Trochu mě zlobilo Pc
Napsal: 15 lis 2013 21:20
Trochu mě zlobilo Pc a proto prosím o preventivní posouzení logu z Combofixu
Děkuji předem za případnou pomoc
ComboFix 13-11-15.01 - Karel 15.11.2013 21:03:18.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8189.5707 [GMT 1:00]
Spuštěný z: c:\users\Karel\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
* Vytvořen nový Bod Obnovení
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Karel\AppData\Roaming\inst.exe
c:\windows\SysWow64\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-10-15 do 2013-11-15 )))))))))))))))))))))))))))))))
.
.
2013-11-13 18:28 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-11-13 18:28 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-11-13 18:28 . 2013-10-04 02:28 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-11-13 18:28 . 2013-10-04 02:25 197120 ----a-w- c:\windows\system32\credui.dll
2013-11-13 18:28 . 2013-10-04 02:24 1930752 ----a-w- c:\windows\system32\authui.dll
2013-11-13 18:28 . 2013-10-04 01:58 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-11-13 18:28 . 2013-10-04 01:56 168960 ----a-w- c:\windows\SysWow64\credui.dll
2013-11-13 18:28 . 2013-10-04 01:56 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-11-11 20:46 . 2013-10-14 17:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-11-09 05:08 . 2013-11-07 23:41 174968 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2013-10-20 11:46 . 2013-10-20 11:46 -------- d-----w- c:\programdata\Package Cache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-13 18:28 . 2012-10-28 21:29 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-11-13 17:41 . 2012-10-28 14:18 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-28 20:25 . 2012-10-28 20:57 6656 ----a-w- c:\windows\system32\lpcio.dll
2013-10-16 01:55 . 2013-10-16 01:55 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-10-16 01:55 . 2013-10-16 01:55 312744 ----a-w- c:\windows\system32\javaws.exe
2013-10-16 01:55 . 2013-10-16 01:55 189352 ----a-w- c:\windows\system32\javaw.exe
2013-10-16 01:55 . 2013-10-16 01:55 189352 ----a-w- c:\windows\system32\java.exe
2013-10-08 05:50 . 2013-10-16 01:59 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-27 03:18 . 2013-10-12 05:17 1147480 ----a-w- c:\windows\system32\drivers\NISx64\1501000.012\symefa64.sys
2013-09-27 02:26 . 2013-10-12 05:17 858200 ----a-w- c:\windows\system32\drivers\NISx64\1501000.012\srtsp64.sys
2013-09-26 03:28 . 2013-10-12 05:17 590936 ----a-w- c:\windows\system32\drivers\NISx64\1501000.012\symnets.sys
2013-09-26 02:50 . 2013-10-12 05:17 162392 ----a-w- c:\windows\system32\drivers\NISx64\1501000.012\ccsetx64.sys
2013-09-25 02:22 . 2013-11-13 18:27 340992 ----a-w- c:\windows\system32\schannel.dll
2013-09-25 01:57 . 2013-11-13 18:27 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-09-21 08:49 . 2012-10-28 11:30 3008880 ----a-w- c:\windows\system32\auto_reactivate.exe
2013-09-12 08:58 . 2013-09-19 20:05 9281032 ----a-w- c:\windows\system32\nvcuda.dll
2013-09-12 08:58 . 2013-09-19 20:05 7720576 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-09-12 08:58 . 2013-09-19 20:05 7648000 ----a-w- c:\windows\system32\nvopencl.dll
2013-09-12 08:58 . 2013-09-19 20:05 681760 ----a-w- c:\windows\system32\NvFBC64.dll
2013-09-12 08:58 . 2013-09-19 20:05 6329552 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-09-12 08:58 . 2013-09-19 20:05 603424 ----a-w- c:\windows\system32\NvIFR64.dll
2013-09-12 08:58 . 2013-09-19 20:05 586016 ----a-w- c:\windows\SysWow64\NvFBC.dll
2013-09-12 08:58 . 2013-09-19 20:05 515360 ----a-w- c:\windows\SysWow64\NvIFR.dll
2013-09-12 08:58 . 2013-09-19 20:05 2970400 ----a-w- c:\windows\system32\nvcuvid.dll
2013-09-12 08:58 . 2013-09-19 20:05 29337376 ----a-w- c:\windows\system32\nvoglv64.dll
2013-09-12 08:58 . 2013-09-19 20:05 2789152 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-09-12 08:58 . 2013-09-19 20:05 2630304 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-09-12 08:58 . 2013-09-19 20:05 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2013-09-12 08:58 . 2013-09-19 20:05 2367264 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-09-12 08:58 . 2013-09-19 20:05 22102304 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-09-12 08:58 . 2013-09-19 20:05 2007328 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-09-12 08:58 . 2013-09-19 20:05 1884448 ----a-w- c:\windows\system32\nvdispco6432723.dll
2013-09-12 08:58 . 2013-09-19 20:05 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-09-12 08:58 . 2013-09-19 20:05 1511712 ----a-w- c:\windows\system32\nvdispgenco6432723.dll
2013-09-12 08:58 . 2013-09-19 20:05 13628208 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-09-12 08:58 . 2013-09-19 20:05 12947360 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-09-12 08:58 . 2013-09-19 20:05 11274528 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-09-12 08:58 . 2013-09-15 19:07 61216 ----a-w- c:\windows\system32\OpenCL.dll
2013-09-12 08:58 . 2013-09-15 19:07 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-09-12 08:58 . 2013-09-15 19:06 2986672 ----a-w- c:\windows\system32\nvapi64.dll
2013-09-12 08:58 . 2013-09-15 19:06 15901448 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-09-12 08:58 . 2013-09-15 19:06 15703688 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-09-12 07:25 . 2013-09-15 19:07 6599968 ----a-w- c:\windows\system32\nvcpl.dll
2013-09-12 07:25 . 2013-09-15 19:07 3452192 ----a-w- c:\windows\system32\nvsvc64.dll
2013-09-12 07:25 . 2013-09-15 19:07 920864 ----a-w- c:\windows\system32\nvvsvc.exe
2013-09-12 07:25 . 2013-09-15 19:07 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-09-12 07:25 . 2013-09-15 19:07 2559776 ----a-w- c:\windows\system32\nvsvcr.dll
2013-09-12 07:25 . 2013-09-15 19:07 219424 ----a-w- c:\windows\system32\nvmctray.dll
2013-09-11 23:17 . 2013-09-11 23:17 571168 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-09-08 20:29 . 2012-07-17 12:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-09-08 05:56 . 2012-12-21 21:11 25640 ----a-w- c:\windows\etdrv.sys
2013-09-08 05:56 . 2012-10-28 11:24 30528 ----a-w- c:\windows\GVTDrv64.sys
2013-09-08 05:56 . 2012-10-28 11:23 25640 ----a-w- c:\windows\gdrv.sys
2013-09-08 02:30 . 2013-10-09 02:21 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-09 02:21 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-09 02:21 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-09-04 12:12 . 2013-10-09 02:19 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-09-04 12:11 . 2013-10-09 02:19 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-09-04 12:11 . 2013-10-09 02:19 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-09-04 12:11 . 2013-10-09 02:19 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-09-04 12:11 . 2013-10-09 02:19 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-09-04 12:11 . 2013-10-09 02:19 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-09-04 12:11 . 2013-10-09 02:19 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-09-04 02:28 . 2012-10-28 11:05 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-08-29 02:17 . 2013-10-09 02:21 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-29 02:16 . 2013-10-09 02:21 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-08-29 02:16 . 2013-10-09 02:21 243712 ----a-w- c:\windows\system32\wow64.dll
2013-08-29 02:16 . 2013-10-09 02:21 859648 ----a-w- c:\windows\system32\tdh.dll
2013-08-29 02:13 . 2013-10-09 02:21 878080 ----a-w- c:\windows\system32\advapi32.dll
2013-08-29 01:51 . 2013-10-09 02:21 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-09 02:21 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-09 02:21 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-08-29 01:50 . 2013-10-09 02:21 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-08-29 01:50 . 2013-10-09 02:21 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2013-08-29 01:48 . 2013-10-09 02:21 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2013-08-29 01:48 . 2013-10-09 02:21 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-29 01:29 . 2013-10-09 02:21 33280 ----a-w- c:\windows\system32\drivers\usbser.sys
2013-08-29 00:49 . 2013-10-09 02:21 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-08-29 00:49 . 2013-10-09 02:21 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-08-29 00:49 . 2013-10-09 02:21 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49 . 2013-10-09 02:21 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-08-28 01:21 . 2013-10-09 02:21 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-08-28 01:12 . 2013-10-09 02:20 461312 ----a-w- c:\windows\system32\scavengeui.dll
2013-08-20 08:26 . 2013-06-09 17:18 1446912 ----a-w- c:\windows\system32\VSFilter.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-06-29 5980024]
"AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2012-06-29 1173224]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-08-09 5263504]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\Karel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
USB Sharing.lnk - c:\program files (x86)\USB Sharing\usbshare.exe [2012-10-28 139264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck auto_reactivate \\?\Volume{68697fcb-6d5b-11e2-9015-902b34914d28}\bootwiz\asrm.bin
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtpt64.sys [x]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtbs64.sys [x]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvmdm64.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1501000.012\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1501000.012\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\SYMEFA64.SYS [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt67;Acronis Disk Storage Filter (67);c:\windows\system32\DRIVERS\vsflt67.sys;c:\windows\SYSNATIVE\DRIVERS\vsflt67.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20131101.003\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20131101.003\BHDrvx64.sys [x]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20131114.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20131114.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1501000.012\SYMNETS.SYS [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 AVER_H193;AVerMedia H193 Video Capture;c:\windows\system32\drivers\AVer888RC_64.sys;c:\windows\SYSNATIVE\drivers\AVer888RC_64.sys [x]
S3 CXCIR;AVerMedia Consumer Infrared Receiver;c:\windows\system32\DRIVERS\AVer888RCIR_64.sys;c:\windows\SYSNATIVE\DRIVERS\AVer888RCIR_64.sys [x]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys;c:\windows\SYSNATIVE\DRIVERS\DKRtWrt.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2013-11-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-28 17:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-06-29 403552]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1840720]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-03 767312]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Doplňkový sken -------
.
uStart Page = https://www.gemoney.cz/lide
uLocal Page = c:\windows\system32\blank.htm
uSearchURL,(Default) = hxxp://search.daum.net/search?nil_profile=ie&ref_code=ms&q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Stáhnout s IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Stáhnout Star Downloaderem
Trusted Zone: csob.cz\ib24
TCP: DhcpNameServer = 192.168.0.254
FF - ProfilePath - c:\users\Karel\AppData\Roaming\Mozilla\Firefox\Profiles\3xsmdpzu.default-1364998690183\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 4
FF - user.js: nglayout.initialpaint.delay - 100
FF - user.js: content.notify.ontimer - true
FF - user.js: content.notify.interval - 100000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 4
FF - user.js: network.http.max-persistent-connections-per-server - 2
FF - user.js: browser.sessionstore.resume_session_once - true
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-EfficientPIM - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2487367 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2656351 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2736428 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2742595 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2858302v2 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2604121 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656351 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656368v2 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656405 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2686827 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2729449 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2736428 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2737019 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2742595 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2789642 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2804576 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2835393 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2840628 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2840628v2 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2858302v2 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18;c:\program files (x86)\Norton Internet Security\Engine64\21.1.0.18"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-763623151-130089330-3102020656-1000_Classes\Wow6432Node\CLSID\{18b39737-b623-4295-a1af-3992d72abf65}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000011c
"Therad"=dword:0000001d
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-763623151-130089330-3102020656-1000_Classes\Wow6432Node\CLSID\{1b4a2c5f-cc4e-412f-a118-79646a9355fe}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000a0
"Therad"=dword:0000002f
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,2e,01,00,a6,5d,03,eb,90,e8,ca,5c,64,d8,60,f3,33,f7,8e,a9,d8,3e,b0,\
.
[HKEY_USERS\S-1-5-21-763623151-130089330-3102020656-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):7c,2a,a4,44,4d,8b,ab,c2,e3,d0,87,69,0d,88,32,fe,63,ec,53,a4,0f,
c1,cf,17,01,b2,08,29,25,ff,78,ea,56,fa,f6,01,c1,55,a6,04,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-763623151-130089330-3102020656-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):86,8d,92,59,bd,9b,f3,4f,f9,be,6d,49,fa,2c,08,d7,ef,b7,b2,f1,1a,
95,bf,68,a3,4d,9f,95,c9,ba,68,76,ae,95,2f,ea,a6,6e,81,eb,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-11-15 21:10:36
ComboFix-quarantined-files.txt 2013-11-15 20:10
.
Před spuštěním: Volných bajtů: 37 505 982 464
Po spuštění: Volných bajtů: 37 335 638 016
.
- - End Of File - - DEDD2FBA92556FE27BEAA63545B8FCEB
A36C5E4F47E84449FF07ED3517B43A31
Děkuji předem za případnou pomoc
ComboFix 13-11-15.01 - Karel 15.11.2013 21:03:18.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8189.5707 [GMT 1:00]
Spuštěný z: c:\users\Karel\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
* Vytvořen nový Bod Obnovení
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Karel\AppData\Roaming\inst.exe
c:\windows\SysWow64\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-10-15 do 2013-11-15 )))))))))))))))))))))))))))))))
.
.
2013-11-13 18:28 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-11-13 18:28 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-11-13 18:28 . 2013-10-04 02:28 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-11-13 18:28 . 2013-10-04 02:25 197120 ----a-w- c:\windows\system32\credui.dll
2013-11-13 18:28 . 2013-10-04 02:24 1930752 ----a-w- c:\windows\system32\authui.dll
2013-11-13 18:28 . 2013-10-04 01:58 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-11-13 18:28 . 2013-10-04 01:56 168960 ----a-w- c:\windows\SysWow64\credui.dll
2013-11-13 18:28 . 2013-10-04 01:56 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-11-11 20:46 . 2013-10-14 17:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-11-09 05:08 . 2013-11-07 23:41 174968 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2013-10-20 11:46 . 2013-10-20 11:46 -------- d-----w- c:\programdata\Package Cache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-13 18:28 . 2012-10-28 21:29 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-11-13 17:41 . 2012-10-28 14:18 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-28 20:25 . 2012-10-28 20:57 6656 ----a-w- c:\windows\system32\lpcio.dll
2013-10-16 01:55 . 2013-10-16 01:55 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-10-16 01:55 . 2013-10-16 01:55 312744 ----a-w- c:\windows\system32\javaws.exe
2013-10-16 01:55 . 2013-10-16 01:55 189352 ----a-w- c:\windows\system32\javaw.exe
2013-10-16 01:55 . 2013-10-16 01:55 189352 ----a-w- c:\windows\system32\java.exe
2013-10-08 05:50 . 2013-10-16 01:59 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-27 03:18 . 2013-10-12 05:17 1147480 ----a-w- c:\windows\system32\drivers\NISx64\1501000.012\symefa64.sys
2013-09-27 02:26 . 2013-10-12 05:17 858200 ----a-w- c:\windows\system32\drivers\NISx64\1501000.012\srtsp64.sys
2013-09-26 03:28 . 2013-10-12 05:17 590936 ----a-w- c:\windows\system32\drivers\NISx64\1501000.012\symnets.sys
2013-09-26 02:50 . 2013-10-12 05:17 162392 ----a-w- c:\windows\system32\drivers\NISx64\1501000.012\ccsetx64.sys
2013-09-25 02:22 . 2013-11-13 18:27 340992 ----a-w- c:\windows\system32\schannel.dll
2013-09-25 01:57 . 2013-11-13 18:27 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-09-21 08:49 . 2012-10-28 11:30 3008880 ----a-w- c:\windows\system32\auto_reactivate.exe
2013-09-12 08:58 . 2013-09-19 20:05 9281032 ----a-w- c:\windows\system32\nvcuda.dll
2013-09-12 08:58 . 2013-09-19 20:05 7720576 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-09-12 08:58 . 2013-09-19 20:05 7648000 ----a-w- c:\windows\system32\nvopencl.dll
2013-09-12 08:58 . 2013-09-19 20:05 681760 ----a-w- c:\windows\system32\NvFBC64.dll
2013-09-12 08:58 . 2013-09-19 20:05 6329552 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-09-12 08:58 . 2013-09-19 20:05 603424 ----a-w- c:\windows\system32\NvIFR64.dll
2013-09-12 08:58 . 2013-09-19 20:05 586016 ----a-w- c:\windows\SysWow64\NvFBC.dll
2013-09-12 08:58 . 2013-09-19 20:05 515360 ----a-w- c:\windows\SysWow64\NvIFR.dll
2013-09-12 08:58 . 2013-09-19 20:05 2970400 ----a-w- c:\windows\system32\nvcuvid.dll
2013-09-12 08:58 . 2013-09-19 20:05 29337376 ----a-w- c:\windows\system32\nvoglv64.dll
2013-09-12 08:58 . 2013-09-19 20:05 2789152 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-09-12 08:58 . 2013-09-19 20:05 2630304 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-09-12 08:58 . 2013-09-19 20:05 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2013-09-12 08:58 . 2013-09-19 20:05 2367264 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-09-12 08:58 . 2013-09-19 20:05 22102304 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-09-12 08:58 . 2013-09-19 20:05 2007328 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-09-12 08:58 . 2013-09-19 20:05 1884448 ----a-w- c:\windows\system32\nvdispco6432723.dll
2013-09-12 08:58 . 2013-09-19 20:05 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-09-12 08:58 . 2013-09-19 20:05 1511712 ----a-w- c:\windows\system32\nvdispgenco6432723.dll
2013-09-12 08:58 . 2013-09-19 20:05 13628208 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-09-12 08:58 . 2013-09-19 20:05 12947360 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-09-12 08:58 . 2013-09-19 20:05 11274528 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-09-12 08:58 . 2013-09-15 19:07 61216 ----a-w- c:\windows\system32\OpenCL.dll
2013-09-12 08:58 . 2013-09-15 19:07 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-09-12 08:58 . 2013-09-15 19:06 2986672 ----a-w- c:\windows\system32\nvapi64.dll
2013-09-12 08:58 . 2013-09-15 19:06 15901448 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-09-12 08:58 . 2013-09-15 19:06 15703688 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-09-12 07:25 . 2013-09-15 19:07 6599968 ----a-w- c:\windows\system32\nvcpl.dll
2013-09-12 07:25 . 2013-09-15 19:07 3452192 ----a-w- c:\windows\system32\nvsvc64.dll
2013-09-12 07:25 . 2013-09-15 19:07 920864 ----a-w- c:\windows\system32\nvvsvc.exe
2013-09-12 07:25 . 2013-09-15 19:07 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-09-12 07:25 . 2013-09-15 19:07 2559776 ----a-w- c:\windows\system32\nvsvcr.dll
2013-09-12 07:25 . 2013-09-15 19:07 219424 ----a-w- c:\windows\system32\nvmctray.dll
2013-09-11 23:17 . 2013-09-11 23:17 571168 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-09-08 20:29 . 2012-07-17 12:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-09-08 05:56 . 2012-12-21 21:11 25640 ----a-w- c:\windows\etdrv.sys
2013-09-08 05:56 . 2012-10-28 11:24 30528 ----a-w- c:\windows\GVTDrv64.sys
2013-09-08 05:56 . 2012-10-28 11:23 25640 ----a-w- c:\windows\gdrv.sys
2013-09-08 02:30 . 2013-10-09 02:21 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-09 02:21 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-09 02:21 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-09-04 12:12 . 2013-10-09 02:19 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-09-04 12:11 . 2013-10-09 02:19 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-09-04 12:11 . 2013-10-09 02:19 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-09-04 12:11 . 2013-10-09 02:19 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-09-04 12:11 . 2013-10-09 02:19 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-09-04 12:11 . 2013-10-09 02:19 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-09-04 12:11 . 2013-10-09 02:19 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-09-04 02:28 . 2012-10-28 11:05 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-08-29 02:17 . 2013-10-09 02:21 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-29 02:16 . 2013-10-09 02:21 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-08-29 02:16 . 2013-10-09 02:21 243712 ----a-w- c:\windows\system32\wow64.dll
2013-08-29 02:16 . 2013-10-09 02:21 859648 ----a-w- c:\windows\system32\tdh.dll
2013-08-29 02:13 . 2013-10-09 02:21 878080 ----a-w- c:\windows\system32\advapi32.dll
2013-08-29 01:51 . 2013-10-09 02:21 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-09 02:21 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-09 02:21 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-08-29 01:50 . 2013-10-09 02:21 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-08-29 01:50 . 2013-10-09 02:21 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2013-08-29 01:48 . 2013-10-09 02:21 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2013-08-29 01:48 . 2013-10-09 02:21 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-29 01:29 . 2013-10-09 02:21 33280 ----a-w- c:\windows\system32\drivers\usbser.sys
2013-08-29 00:49 . 2013-10-09 02:21 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-08-29 00:49 . 2013-10-09 02:21 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-08-29 00:49 . 2013-10-09 02:21 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49 . 2013-10-09 02:21 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-08-28 01:21 . 2013-10-09 02:21 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-08-28 01:12 . 2013-10-09 02:20 461312 ----a-w- c:\windows\system32\scavengeui.dll
2013-08-20 08:26 . 2013-06-09 17:18 1446912 ----a-w- c:\windows\system32\VSFilter.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-06-29 5980024]
"AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2012-06-29 1173224]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-08-09 5263504]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\Karel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
USB Sharing.lnk - c:\program files (x86)\USB Sharing\usbshare.exe [2012-10-28 139264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck auto_reactivate \\?\Volume{68697fcb-6d5b-11e2-9015-902b34914d28}\bootwiz\asrm.bin
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtpt64.sys [x]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtbs64.sys [x]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvmdm64.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1501000.012\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1501000.012\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\SYMEFA64.SYS [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt67;Acronis Disk Storage Filter (67);c:\windows\system32\DRIVERS\vsflt67.sys;c:\windows\SYSNATIVE\DRIVERS\vsflt67.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20131101.003\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20131101.003\BHDrvx64.sys [x]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20131114.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20131114.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1501000.012\SYMNETS.SYS [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 AVER_H193;AVerMedia H193 Video Capture;c:\windows\system32\drivers\AVer888RC_64.sys;c:\windows\SYSNATIVE\drivers\AVer888RC_64.sys [x]
S3 CXCIR;AVerMedia Consumer Infrared Receiver;c:\windows\system32\DRIVERS\AVer888RCIR_64.sys;c:\windows\SYSNATIVE\DRIVERS\AVer888RCIR_64.sys [x]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys;c:\windows\SYSNATIVE\DRIVERS\DKRtWrt.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2013-11-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-28 17:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-06-29 403552]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1840720]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-03 767312]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Doplňkový sken -------
.
uStart Page = https://www.gemoney.cz/lide
uLocal Page = c:\windows\system32\blank.htm
uSearchURL,(Default) = hxxp://search.daum.net/search?nil_profile=ie&ref_code=ms&q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Stáhnout s IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Stáhnout Star Downloaderem
Trusted Zone: csob.cz\ib24
TCP: DhcpNameServer = 192.168.0.254
FF - ProfilePath - c:\users\Karel\AppData\Roaming\Mozilla\Firefox\Profiles\3xsmdpzu.default-1364998690183\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 4
FF - user.js: nglayout.initialpaint.delay - 100
FF - user.js: content.notify.ontimer - true
FF - user.js: content.notify.interval - 100000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 4
FF - user.js: network.http.max-persistent-connections-per-server - 2
FF - user.js: browser.sessionstore.resume_session_once - true
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-EfficientPIM - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2487367 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2656351 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2736428 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2742595 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2858302v2 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2604121 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656351 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656368v2 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656405 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2686827 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2729449 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2736428 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2737019 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2742595 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2789642 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2804576 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2835393 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2840628 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2840628v2 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2858302v2 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18;c:\program files (x86)\Norton Internet Security\Engine64\21.1.0.18"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-763623151-130089330-3102020656-1000_Classes\Wow6432Node\CLSID\{18b39737-b623-4295-a1af-3992d72abf65}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000011c
"Therad"=dword:0000001d
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-763623151-130089330-3102020656-1000_Classes\Wow6432Node\CLSID\{1b4a2c5f-cc4e-412f-a118-79646a9355fe}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000a0
"Therad"=dword:0000002f
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,2e,01,00,a6,5d,03,eb,90,e8,ca,5c,64,d8,60,f3,33,f7,8e,a9,d8,3e,b0,\
.
[HKEY_USERS\S-1-5-21-763623151-130089330-3102020656-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):7c,2a,a4,44,4d,8b,ab,c2,e3,d0,87,69,0d,88,32,fe,63,ec,53,a4,0f,
c1,cf,17,01,b2,08,29,25,ff,78,ea,56,fa,f6,01,c1,55,a6,04,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-763623151-130089330-3102020656-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):86,8d,92,59,bd,9b,f3,4f,f9,be,6d,49,fa,2c,08,d7,ef,b7,b2,f1,1a,
95,bf,68,a3,4d,9f,95,c9,ba,68,76,ae,95,2f,ea,a6,6e,81,eb,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-11-15 21:10:36
ComboFix-quarantined-files.txt 2013-11-15 20:10
.
Před spuštěním: Volných bajtů: 37 505 982 464
Po spuštění: Volných bajtů: 37 335 638 016
.
- - End Of File - - DEDD2FBA92556FE27BEAA63545B8FCEB
A36C5E4F47E84449FF07ED3517B43A31
