Dvojite hacky, carky

[Symen]

Prosil bych o pomoc s dvojitymi hacky, carky. Zkousel jsem ruzne antiviry, malware, spy searchy a kdo vi co, ale bez vysledku

Posilam log z combofix:


ComboFix 14-02-05.02 - Denis 08.02.2014 22:35:11.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8170.5685 [GMT 1:00]
Spuštěný z: c:\users\Denis\AppData\Local\Opera\Opera\temporary_downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Denis\AppData\Local\Temp\jniwrap-3.8.4.Build.3.8.420825301\jniwrap.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-01-09 do 2014-02-09 )))))))))))))))))))))))))))))))
.
.
2014-02-08 21:38 . 2014-02-08 21:38 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-02-08 21:38 . 2014-02-08 21:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-08 21:13 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6541830C-C7CA-4157-B4FF-C65C052817CD}\mpengine.dll
2014-02-08 11:18 . 2014-02-08 11:18 -------- d-----w- c:\programdata\Kaspersky Lab
2014-02-08 10:39 . 2014-02-08 10:39 -------- d-----w- c:\program files (x86)\Trend Micro
2014-02-07 15:53 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-07 15:49 . 2014-02-07 15:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-02-07 15:49 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-06 09:58 . 2014-02-06 17:02 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-02-06 09:58 . 2014-02-06 17:12 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-01-31 08:07 . 2014-01-31 08:07 -------- d-----w- c:\users\Denis\AppData\Roaming\AVG
2014-01-31 08:06 . 2014-01-31 08:07 -------- d-----w- c:\programdata\AVG
2014-01-31 08:06 . 2014-01-31 08:12 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-01-30 15:29 . 2014-01-30 15:29 -------- d-----w- c:\users\Denis\AppData\Roaming\TuneUp Software
2014-01-30 15:27 . 2014-02-07 15:42 -------- d-----w- c:\programdata\MFAData
2014-01-30 15:27 . 2014-01-30 15:27 -------- d--h--w- c:\programdata\Common Files
2014-01-30 15:27 . 2014-01-30 15:27 -------- d-----w- c:\users\Denis\AppData\Local\MFAData
2014-01-29 15:16 . 2014-01-29 15:16 -------- d-----w- c:\users\Denis\AppData\Roaming\Malwarebytes
2014-01-29 15:16 . 2014-01-29 15:16 -------- d-----w- c:\programdata\Malwarebytes
2014-01-29 09:42 . 2014-01-29 09:42 -------- d-----w- c:\program files (x86)\Common Files\STORMWARE Shared
2014-01-29 09:42 . 2013-10-04 07:42 147456 ----a-w- c:\windows\SysWow64\bzpdfc.dll
2014-01-29 09:42 . 2013-07-13 10:15 805376 ----a-w- c:\windows\SysWow64\EditCtlsU.ocx
2014-01-29 09:42 . 2013-07-12 20:57 539648 ----a-w- c:\windows\SysWow64\LblCtlsU.ocx
2014-01-29 09:42 . 2013-04-05 11:55 476160 ----a-w- c:\windows\SysWow64\TabStripCtlU.ocx
2014-01-29 09:42 . 2013-03-03 12:37 1061888 ----a-w- c:\windows\SysWow64\ExLvwU.ocx
2014-01-29 09:42 . 2013-09-01 10:59 1103872 ----a-w- c:\windows\SysWow64\CBLCtlsU.ocx
2014-01-29 09:42 . 2013-03-28 21:13 645632 ----a-w- c:\windows\SysWow64\BtnCtlsU.ocx
2014-01-28 13:27 . 2014-01-28 13:27 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-28 13:27 . 2014-01-28 13:27 -------- d-----w- c:\program files\iTunes
2014-01-28 13:27 . 2014-01-28 13:27 -------- d-----w- c:\program files (x86)\iTunes
2014-01-28 13:27 . 2014-01-28 13:27 -------- d-----w- c:\program files\iPod
2014-01-23 08:14 . 2013-10-19 00:44 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B18DA628-12B3-4712-979F-7DEAFC62501A}\gapaengine.dll
2014-01-15 10:33 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 10:33 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 10:33 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 10:33 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 10:33 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 10:33 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 10:33 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-15 10:33 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-01-15 10:33 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-04 21:09 . 2012-04-12 07:16 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-04 21:09 . 2012-01-24 15:42 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-03 17:05 . 2012-01-24 15:17 2516 --sha-w- c:\programdata\KGyGaAvL.sys
2014-01-19 07:33 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-01-16 02:00 . 2012-01-20 23:18 86054176 ----a-w- c:\windows\system32\MRT.exe
2013-12-18 20:09 . 2013-10-20 17:06 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-27 02:00 . 2013-11-27 02:00 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-27 02:00 . 2013-11-27 02:00 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-11-27 02:00 . 2013-11-27 02:00 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-27 02:00 . 2013-11-27 02:00 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-11-27 02:00 . 2013-11-27 02:00 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-11-27 02:00 . 2013-11-27 02:00 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-11-27 02:00 . 2013-11-27 02:00 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-11-27 02:00 . 2013-11-27 02:00 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-11-27 02:00 . 2013-11-27 02:00 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-11-27 02:00 . 2013-11-27 02:00 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-11-27 02:00 . 2013-11-27 02:00 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-27 02:00 . 2013-11-27 02:00 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-11-27 02:00 . 2013-11-27 02:00 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-11-27 02:00 . 2013-11-27 02:00 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-11-27 02:00 . 2013-11-27 02:00 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-11-27 02:00 . 2013-11-27 02:00 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-11-27 02:00 . 2013-11-27 02:00 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-11-27 02:00 . 2013-11-27 02:00 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-11-27 02:00 . 2013-11-27 02:00 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-11-27 02:00 . 2013-11-27 02:00 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-11-27 02:00 . 2013-11-27 02:00 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-27 02:00 . 2013-11-27 02:00 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-27 02:00 . 2013-11-27 02:00 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-11-27 02:00 . 2013-11-27 02:00 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-27 02:00 . 2013-11-27 02:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-11-27 02:00 . 2013-11-27 02:00 81408 ----a-w- c:\windows\system32\icardie.dll
2013-11-27 02:00 . 2013-11-27 02:00 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-11-27 02:00 . 2013-11-27 02:00 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-27 02:00 . 2013-11-27 02:00 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-11-27 02:00 . 2013-11-27 02:00 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-11-27 02:00 . 2013-11-27 02:00 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-11-27 02:00 . 2013-11-27 02:00 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-11-27 02:00 . 2013-11-27 02:00 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-11-27 02:00 . 2013-11-27 02:00 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-27 02:00 . 2013-11-27 02:00 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-11-27 02:00 . 2013-11-27 02:00 413696 ----a-w- c:\windows\system32\html.iec
2013-11-27 02:00 . 2013-11-27 02:00 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-27 02:00 . 2013-11-27 02:00 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-27 02:00 . 2013-11-27 02:00 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-11-27 02:00 . 2013-11-27 02:00 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-11-27 02:00 . 2013-11-27 02:00 247808 ----a-w- c:\windows\system32\msls31.dll
2013-11-27 02:00 . 2013-11-27 02:00 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-11-27 02:00 . 2013-11-27 02:00 235520 ----a-w- c:\windows\system32\url.dll
2013-11-27 02:00 . 2013-11-27 02:00 195584 ----a-w- c:\windows\system32\msrating.dll
2013-11-27 02:00 . 2013-11-27 02:00 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-11-27 02:00 . 2013-11-27 02:00 143872 ----a-w- c:\windows\system32\wextract.exe
2013-11-27 02:00 . 2013-11-27 02:00 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-11-27 02:00 . 2013-11-27 02:00 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-27 02:00 . 2013-11-27 02:00 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-27 02:00 . 2013-11-27 02:00 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-11-27 02:00 . 2013-11-27 02:00 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-27 02:00 . 2013-11-27 02:00 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-27 02:00 . 2013-11-27 02:00 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-27 02:00 . 2013-11-27 02:00 774144 ----a-w- c:\windows\system32\jscript.dll
2013-11-27 02:00 . 2013-11-27 02:00 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-11-27 02:00 . 2013-11-27 02:00 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-11-27 02:00 . 2013-11-27 02:00 147968 ----a-w- c:\windows\system32\occache.dll
2013-11-27 02:00 . 2013-11-27 02:00 13824 ----a-w- c:\windows\system32\mshta.exe
2013-11-27 02:00 . 2013-11-27 02:00 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-11-26 11:54 . 2013-12-13 02:00 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-13 02:00 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-13 02:00 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-13 02:00 66048 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-13 02:00 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-13 02:00 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-13 02:00 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-13 02:00 33792 ----a-w- c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-13 02:00 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-13 02:00 574976 ----a-w- c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-13 02:00 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-13 02:00 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-13 02:00 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-13 02:00 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-13 02:00 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-13 02:00 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-13 02:00 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-13 02:00 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-13 02:00 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-13 02:00 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-13 02:00 2334208 ----a-w- c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-13 02:00 1395200 ----a-w- c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-13 02:00 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-13 02:00 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-12 21:24 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-12 21:24 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-12 02:23 . 2013-12-12 21:24 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-12 21:24 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2008-10-05 14:36 . 2012-02-11 11:36 4411392 ----a-w- c:\program files (x86)\mplayerc.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-16 01:21 222832 ----a-w- c:\users\Denis\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-16 01:21 222832 ----a-w- c:\users\Denis\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-16 01:21 222832 ----a-w- c:\users\Denis\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{69925D1B-6A0F-4413-861A-81AB98039DB9}"
[HKEY_CLASSES_ROOT\CLSID\{69925D1B-6A0F-4413-861A-81AB98039DB9}]
2013-01-30 11:12 159488 ----a-w- c:\windows\SysWOW64\SSCbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Winsplit"="c:\program files (x86)\WinSplit Revolution\WinSplit.exe" [2011-04-12 3951616]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2013-05-08 642664]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-01-20 43848]
.
c:\users\Denis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
myPhoneDesktop.lnk - c:\program files (x86)\myPhoneDesktop\bin\myPhoneDesktop.exe [2012-12-20 224256]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{C28617FD-4FE7-4043-AD51-C8132CE90106}"= "c:\windows\SysWOW64\SSCbFsMntNtf3.dll" [2013-01-30 159488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"EldosMountNotificator"= {C28617FD-4FE7-4043-AD51-C8132CE90106} - c:\windows\SysWOW64\SSCbFsMntNtf3.dll [2013-01-30 159488]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;Podpora skenování WSD přes UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
S2 Apache2.2;Apache2.2;c:\php\Apache22\bin\httpd.exe;c:\php\Apache22\bin\httpd.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 MySQL51;MySQL51;c:\php\mysql51\bin\mysqld --defaults-file=c:\php\mysql51\my.ini MySQL51;c:\php\mysql51\bin\mysqld --defaults-file=c:\php\mysql51\my.ini MySQL51 [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 SynoDrService;SynoDrService;c:\program files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe;c:\program files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 UsbClientService;UsbClientService;c:\program files (x86)\Synology\Assistant\UsbClientService.exe;c:\program files (x86)\Synology\Assistant\UsbClientService.exe [x]
S3 busenum;Synology Virtual USB Hub;c:\windows\system32\DRIVERS\busenum.sys;c:\windows\SYSNATIVE\DRIVERS\busenum.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 SSCBFS3;SugarSync CallBack File System driver v3;c:\windows\system32\DRIVERS\sscbfs3.sys;c:\windows\SYSNATIVE\DRIVERS\sscbfs3.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2014-02-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 21:09]
.
2014-02-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1450279053-2055100742-2640557512-1000Core.job
- c:\users\Denis\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-05 10:10]
.
2014-02-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1450279053-2055100742-2640557512-1000UA.job
- c:\users\Denis\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-05 10:10]
.
2014-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-04 13:24]
.
2014-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-04 13:24]
.
2014-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1450279053-2055100742-2640557512-1000Core.job
- c:\users\Denis\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-09 13:59]
.
2014-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1450279053-2055100742-2640557512-1000UA.job
- c:\users\Denis\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-09 13:59]
.
2014-02-08 c:\windows\Tasks\Synology Data Replicator 3-Denis-PC-Denis.job
- c:\program files (x86)\Synology Data Replicator 3\Backup.exe [2013-04-24 17:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-16 01:21 261744 ----a-w- c:\users\Denis\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-16 01:21 261744 ----a-w- c:\users\Denis\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-16 01:21 261744 ----a-w- c:\users\Denis\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{69925D1B-6A0F-4413-861A-81AB98039DB9}"
[HKEY_CLASSES_ROOT\CLSID\{69925D1B-6A0F-4413-861A-81AB98039DB9}]
2013-01-30 11:12 192256 ----a-w- c:\windows\System32\SSCbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2013-03-19 18:27 2198368 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2013-03-19 18:27 2198368 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{39D54CC2-69CF-43b4-B167-577D25E7F496}"
[HKEY_CLASSES_ROOT\CLSID\{39D54CC2-69CF-43b4-B167-577D25E7F496}]
2013-03-19 18:27 2198368 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2013-03-19 18:27 2198368 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncSharedPending]
@="{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}"
[HKEY_CLASSES_ROOT\CLSID\{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}]
2013-03-19 18:27 2198368 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-18 11775592]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{C28617FD-4FE7-4043-AD51-C8132CE90106}"= "c:\windows\system32\SSCbFsMntNtf3.dll" [2013-01-30 192256]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:Tabs
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: eBanka - c:\windows\web\ebanka.htm
Trusted Zone: postsignum.cz\www
TCP: DhcpNameServer = 172.16.0.177 192.168.1.1
FF - ProfilePath - c:\users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\f4mjxegq.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SSODL-EldosMountNotificator REG_SZ {C28617FD-4FE7-4043-AD51-C8132CE90106}- - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL51]
"ImagePath"="\"c:\php\mysql51\bin\mysqld\" --defaults-file=\"c:\php\mysql51\my.ini\" MySQL51"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\TeamViewer\Version8\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version8\tv_w32.exe
c:\program files (x86)\WinSplit Revolution\WinSplitDrvr32.exe
.
**************************************************************************
.
Celkový čas: 2014-02-09 01:01:51 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-02-09 00:01
ComboFix2.txt 2014-02-06 17:22
.
Před spuštěním: 7 353 339 904
Po spuštění: 7 287 033 856
.
- - End Of File - - 6C3AC391467C542DBB63F132EF4069D5
A36C5E4F47E84449FF07ED3517B43A31

[Rudy]

Zdravím!
Proč spouštíte ComboFix, utilitu určenou pouze profesionálům? Hodláte si nabořit systém, nebo některou aplikaci?

Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do ně:

KillAll::

Folder::
c:\programdata\Kaspersky Lab
c:\users\Denis\AppData\Roaming\AVG
c:\programdata\AVG
c:\users\Denis\AppData\Local\Facebook\Update

File::
c:\programdata\KGyGaAvL.sys
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1450279053-2055100742-2640557512-1000Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1450279053-2055100742-2640557512-1000UA.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1450279053-2055100742-2640557512-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1450279053-2055100742-2640557512-1000UA.job

Registry::
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"=-

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[Symen]

ComboFix 14-02-05.02 - Denis 09.02.2014 13:04:06.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8170.6122 [GMT 1:00]
Spuštěný z: c:\users\Denis\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Denis\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\KGyGaAvL.sys"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1450279053-2055100742-2640557512-1000Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1450279053-2055100742-2640557512-1000UA.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1450279053-2055100742-2640557512-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1450279053-2055100742-2640557512-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\AVG
c:\programdata\AVG\AWL\AvgRep.xml
c:\programdata\AVG\AWL\Program Statistics\ProgramStatistics.2013.tudb
c:\programdata\AVG\AWL\TUProgMan.10.tudb
c:\programdata\AVG\AWL\TUProgManagerCache.10.tudb
c:\programdata\AVG\AWL\TUTuningIndex.10.2.tudb
c:\programdata\AVG\AWL\TUUtilitiesSvc.13.tudb
c:\programdata\AVG\AWL00D634249FBAF29E7B804A0921315454.xml
c:\programdata\AVG\AWL00DC6E28723B0E579B3BC79829B67CA0.xml
c:\programdata\AVG\AWL2014\TTUSvc.tt
c:\programdata\AVG\AWL2014\TUProgRating.10.tudb
c:\programdata\AVG\AWL2014\TUReportData.10.tudb
c:\programdata\Kaspersky Lab
c:\programdata\Kaspersky Lab\~PRCustomProps#4dd.dat
c:\programdata\Kaspersky Lab\~PRObjects#4dd.dat
c:\programdata\KGyGaAvL.sys
c:\users\Denis\AppData\Local\Facebook\Update
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\FacebookCrashHandler.exe
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdate.exe
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdateHelper.msi
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ar.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_bg.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_bn.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ca.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_cs.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_da.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_de.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_el.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_en-GB.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_en.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_es-419.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_es.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_et.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fa.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fi.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fil.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fr.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_gu.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hi.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hr.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hu.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_id.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_is.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_it.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_iw.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ja.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_kn.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ko.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_lt.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_lv.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ml.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_mr.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ms.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_nl.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_no.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_or.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pl.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pt-BR.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pt-PT.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ro.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ru.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sk.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sl.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sr.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sv.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ta.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_te.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_th.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_tr.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_uk.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ur.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_vi.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_zh-CN.dll
c:\users\Denis\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_zh-TW.dll
c:\users\Denis\AppData\Local\Facebook\Update\FacebookUpdate.exe
c:\users\Denis\AppData\Local\Temp\jniwrap-3.8.4.Build.3.8.420825301\jniwrap.dll
c:\users\Denis\AppData\Roaming\AVG
c:\users\Denis\AppData\Roaming\AVG\AWL2014\Backups\00000001.rcb
c:\users\Denis\AppData\Roaming\AVG\AWL2014\Backups\00000002.rcb
c:\users\Denis\AppData\Roaming\AVG\AWL2014\Backups\00000003.rcb
c:\users\Denis\AppData\Roaming\AVG\AWL2014\Backups\00000004.rcb
c:\users\Denis\AppData\Roaming\AVG\AWL2014\Backups\00000005.rcb
c:\users\Denis\AppData\Roaming\AVG\AWL2014\Backups\00000006.rcb
c:\users\Denis\AppData\Roaming\AVG\AWL2014\Dashboard\IntegratorStates_cs-CZ.xml
c:\users\Denis\AppData\Roaming\AVG\AWL2014\Disk Space Explorer\TUDSEFavorites.ini
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1450279053-2055100742-2640557512-1000Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1450279053-2055100742-2640557512-1000UA.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1450279053-2055100742-2640557512-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1450279053-2055100742-2640557512-1000UA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-01-09 do 2014-02-09 )))))))))))))))))))))))))))))))
.
.
2014-02-09 12:07 . 2014-02-09 12:07 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-02-09 12:07 . 2014-02-09 12:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-09 09:50 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{79CAE680-BF62-4139-8C7E-B744CA42FF86}\mpengine.dll
2014-02-08 10:39 . 2014-02-08 10:39 -------- d-----w- c:\program files (x86)\Trend Micro
2014-02-07 15:53 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-07 15:49 . 2014-02-07 15:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-02-07 15:49 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-06 09:58 . 2014-02-06 17:02 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-02-06 09:58 . 2014-02-06 17:12 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-01-31 08:06 . 2014-01-31 08:12 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-01-30 15:29 . 2014-01-30 15:29 -------- d-----w- c:\users\Denis\AppData\Roaming\TuneUp Software
2014-01-30 15:27 . 2014-02-07 15:42 -------- d-----w- c:\programdata\MFAData
2014-01-30 15:27 . 2014-01-30 15:27 -------- d--h--w- c:\programdata\Common Files
2014-01-30 15:27 . 2014-01-30 15:27 -------- d-----w- c:\users\Denis\AppData\Local\MFAData
2014-01-29 15:16 . 2014-01-29 15:16 -------- d-----w- c:\users\Denis\AppData\Roaming\Malwarebytes
2014-01-29 15:16 . 2014-01-29 15:16 -------- d-----w- c:\programdata\Malwarebytes
2014-01-29 09:42 . 2014-01-29 09:42 -------- d-----w- c:\program files (x86)\Common Files\STORMWARE Shared
2014-01-29 09:42 . 2013-10-04 07:42 147456 ----a-w- c:\windows\SysWow64\bzpdfc.dll
2014-01-29 09:42 . 2013-07-13 10:15 805376 ----a-w- c:\windows\SysWow64\EditCtlsU.ocx
2014-01-29 09:42 . 2013-07-12 20:57 539648 ----a-w- c:\windows\SysWow64\LblCtlsU.ocx
2014-01-29 09:42 . 2013-04-05 11:55 476160 ----a-w- c:\windows\SysWow64\TabStripCtlU.ocx
2014-01-29 09:42 . 2013-03-03 12:37 1061888 ----a-w- c:\windows\SysWow64\ExLvwU.ocx
2014-01-29 09:42 . 2013-09-01 10:59 1103872 ----a-w- c:\windows\SysWow64\CBLCtlsU.ocx
2014-01-29 09:42 . 2013-03-28 21:13 645632 ----a-w- c:\windows\SysWow64\BtnCtlsU.ocx
2014-01-28 13:27 . 2014-01-28 13:27 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-28 13:27 . 2014-01-28 13:27 -------- d-----w- c:\program files\iTunes
2014-01-28 13:27 . 2014-01-28 13:27 -------- d-----w- c:\program files (x86)\iTunes
2014-01-28 13:27 . 2014-01-28 13:27 -------- d-----w- c:\program files\iPod
2014-01-23 08:14 . 2013-10-19 00:44 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B18DA628-12B3-4712-979F-7DEAFC62501A}\gapaengine.dll
2014-01-15 10:33 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 10:33 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 10:33 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 10:33 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 10:33 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 10:33 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 10:33 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-15 10:33 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-01-15 10:33 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-04 21:09 . 2012-04-12 07:16 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-04 21:09 . 2012-01-24 15:42 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-19 07:33 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-01-16 02:00 . 2012-01-20 23:18 86054176 ----a-w- c:\windows\system32\MRT.exe
2013-12-18 20:09 . 2013-10-20 17:06 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-27 02:00 . 2013-11-27 02:00 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-27 02:00 . 2013-11-27 02:00 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-11-27 02:00 . 2013-11-27 02:00 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-27 02:00 . 2013-11-27 02:00 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-11-27 02:00 . 2013-11-27 02:00 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-11-27 02:00 . 2013-11-27 02:00 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-11-27 02:00 . 2013-11-27 02:00 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-11-27 02:00 . 2013-11-27 02:00 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-11-27 02:00 . 2013-11-27 02:00 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-11-27 02:00 . 2013-11-27 02:00 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-11-27 02:00 . 2013-11-27 02:00 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-27 02:00 . 2013-11-27 02:00 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-11-27 02:00 . 2013-11-27 02:00 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-11-27 02:00 . 2013-11-27 02:00 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-11-27 02:00 . 2013-11-27 02:00 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-11-27 02:00 . 2013-11-27 02:00 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-11-27 02:00 . 2013-11-27 02:00 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-11-27 02:00 . 2013-11-27 02:00 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-11-27 02:00 . 2013-11-27 02:00 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-11-27 02:00 . 2013-11-27 02:00 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-11-27 02:00 . 2013-11-27 02:00 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-27 02:00 . 2013-11-27 02:00 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-27 02:00 . 2013-11-27 02:00 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-11-27 02:00 . 2013-11-27 02:00 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-27 02:00 . 2013-11-27 02:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-11-27 02:00 . 2013-11-27 02:00 81408 ----a-w- c:\windows\system32\icardie.dll
2013-11-27 02:00 . 2013-11-27 02:00 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-11-27 02:00 . 2013-11-27 02:00 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-27 02:00 . 2013-11-27 02:00 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-11-27 02:00 . 2013-11-27 02:00 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-11-27 02:00 . 2013-11-27 02:00 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-11-27 02:00 . 2013-11-27 02:00 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-11-27 02:00 . 2013-11-27 02:00 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-11-27 02:00 . 2013-11-27 02:00 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-27 02:00 . 2013-11-27 02:00 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-11-27 02:00 . 2013-11-27 02:00 413696 ----a-w- c:\windows\system32\html.iec
2013-11-27 02:00 . 2013-11-27 02:00 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-27 02:00 . 2013-11-27 02:00 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-27 02:00 . 2013-11-27 02:00 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-11-27 02:00 . 2013-11-27 02:00 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-11-27 02:00 . 2013-11-27 02:00 247808 ----a-w- c:\windows\system32\msls31.dll
2013-11-27 02:00 . 2013-11-27 02:00 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-11-27 02:00 . 2013-11-27 02:00 235520 ----a-w- c:\windows\system32\url.dll
2013-11-27 02:00 . 2013-11-27 02:00 195584 ----a-w- c:\windows\system32\msrating.dll
2013-11-27 02:00 . 2013-11-27 02:00 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-11-27 02:00 . 2013-11-27 02:00 143872 ----a-w- c:\windows\system32\wextract.exe
2013-11-27 02:00 . 2013-11-27 02:00 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-11-27 02:00 . 2013-11-27 02:00 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-27 02:00 . 2013-11-27 02:00 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-27 02:00 . 2013-11-27 02:00 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-11-27 02:00 . 2013-11-27 02:00 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-27 02:00 . 2013-11-27 02:00 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-27 02:00 . 2013-11-27 02:00 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-27 02:00 . 2013-11-27 02:00 774144 ----a-w- c:\windows\system32\jscript.dll
2013-11-27 02:00 . 2013-11-27 02:00 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-11-27 02:00 . 2013-11-27 02:00 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-11-27 02:00 . 2013-11-27 02:00 147968 ----a-w- c:\windows\system32\occache.dll
2013-11-27 02:00 . 2013-11-27 02:00 13824 ----a-w- c:\windows\system32\mshta.exe
2013-11-27 02:00 . 2013-11-27 02:00 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-11-26 11:54 . 2013-12-13 02:00 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-13 02:00 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-13 02:00 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-13 02:00 66048 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-13 02:00 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-13 02:00 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-13 02:00 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-13 02:00 33792 ----a-w- c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-13 02:00 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-13 02:00 574976 ----a-w- c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-13 02:00 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-13 02:00 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-13 02:00 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-13 02:00 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-13 02:00 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-13 02:00 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-13 02:00 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-13 02:00 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-13 02:00 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-13 02:00 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-13 02:00 2334208 ----a-w- c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-13 02:00 1395200 ----a-w- c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-13 02:00 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-13 02:00 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-12 21:24 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-12 21:24 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-12 02:23 . 2013-12-12 21:24 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-12 21:24 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2008-10-05 14:36 . 2012-02-11 11:36 4411392 ----a-w- c:\program files (x86)\mplayerc.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-16 01:21 222832 ----a-w- c:\users\Denis\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-16 01:21 222832 ----a-w- c:\users\Denis\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-16 01:21 222832 ----a-w- c:\users\Denis\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{69925D1B-6A0F-4413-861A-81AB98039DB9}"
[HKEY_CLASSES_ROOT\CLSID\{69925D1B-6A0F-4413-861A-81AB98039DB9}]
2013-01-30 11:12 159488 ----a-w- c:\windows\SysWOW64\SSCbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Winsplit"="c:\program files (x86)\WinSplit Revolution\WinSplit.exe" [2011-04-12 3951616]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2013-05-08 642664]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-01-20 43848]
.
c:\users\Denis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
myPhoneDesktop.lnk - c:\program files (x86)\myPhoneDesktop\bin\myPhoneDesktop.exe [2012-12-20 224256]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{C28617FD-4FE7-4043-AD51-C8132CE90106}"= "c:\windows\SysWOW64\SSCbFsMntNtf3.dll" [2013-01-30 159488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"EldosMountNotificator"= {C28617FD-4FE7-4043-AD51-C8132CE90106} - c:\windows\SysWOW64\SSCbFsMntNtf3.dll [2013-01-30 159488]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;Podpora skenování WSD přes UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
S2 Apache2.2;Apache2.2;c:\php\Apache22\bin\httpd.exe;c:\php\Apache22\bin\httpd.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 MySQL51;MySQL51;c:\php\mysql51\bin\mysqld --defaults-file=c:\php\mysql51\my.ini MySQL51;c:\php\mysql51\bin\mysqld --defaults-file=c:\php\mysql51\my.ini MySQL51 [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 SynoDrService;SynoDrService;c:\program files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe;c:\program files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 UsbClientService;UsbClientService;c:\program files (x86)\Synology\Assistant\UsbClientService.exe;c:\program files (x86)\Synology\Assistant\UsbClientService.exe [x]
S3 busenum;Synology Virtual USB Hub;c:\windows\system32\DRIVERS\busenum.sys;c:\windows\SYSNATIVE\DRIVERS\busenum.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 SSCBFS3;SugarSync CallBack File System driver v3;c:\windows\system32\DRIVERS\sscbfs3.sys;c:\windows\SYSNATIVE\DRIVERS\sscbfs3.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2014-02-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 21:09]
.
2014-02-08 c:\windows\Tasks\Synology Data Replicator 3-Denis-PC-Denis.job
- c:\program files (x86)\Synology Data Replicator 3\Backup.exe [2013-04-24 17:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-16 01:21 261744 ----a-w- c:\users\Denis\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-16 01:21 261744 ----a-w- c:\users\Denis\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-16 01:21 261744 ----a-w- c:\users\Denis\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{69925D1B-6A0F-4413-861A-81AB98039DB9}"
[HKEY_CLASSES_ROOT\CLSID\{69925D1B-6A0F-4413-861A-81AB98039DB9}]
2013-01-30 11:12 192256 ----a-w- c:\windows\System32\SSCbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2013-03-19 18:27 2198368 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2013-03-19 18:27 2198368 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{39D54CC2-69CF-43b4-B167-577D25E7F496}"
[HKEY_CLASSES_ROOT\CLSID\{39D54CC2-69CF-43b4-B167-577D25E7F496}]
2013-03-19 18:27 2198368 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2013-03-19 18:27 2198368 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncSharedPending]
@="{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}"
[HKEY_CLASSES_ROOT\CLSID\{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}]
2013-03-19 18:27 2198368 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-18 11775592]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{C28617FD-4FE7-4043-AD51-C8132CE90106}"= "c:\windows\system32\SSCbFsMntNtf3.dll" [2013-01-30 192256]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:Tabs
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: eBanka - c:\windows\web\ebanka.htm
Trusted Zone: postsignum.cz\www
TCP: DhcpNameServer = 172.16.0.177 192.168.1.1
FF - ProfilePath - c:\users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\f4mjxegq.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SSODL-EldosMountNotificator REG_SZ {C28617FD-4FE7-4043-AD51-C8132CE90106}- - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL51]
"ImagePath"="\"c:\php\mysql51\bin\mysqld\" --defaults-file=\"c:\php\mysql51\my.ini\" MySQL51"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\TeamViewer\Version8\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version8\tv_w32.exe
c:\program files (x86)\WinSplit Revolution\WinSplitDrvr32.exe
.
**************************************************************************
.
Celkový čas: 2014-02-09 13:09:11 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-02-09 12:09
ComboFix2.txt 2014-02-09 00:01
ComboFix3.txt 2014-02-06 17:22
.
Před spuštěním: 7 338 430 464
Po spuštění: 7 169 507 328
.
- - End Of File - - ED110D5AC07AE41932F3EE173D372A15
A36C5E4F47E84449FF07ED3517B43A31

[Rudy]

Smazáno. Nastala nějaká změna?

[Symen]

Bohuzel stale dvojite ˇˇ a ´´

[Rudy]

Nemázte nainstalován nějaký keylogger?

[Symen]

Nemam, jedine za bych o tom nevedel

[Rudy]

Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

[Symen]

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2014.02.09.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Denis :: DENIS-PC [administrátor]

Ochrana: Povolena

9.2.2014 19:36:43
mbam-log-2014-02-09 (19-36-43).txt

Typ: Kompletní kontrola (C:\|D:\|E:\|F:\|G:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 761025
Uplynulý čas: 1 hodin, 2 minut, 4 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

[Rudy]

Toto je OK. Zkuste ještě sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

[Symen]

Ten jsem uz dnes zkousel a nic nenasel. Ale zkusim tedy jeste nyni jednou. Kdyby opet nic, tak co dalsiho radite?

[Rudy]

Pak nevím. Jedině snad prozkoumat google. Tohle je totiž typický projev keyloggeru, ale žádný nebyl nalezen.

[Symen]

Tak scan proběhl a nic se nenašlo. ˇˇ ´´

[Rudy]

Zkuste použít FixIt: http://support.microsoft.com/fixit/cs-cz . Porvé vidím, že se nejedná o virový problém.