Prosim o kontrolu

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[TomTom23]

Po restartu se objevilo okno : pripravuji log...
a potom to zamrzlo... takze log nemam
mam spustit CF este jednou aby vytvoril novy log
(popripade s nebo bez toho scriptu)???

[Rudy]

Spusťte znovu, se skriptem, ale v nouz. režimu.

[TomTom23]

zdravim
jsem se ktomu ted par dni nedostal...
spustil jsem znovu CF se scriptem a tentokrat se povedlo
tady je log:

ComboFix 14-02-03.01 - Tom 04.02.2014 19:28:03.3.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4012.2790 [GMT 1:00]
Spuštěný z: c:\users\Tom\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\Tom\Desktop\CFScript.txt
AV: ESET Smart Security 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personální firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-01-04 do 2014-02-04 )))))))))))))))))))))))))))))))
.
.
2014-02-04 18:33 . 2014-02-04 18:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-27 19:40 . 2014-01-27 19:44 -------- d-----w- c:\users\Tom\P5JavaClientSettings
2014-01-27 19:40 . 2014-01-27 19:40 -------- d-----w- c:\users\Tom\AppData\Local\P5
2014-01-27 19:40 . 2014-01-27 19:42 -------- d-----w- C:\Poker
2014-01-22 20:06 . 2014-01-22 20:06 -------- d-----w- C:\rsit
2014-01-22 17:20 . 2014-01-22 17:26 -------- d-----w- C:\AdwCleaner
2014-01-22 15:46 . 2014-01-22 15:46 -------- d-----w- C:\SkyDriveTemp
2014-01-20 09:48 . 2014-01-20 09:48 -------- d-----w- c:\users\Tom\AppData\Roaming\EPSON
2014-01-19 04:56 . 2014-01-19 04:56 -------- d-----w- c:\users\qftzkqagcuu
2014-01-15 13:44 . 2014-01-29 14:44 -------- d-----w- c:\program files\trend micro
2014-01-15 13:28 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 13:28 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 13:28 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 13:28 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 13:28 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 13:28 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 13:28 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-15 13:28 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-15 13:28 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-01-13 12:28 . 2014-01-13 12:28 -------- d-----w- c:\users\Tom\AppData\Roaming\Canon
2014-01-13 12:26 . 2014-01-13 12:27 -------- d-----w- c:\program files (x86)\Canon
2014-01-06 10:16 . 2014-01-06 10:16 -------- d--h--w- c:\programdata\CanonBJ
2014-01-06 10:16 . 2009-07-14 01:40 84992 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNBPP4.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-20 13:15 . 2013-12-21 20:47 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-20 13:15 . 2013-11-30 03:34 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-18 02:01 . 2013-11-30 10:23 86054176 ----a-w- c:\windows\system32\MRT.exe
2014-01-17 02:18 . 2013-11-30 14:56 566480 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-12-15 02:05 . 2013-12-15 02:05 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-15 02:05 . 2013-12-15 02:05 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-15 02:05 . 2013-12-15 02:05 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-15 02:05 . 2013-12-15 02:05 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-15 02:05 . 2013-12-15 02:05 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-15 02:05 . 2013-12-15 02:05 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-15 02:05 . 2013-12-15 02:05 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-15 02:05 . 2013-12-15 02:05 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-15 02:05 . 2013-12-15 02:05 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-15 02:05 . 2013-12-15 02:05 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-12-15 02:05 . 2013-12-15 02:05 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-15 02:05 . 2013-12-15 02:05 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-15 02:05 . 2013-12-15 02:05 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-15 02:05 . 2013-12-15 02:05 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-15 02:05 . 2013-12-15 02:05 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-12-15 02:05 . 2013-12-15 02:05 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-12-15 02:05 . 2013-12-15 02:05 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-15 02:05 . 2013-12-15 02:05 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-12-15 02:05 . 2013-12-15 02:05 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-15 02:05 . 2013-12-15 02:05 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-15 02:05 . 2013-12-15 02:05 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-15 02:05 . 2013-12-15 02:05 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-15 02:05 . 2013-12-15 02:05 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-15 02:05 . 2013-12-15 02:05 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-15 02:05 . 2013-12-15 02:05 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-15 02:05 . 2013-12-15 02:05 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-15 02:05 . 2013-12-15 02:05 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-15 02:05 . 2013-12-15 02:05 195584 ----a-w- c:\windows\system32\msrating.dll
2013-12-15 02:05 . 2013-12-15 02:05 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-15 02:05 . 2013-12-15 02:05 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-15 02:05 . 2013-12-15 02:05 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-15 02:05 . 2013-12-15 02:05 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-15 02:05 . 2013-12-15 02:05 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-15 02:05 . 2013-12-15 02:05 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-15 02:05 . 2013-12-15 02:05 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-15 02:05 . 2013-12-15 02:05 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-15 02:05 . 2013-12-15 02:05 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-15 02:05 . 2013-12-15 02:05 413696 ----a-w- c:\windows\system32\html.iec
2013-12-15 02:05 . 2013-12-15 02:05 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-15 02:05 . 2013-12-15 02:05 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-15 02:05 . 2013-12-15 02:05 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-15 02:05 . 2013-12-15 02:05 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-15 02:05 . 2013-12-15 02:05 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-15 02:05 . 2013-12-15 02:05 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-15 02:05 . 2013-12-15 02:05 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-15 02:05 . 2013-12-15 02:05 235520 ----a-w- c:\windows\system32\url.dll
2013-12-15 02:05 . 2013-12-15 02:05 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-15 02:05 . 2013-12-15 02:05 101376 ----a-w- c:\windows\system32\inseng.dll
2013-12-15 02:05 . 2013-12-15 02:05 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-12-15 02:05 . 2013-12-15 02:05 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-12-15 02:05 . 2013-12-15 02:05 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-15 02:05 . 2013-12-15 02:05 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-15 02:05 . 2013-12-15 02:05 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-15 02:05 . 2013-12-15 02:05 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-15 02:05 . 2013-12-15 02:05 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-15 02:05 . 2013-12-15 02:05 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-15 02:05 . 2013-12-15 02:05 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-15 02:05 . 2013-12-15 02:05 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-15 02:05 . 2013-12-15 02:05 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-11-30 15:44 . 2013-11-30 15:45 40464 ----a-w- c:\windows\system32\drivers\npf.sys
2013-11-30 15:44 . 2013-11-30 15:45 98816 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2013-11-30 15:44 . 2013-11-30 15:45 86016 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2013-11-30 15:44 . 2013-11-30 15:45 69632 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2013-11-30 15:44 . 2013-11-30 15:45 28672 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2013-11-30 15:44 . 2013-11-30 15:45 22016 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2013-11-30 15:44 . 2013-11-30 15:45 212992 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
2013-11-30 15:44 . 2013-11-30 15:45 13952 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2013-11-30 15:44 . 2013-11-30 15:45 117248 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2013-11-30 15:44 . 2013-11-30 15:45 1001472 ----a-w- c:\windows\system32\drivers\mod7700.sys
2013-11-30 15:44 . 2013-11-30 15:45 421376 ----a-w- c:\windows\system32\drivers\ewusbwwan.sys
2013-11-30 15:44 . 2013-11-30 15:45 32768 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2013-11-30 15:44 . 2013-11-30 15:45 221312 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2013-11-30 15:44 . 2013-11-30 15:45 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2013-11-30 15:44 . 2013-11-30 15:45 1490656 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2013-11-30 11:15 . 2013-11-30 11:15 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-30 11:15 . 2013-11-30 11:15 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-30 11:15 . 2013-11-30 11:15 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-11-30 11:15 . 2013-11-30 11:15 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-11-30 11:15 . 2013-11-30 11:15 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-11-30 11:15 . 2013-11-30 11:15 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-11-30 11:15 . 2013-11-30 11:15 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-11-30 11:15 . 2013-11-30 11:15 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-11-30 11:15 . 2013-11-30 11:15 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-11-30 11:15 . 2013-11-30 11:15 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-11-30 11:15 . 2013-11-30 11:15 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-11-30 11:15 . 2013-11-30 11:15 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-11-30 11:15 . 2013-11-30 11:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-11-30 11:15 . 2013-11-30 11:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-11-30 11:15 . 2013-11-30 11:15 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-11-30 11:15 . 2013-11-30 11:15 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-11-30 11:15 . 2013-11-30 11:15 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-11-30 11:15 . 2013-11-30 11:15 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-11-30 11:15 . 2013-11-30 11:15 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-11-30 11:15 . 2013-11-30 11:15 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-11-30 11:15 . 2013-11-30 11:15 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-11-30 11:15 . 2013-11-30 11:15 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-11-30 16:12 222832 ----a-w- c:\users\Tom\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-11-30 16:12 222832 ----a-w- c:\users\Tom\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-11-30 16:12 222832 ----a-w- c:\users\Tom\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIIJE.EXE" [2012-02-29 283232]
"EPLTarget\P0000000000000001"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIIJE.EXE" [2012-02-29 283232]
"CAHeadless"="c:\program files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" [2013-09-25 1400224]
"SkyDrive"="c:\users\Tom\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-11-30 257136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-01 336384]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-05-31 2801288]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
.
c:\users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Tom\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Mobile Broadband. RunOuc;Mobile Broadband. OUC;c:\program files (x86)\Mobile Broadband\UpdateDog\ouc.exe;c:\program files (x86)\Mobile Broadband\UpdateDog\ouc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [x]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe;c:\progra~1\mcafee\msc\mcawfwk.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 SaiK0CCC;SaiK0CCC;c:\windows\system32\DRIVERS\SaiK0CCC.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK0CCC.sys [x]
R3 SaiU0CCC;SaiU0CCC;c:\windows\system32\DRIVERS\SaiU0CCC.sys;c:\windows\SYSNATIVE\DRIVERS\SaiU0CCC.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe;c:\program files\Sony\VAIO Update Common\VUAgent.exe [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wifimansvc;Wifi Man Service;c:\program files (x86)\Mobile Broadband\eap\wifimansvc.exe;c:\program files (x86)\Mobile Broadband\eap\wifimansvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S2 AdobeActiveFileMonitor12.0;Adobe Active File Monitor V12;c:\program files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 DraftSight API Service;DraftSight API Service;c:\program files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe;c:\program files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 OfficeSvc;Služba Microsoft Office;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-11-30 16:12 261744 ----a-w- c:\users\Tom\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-11-30 16:12 261744 ----a-w- c:\users\Tom\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-11-30 16:12 261744 ----a-w- c:\users\Tom\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-01-17 02:19 2331336 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-01-17 02:19 2331336 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-01-17 02:19 2331336 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-05 11860072]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-07-05 2226280]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-07-12 10372368]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-19 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-19 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-19 416024]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-09-12 5618456]
"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2013-04-16 454144]
"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2013-04-16 158208]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-06-03 472984]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://vaioportal.sony.eu
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{37DD2DAC-E98C-426E-8EB0-1F9CCFD4E63F}: NameServer = 195.67.199.27 195.67.199.28
TCP: Interfaces\{7D4820F3-71F6-483E-BAE1-9F3AC60E96CE}: NameServer = 195.67.199.27 195.67.199.28
TCP: Interfaces\{D15B5FFA-04AE-4CF9-90DC-43408D64E163}: NameServer = 195.67.199.27 195.67.199.28
FF - ProfilePath - c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\dpwxevbm.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&_\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 &_ Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\programdata\Mobile Broadband\OnlineUpdate\ouc.exe
c:\program files (x86)\Sony\VAIO Control Center\VESMgr.exe
c:\program files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
c:\program files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
c:\windows\SysWOW64\DllHost.exe
c:\windows\SysWOW64\DllHost.exe
c:\programdata\DatacardService\DCSHelper.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Sony\VAIO Care\listener.exe
.
**************************************************************************
.
Celkový čas: 2014-02-04 19:39:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-02-04 18:39
ComboFix2.txt 2014-01-29 17:52
.
Před spuštěním: Volných bajtů: 298 483 757 056
Po spuštění: Volných bajtů: 298 156 777 472
.
- - End Of File - - A59212A1AEFE24BE19FE76F34FB5DCB0

[Rudy]

OK. Jak to vypadá nyní?

[TomTom23]

abych pravdu rekl nic moc...
ten ucet qfzkqagcuu se porad vraci /vymazu, restartuju a je tam zas.../
stranky se nacitaj porad velmi pomalu...
nebo kdyz telefonuju pres skype tak to casto vypadava /prej problem s pripojenim/
i kdyz mame oba plny signal...

[Rudy]

Udělejte komletní sken MBAR:

Stáhněte Malwarebytes Anti-Rootkit http://www.malwarebytes.org/products/mbar/

Uložte nejlépe na Plochu a rozbalte
Spusťte kliknutím na mbar
Nyní postupně klikněte na Next a Update
Po dokončení update (aktualizace) databáze klikněte opět na Next
Nechte zaškrtnute všechny tři možnosti a kliněte na Scan čímž spustíte prohledavani PC
Po dokončeni skenu (cca 5 minutek) zkontrolujte, zda-li je u všech nalezů (samozrejme pokud budou) zatržítko
Tež zkontrolujte, jestli je zatržitko u Create Restore point
Nyní klikněte na CleanUp čímž nalezenou infekci odstraníme
PC bude restartován
Složka mbar by měla obsahovat log (a zřejmě se i sám otevře) mbar-log-rok-měsíc-den (hodina-minuta-sekunda).txt, ten mi sem dejte.

[TomTom23]

nic to nenaslo...

[Rudy]

V logu se to nikde neobjevuje, takže vůbec nevím z čeho to povstává. Ještě zkusíme toto:

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe , ulozte ho na plochu, kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Zprava a objevi se log. Ten mi sem vlozte.

[TomTom23]

RogueKiller V8.8.5 [Feb 3 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : hxxp://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Tom [Práva správce]
Mód : Kontrola -- Datum : 02/04/2014 22:34:41
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 1 ¤¤¤
[SUSP PATH] ouc.exe -- C:\ProgramData\Mobile Broadband\OnlineUpdate\ouc.exe [7] -> SMAZÁNO [TermProc]

¤¤¤ ¤¤¤ Záznamy Registrů: : 18 ¤¤¤
[DNS][PUM] HKLM\[...]\CCSet\[...]\{37DD2DAC-E98C-426E-8EB0-1F9CCFD4E63F} : NameServer (195.67.199.27 195.67.199.28 [SWEDEN (SE) - SWEDEN (SE)]) -> NALEZENO
[DNS][PUM] HKLM\[...]\CCSet\[...]\{7D4820F3-71F6-483E-BAE1-9F3AC60E96CE} : NameServer (195.67.199.27 195.67.199.28 [SWEDEN (SE) - SWEDEN (SE)]) -> NALEZENO
[DNS][PUM] HKLM\[...]\CCSet\[...]\{D15B5FFA-04AE-4CF9-90DC-43408D64E163} : NameServer (195.67.199.27 195.67.199.28 [SWEDEN (SE) - SWEDEN (SE)]) -> NALEZENO
[DNS][PUM] HKLM\[...]\CS001\[...]\{37DD2DAC-E98C-426E-8EB0-1F9CCFD4E63F} : NameServer (195.67.199.27 195.67.199.28 [SWEDEN (SE) - SWEDEN (SE)]) -> NALEZENO
[DNS][PUM] HKLM\[...]\CS001\[...]\{7D4820F3-71F6-483E-BAE1-9F3AC60E96CE} : NameServer (195.67.199.27 195.67.199.28 [SWEDEN (SE) - SWEDEN (SE)]) -> NALEZENO
[DNS][PUM] HKLM\[...]\CS001\[...]\{D15B5FFA-04AE-4CF9-90DC-43408D64E163} : NameServer (195.67.199.27 195.67.199.28 [SWEDEN (SE) - SWEDEN (SE)]) -> NALEZENO
[DNS][PUM] HKLM\[...]\CS002\[...]\{37DD2DAC-E98C-426E-8EB0-1F9CCFD4E63F} : NameServer (195.67.199.27 195.67.199.28 [SWEDEN (SE) - SWEDEN (SE)]) -> NALEZENO
[DNS][PUM] HKLM\[...]\CS002\[...]\{7D4820F3-71F6-483E-BAE1-9F3AC60E96CE} : NameServer (195.67.199.27 195.67.199.28 [SWEDEN (SE) - SWEDEN (SE)]) -> NALEZENO
[DNS][PUM] HKLM\[...]\CS002\[...]\{D15B5FFA-04AE-4CF9-90DC-43408D64E163} : NameServer (195.67.199.27 195.67.199.28 [SWEDEN (SE) - SWEDEN (SE)]) -> NALEZENO
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> NALEZENO
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> NALEZENO
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NALEZENO
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowHelp (0) -> NALEZENO
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_TrackProgs (0) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) TOSHIBA MK5059GSXP +++++
--- User ---
[MBR] 780a6e405965cc3805887fce136ae2ba
[BSP] c15d8ee8c9ce9d30375de9f79a985e3a : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 21153 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 43323392 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 43528192 | Size: 455685 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_S_02042014_223441.txt >>

[Rudy]

Znovu spustte RogueKiller jako spravce (pokud jste ho jeste nezavrel/a, rovnou kliknete na napis Smazat)
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Smazat.
Pak kliknete na napis Zprava a objevi se log. Ten mi sem vlozte.
Pak kliknete na napis Oprava Host a Zprava.
Objevi se dalsi log. I ten mi sem vlozte.

[TomTom23]

RogueKiller V8.8.5 [Feb 3 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : hxxp://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Tom [Práva správce]
Mód : Odebrat -- Datum : 02/04/2014 22:46:03
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 1 ¤¤¤
[SUSP PATH] ouc.exe -- C:\ProgramData\Mobile Broadband\OnlineUpdate\ouc.exe [7] -> SMAZÁNO [TermProc]

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) TOSHIBA MK5059GSXP +++++
--- User ---
[MBR] 780a6e405965cc3805887fce136ae2ba
[BSP] c15d8ee8c9ce9d30375de9f79a985e3a : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 21153 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 43323392 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 43528192 | Size: 455685 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_D_02042014_224603.txt >>
RKreport[0]_D_02042014_224240.txt;RKreport[0]_S_02042014_223441.txt;RKreport[0]_S_02042014_224400.txt

[TomTom23]

RogueKiller V8.8.5 [Feb 3 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : hxxp://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Tom [Práva správce]
Mód : Oprava HOSTS -- Datum : 02/04/2014 22:47:27
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 1 ¤¤¤
[SUSP PATH] ouc.exe -- C:\ProgramData\Mobile Broadband\OnlineUpdate\ouc.exe [7] -> SMAZÁNO [TermProc]

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost


Dokončeno : << RKreport[0]_H_02042014_224727.txt >>
RKreport[0]_D_02042014_224240.txt;RKreport[0]_D_02042014_224603.txt;RKreport[0]_S_02042014_223441.txt
RKreport[0]_S_02042014_224400.txt

[Rudy]

OK. Nastala nějaká změna?

[TomTom23]

jo, nacitani stranek zrychlilo...
ten ucet se tam vraci porad...
skusim par dni pouzivat a dam vedet...
nebo vas este neco napada?