
.
2015-12-20 17:23 . 2015-12-20 17:23	--------	d-----w-	c:\users\Zuzka\AppData\Local\temp
2015-12-20 17:23 . 2015-12-20 17:23	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-12-20 17:23 . 2015-12-20 17:23	--------	d-----w-	c:\users\Anika\AppData\Local\temp
2015-12-15 21:33 . 2015-12-15 21:33	--------	d-----w-	c:\program files\JunctionMaster
2015-12-13 20:34 . 2015-12-13 20:35	192216	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-12-13 20:33 . 2015-12-13 20:33	--------	d-----w-	c:\program files (x86)\Malwarebytes Anti-Malware
2015-12-13 20:33 . 2015-12-13 20:33	--------	d-----w-	c:\programdata\Malwarebytes
2015-12-13 20:33 . 2015-10-05 08:50	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-12-13 20:33 . 2015-10-05 08:50	109272	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-12-13 20:33 . 2015-10-05 08:50	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-12-13 20:05 . 2015-12-15 19:57	--------	d-----w-	C:\AdwCleaner
2015-12-13 18:04 . 2015-12-13 18:04	--------	d-----w-	c:\windows\system32\drivers\symefasi
2015-12-13 18:04 . 2015-12-13 18:04	--------	d-----w-	c:\programdata\SymEFASI
2015-12-13 18:03 . 2015-12-13 18:03	424288	----a-w-	c:\windows\SysWow64\SymVPN.dll
2015-12-13 18:03 . 2015-12-13 18:03	58720	----a-w-	c:\windows\system32\snacnp.dll
2015-12-13 18:03 . 2015-12-13 18:03	579936	----a-w-	c:\windows\system32\SymVPN.dll
2015-12-13 18:03 . 2015-12-13 18:03	51552	----a-w-	c:\windows\SysWow64\snacnp.dll
2015-12-13 18:03 . 2015-12-13 18:03	462688	----a-w-	c:\windows\system32\sysfer.dll
2015-12-13 18:03 . 2015-12-13 18:03	39384	----a-w-	c:\windows\system32\drivers\WGX64.SYS
2015-12-13 18:03 . 2015-12-13 18:03	363872	----a-w-	c:\windows\SysWow64\sysfer.dll
2015-12-13 18:03 . 2015-12-13 18:03	159552	----a-w-	c:\windows\system32\drivers\SysPlant.sys
2015-12-13 18:03 . 2015-12-13 18:03	159072	----a-w-	c:\windows\system32\FwsVpn.dll
2015-12-13 18:03 . 2015-12-13 18:03	139104	----a-w-	c:\windows\SysWow64\FwsVpn.dll
2015-12-13 18:02 . 2015-12-13 18:02	--------	d-----w-	c:\programdata\regid.1992-12.com.symantec
2015-12-13 18:01 . 2015-12-13 18:01	--------	d-----w-	c:\windows\system32\drivers\SEP
2015-12-13 17:41 . 2015-10-29 09:28	11138400	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{0FED7E09-A53D-4EE8-91ED-ED43AEDF9E8C}\mpengine.dll
2015-12-09 16:11 . 2015-11-03 19:04	241664	----a-w-	c:\windows\system32\els.dll
2015-12-09 16:11 . 2015-11-03 18:55	179712	----a-w-	c:\windows\SysWow64\els.dll
2015-12-06 17:06 . 2015-12-15 19:50	--------	d-----w-	C:\FRST
2015-12-06 16:34 . 2015-12-06 16:34	--------	d-----w-	c:\users\roze\AppData\Local\GWX
2015-12-06 16:16 . 2015-12-06 16:16	--------	d-----w-	c:\users\uu\AppData\Roaming\JGoodies
2015-12-06 16:14 . 2015-12-06 16:14	--------	d-----w-	c:\users\uu\AppData\Roaming\Sun
2015-12-06 16:14 . 2015-12-06 16:14	--------	d-----w-	c:\users\uu\.oracle_jre_usage
2015-12-06 16:14 . 2015-12-06 16:14	--------	d-----w-	c:\program files (x86)\Common Files\Java
2015-12-06 16:14 . 2015-12-06 16:14	--------	d-----w-	c:\users\roze\.oracle_jre_usage
2015-12-06 16:14 . 2015-12-06 16:13	97888	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-12-06 16:13 . 2015-12-06 16:13	--------	d-----w-	c:\programdata\Oracle
2015-12-06 16:13 . 2015-12-06 16:13	--------	d-----w-	c:\program files (x86)\Java
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M vpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-12-13 18:04 . 2009-11-24 15:39	177752	----a-w-	c:\windows\system32\drivers\SYMEVENT64x86.SYS
2015-12-10 16:42 . 2012-09-03 17:54	140158008	----a-w-	c:\windows\system32\MRT.exe
2015-12-02 12:18 . 2009-11-20 20:00	301728	------w-	c:\windows\system32\MpSigStub.exe
2015-10-29 17:50 . 2015-11-12 15:40	6656	----a-w-	c:\windows\system32\shimeng.dll
2015-10-29 17:50 . 2015-11-12 15:40	342016	----a-w-	c:\windows\system32\apphelp.dll
2015-10-29 17:50 . 2015-11-12 15:40	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2015-10-29 17:50 . 2015-11-12 15:40	309248	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-10-29 17:50 . 2015-11-12 15:40	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2015-10-29 17:50 . 2015-11-12 15:40	72192	----a-w-	c:\windows\system32\aelupsvc.dll
2015-10-29 17:50 . 2015-11-12 15:40	103424	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-10-29 17:50 . 2015-11-12 15:40	5120	----a-w-	c:\windows\SysWow64\shimeng.dll
2015-10-29 17:50 . 2015-11-12 15:40	23552	----a-w-	c:\windows\system32\sdbinst.exe
2015-10-29 17:49 . 2015-11-12 15:40	295936	----a-w-	c:\windows\SysWow64\apphelp.dll
2015-10-29 17:49 . 2015-11-12 15:40	562176	----a-w-	c:\windows\apppatch\AcLayers.dll
2015-10-29 17:49 . 2015-11-12 15:40	470528	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2015-10-29 17:49 . 2015-11-12 15:40	2178560	----a-w-	c:\windows\apppatch\AcGenral.dll
2015-10-29 17:49 . 2015-11-12 15:40	211968	----a-w-	c:\windows\apppatch\AcXtrnal.dll
2015-10-29 17:49 . 2015-11-12 15:40	20992	----a-w-	c:\windows\SysWow64\sdbinst.exe
2015-10-29 17:39 . 2015-11-12 15:40	2560	----a-w-	c:\windows\apppatch\AcRes.dll
2015-10-20 01:12 . 2015-11-12 15:41	5570496	----a-w-	c:\windows\system32\ntoskrnl.exe
2015-10-20 01:12 . 2015-11-12 15:41	154560	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2015-10-20 01:12 . 2015-11-12 15:41	95680	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2015-10-20 01:09 . 2015-11-12 15:41	1730496	----a-w-	c:\windows\system32\ntdll.dll
2015-10-20 01:06 . 2015-11-12 15:41	243712	----a-w-	c:\windows\system32\wow64.dll
2015-10-20 01:06 . 2015-11-12 15:41	215040	----a-w-	c:\windows\system32\winsrv.dll
2015-10-20 01:06 . 2015-11-12 15:41	362496	----a-w-	c:\windows\system32\wow64win.dll
2015-10-20 01:06 . 2015-11-12 15:41	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2015-10-20 01:05 . 2015-11-12 15:41	210944	----a-w-	c:\windows\system32\wdigest.dll
2015-10-20 01:05 . 2015-11-12 15:41	86528	----a-w-	c:\windows\system32\TSpkg.dll
2015-10-20 01:05 . 2015-11-12 15:41	503808	----a-w-	c:\windows\system32\srcore.dll
2015-10-20 01:05 . 2015-11-12 15:41	50176	----a-w-	c:\windows\system32\srclient.dll
2015-10-20 01:05 . 2015-11-12 15:41	136192	----a-w-	c:\windows\system32\sspicli.dll
2015-10-20 01:05 . 2015-11-12 15:41	29184	----a-w-	c:\windows\system32\sspisrv.dll
2015-10-20 01:05 . 2015-11-12 15:41	28160	----a-w-	c:\windows\system32\secur32.dll
2015-10-20 01:05 . 2015-11-12 15:41	344064	----a-w-	c:\windows\system32\schannel.dll
2015-10-20 01:05 . 2015-11-12 15:41	1216512	----a-w-	c:\windows\system32\rpcrt4.dll
2015-10-20 01:05 . 2015-11-12 15:41	312320	----a-w-	c:\windows\system32\ncrypt.dll
2015-10-20 01:05 . 2015-11-12 15:41	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2015-10-20 01:05 . 2015-11-12 15:41	315392	----a-w-	c:\windows\system32\msv1_0.dll
2015-10-20 01:05 . 2015-11-12 15:41	729600	----a-w-	c:\windows\system32\kerberos.dll
2015-10-20 01:05 . 2015-11-12 15:41	1461760	----a-w-	c:\windows\system32\lsasrv.dll
2015-10-20 01:05 . 2015-11-12 15:41	1164800	----a-w-	c:\windows\system32\kernel32.dll
2015-10-20 01:05 . 2015-11-12 15:41	424960	----a-w-	c:\windows\system32\KernelBase.dll
2015-10-20 01:05 . 2015-11-12 15:41	43520	----a-w-	c:\windows\system32\csrsrv.dll
2015-10-20 01:05 . 2015-11-12 15:41	44032	----a-w-	c:\windows\system32\cryptbase.dll
2015-10-20 01:05 . 2015-11-12 15:41	22016	----a-w-	c:\windows\system32\credssp.dll
2015-10-20 01:05 . 2015-11-12 15:41	112640	----a-w-	c:\windows\system32\smss.exe
2015-10-20 01:05 . 2015-11-12 15:41	296960	----a-w-	c:\windows\system32\rstrui.exe
2015-10-20 01:04 . 2015-11-12 15:41	31232	----a-w-	c:\windows\system32\lsass.exe
2015-10-20 01:04 . 2015-11-12 15:41	338432	----a-w-	c:\windows\system32\conhost.exe
2015-10-20 01:04 . 2015-11-12 15:41	64000	----a-w-	c:\windows\system32\auditpol.exe
2015-10-20 01:00 . 2015-11-12 15:41	60416	----a-w-	c:\windows\system32\msobjs.dll
2015-10-20 00:59 . 2015-11-12 15:41	146432	----a-w-	c:\windows\system32\msaudite.dll
2015-10-20 00:53 . 2015-11-12 15:41	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-20 00:53 . 2015-11-12 15:41	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-20 00:53 . 2015-11-12 15:41	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-20 00:53 . 2015-11-12 15:41	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-20 00:53 . 2015-11-12 15:41	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-20 00:53 . 2015-11-12 15:41	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-20 00:53 . 2015-11-12 15:41	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-20 00:53 . 2015-11-12 15:41	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-20 00:53 . 2015-11-12 15:41	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-20 00:53 . 2015-11-12 15:41	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-20 00:53 . 2015-11-12 15:41	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-20 00:53 . 2015-11-12 15:41	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-20 00:53 . 2015-11-12 15:41	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-20 00:53 . 2015-11-12 15:41	6656	----a-w-	c:\windows\system32\apisetschema.dll
2015-10-20 00:53 . 2015-11-12 15:41	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-20 00:53 . 2015-11-12 15:41	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-20 00:53 . 2015-11-12 15:41	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-20 00:53 . 2015-11-12 15:41	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-20 00:53 . 2015-11-12 15:41	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-20 00:53 . 2015-11-12 15:41	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-20 00:53 . 2015-11-12 15:41	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-20 00:53 . 2015-11-12 15:41	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-20 00:53 . 2015-11-12 15:41	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-20 00:53 . 2015-11-12 15:41	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-20 00:53 . 2015-11-12 15:41	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-20 00:53 . 2015-11-12 15:41	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-20 00:53 . 2015-11-12 15:41	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-20 00:53 . 2015-11-12 15:41	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-20 00:53 . 2015-11-12 15:41	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-20 00:53 . 2015-11-12 15:41	686080	----a-w-	c:\windows\system32\adtschema.dll
2015-10-20 00:52 . 2015-11-12 15:41	3991488	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2015-10-20 00:52 . 2015-11-12 15:41	3935680	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2015-10-20 00:48 . 2015-11-12 15:41	1311768	----a-w-	c:\windows\SysWow64\ntdll.dll
2015-10-20 00:45 . 2015-11-12 15:41	172032	----a-w-	c:\windows\SysWow64\wdigest.dll
2015-10-20 00:45 . 2015-11-12 15:41	65536	----a-w-	c:\windows\SysWow64\TSpkg.dll
2015-10-20 00:45 . 2015-11-12 15:41	43008	----a-w-	c:\windows\SysWow64\srclient.dll
2015-10-20 00:45 . 2015-11-12 15:41	251392	----a-w-	c:\windows\SysWow64\schannel.dll
2015-10-20 00:45 . 2015-11-12 15:41	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2015-10-20 00:45 . 2015-11-12 15:41	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2015-10-20 00:45 . 2015-11-12 15:41	223232	----a-w-	c:\windows\SysWow64\ncrypt.dll
2015-10-20 00:45 . 2015-11-12 15:41	259584	----a-w-	c:\windows\SysWow64\msv1_0.dll
2015-10-20 00:45 . 2015-11-12 15:41	552960	----a-w-	c:\windows\SysWow64\kerberos.dll
2015-10-20 00:45 . 2015-11-12 15:41	36864	----a-w-	c:\windows\SysWow64\cryptbase.dll
2015-10-20 00:45 . 2015-11-12 15:41	17408	----a-w-	c:\windows\SysWow64\credssp.dll
2015-10-20 00:45 . 2015-11-12 15:41	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2015-10-20 00:45 . 2015-11-12 15:41	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2015-10-20 00:44 . 2015-11-12 15:41	50176	----a-w-	c:\windows\SysWow64\auditpol.exe
.
.
((((((((((((((((((((((((((((((((((   Spoutc body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznmka* przdn zznamy a legitimn vchoz daje nejsou zobrazeny. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="d:\utility\CCleaner\CCleaner64.exe" [2015-11-16 8591272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-04 98304]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
.
c:\users\Anika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Vezy obrazovky a sputn aplikace OneNote 2007.lnk - d:\kancl\MS_Office_2007\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\users\uu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Vezy obrazovky a sputn aplikace OneNote 2007.lnk - d:\kancl\MS_Office_2007\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 SyDvCtrl;SyDvCtrl;d:\symantec endpoint protection\12.1.5337.5000.105\Bin64\SyDvCtrl64.sys;d:\symantec endpoint protection\12.1.5337.5000.105\Bin64\SyDvCtrl64.sys [x]
R3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A};Symantec Redirector - Norton Safety Minder;c:\windows\System32\Drivers\NSMx64\0203000.01B\SymRdrS.SYS;c:\windows\SYSNATIVE\Drivers\NSMx64\0203000.01B\SymRdrS.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys;c:\windows\SYSNATIVE\DRIVERS\wacmoumonitor.sys [x]
R3 WatAdminSvc;Sluba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 hotcore3;Hotcore helper;c:\windows\system32\DRIVERS\hotcore3.sys;c:\windows\SYSNATIVE\DRIVERS\hotcore3.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S0 SymEFASI;Symantec Extended File Attributes (SI);c:\windows\system32\drivers\symefasi\0500010.01F\symefasi.sys;c:\windows\SYSNATIVE\drivers\symefasi\0500010.01F\symefasi.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\BASHDefs\20151218.011\BHDrvx64.sys;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\BASHDefs\20151218.011\BHDrvx64.sys [x]
S1 ccSet_NOF;Norton Online Settings Manager;c:\windows\system32\drivers\NOFx64\0203000.007\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NOFx64\0203000.007\ccSetx64.sys [x]
S1 ccSettings_{5A2B9522-769B-49C3-9B8E-C708A1FEF279};Symantec Endpoint Protection 12.1.5337.5000.105 Settings Manager;c:\windows\system32\Drivers\SEP\0C0114D9\1388.105\x64\ccSetx64.sys;c:\windows\SYSNATIVE\Drivers\SEP\0C0114D9\1388.105\x64\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\IPSDefs\20151218.011\IDSvia64.sys;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\IPSDefs\20151218.011\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\Drivers\SEP\0C0114D9\1388.105\x64\Ironx64.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C0114D9\1388.105\x64\Ironx64.SYS [x]
S1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\Drivers\SEP\0C0114D9\1388.105\x64\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C0114D9\1388.105\x64\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 NOF;Norton Online;c:\program files (x86)\Norton Online\Engine\2.3.0.7\ccSvcHst.exe;c:\program files (x86)\Norton Online\Engine\2.3.0.7\ccSvcHst.exe [x]
S2 SepMasterService;Symantec Endpoint Protection;d:\symantec endpoint protection\12.1.5337.5000.105\Bin\ccSvcHst.exe;d:\symantec endpoint protection\12.1.5337.5000.105\Bin\ccSvcHst.exe [x]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe;c:\windows\SYSNATIVE\Pen_Tablet.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 yukonw7;Ovlada NDIS6.2 Miniport pro adi Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-12-17 11:40	1000264	----a-w-	c:\program files (x86)\Google\Chrome\Application\47.0.2526.106\Installer\chrmstp.exe
.
Obsah adrese 'Naplnovan lohy'
.
2015-12-20 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 10:43]
.
2015-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-24 15:14]
.
2015-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-24 15:14]
.
.
--------- X64 Entries -----------
.
.
------- Doplkov sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp?inid=biz_SR_sep_V12_1_MR_5
mStart Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp?inid=biz_SR_sep_V12_1_MR_5
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Download All using 4shared Desktop - c:\program files (x86)\4shared Desktop\Desktop.32/D_ALL_LINK
IE: &Download using 4shared Desktop - c:\program files (x86)\4shared Desktop\Desktop.32/D_ONE_LINK
IE: E&xportovat do aplikace Microsoft Excel - d:\kancl\MS_OFF~1\Office12\EXCEL.EXE/3000
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 192.168.1.1
.
- - - - NEPLATN POLOKY ODSTRANN Z REGISTRU - - - -
.
BHO-{C407AB7C-5DB9-8028-7F4B-D993B239255E} - c:\programdata\SaveAs\50799f783ead3.ocx
BHO-{d6451db9-67e1-4ca3-bfba-4d77fface17f} - (no file)
c:\users\Anika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk - c:\users\roze\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{d6451db9-67e1-4ca3-bfba-4d77fface17f} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NOF]
"ImagePath"="\"c:\program files (x86)\Norton Online\Engine\2.3.0.7\ccSvcHst.exe\" /s \"NOF\" /m \"c:\program files (x86)\Norton Online\Engine\2.3.0.7\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SepMasterService]
"ImagePath"="\"d:\symantec endpoint protection\12.1.5337.5000.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"d:\symantec endpoint protection\12.1.5337.5000.105\Bin\sms.dll\" /prefetch:1"
"ImagePath"="system32\Drivers\SEP\0C0114D9\1388.105\x64\SYMNETS.SYS"
"TrustedImagePaths"="d:\symantec endpoint protection\12.1.5337.5000.105\bin;d:\symantec endpoint protection\12.1.5337.5000.105\bin64"
.
--------------------- ZAMKNUT KLE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkov as: 2015-12-20  18:28:14
ComboFix-quarantined-files.txt  2015-12-20 17:28
.
Ped sputnm: Volnch bajt: 43938209792
Po sputn: Volnch bajt: 45537886208
.
- - End Of File - - F69304F0222A434329900F81E33730AA
A36C5E4F47E84449FF07ED3517B43A31
