Počítač se mi sám od sebe restartovává a píše chybu Kernel data imapage error, ale hlavním důvodem spuštění CF byl soubor - rundll32.exe, který mi téměř úplně zaměstnával CPU.
ComboFix 14-06-03.01 - Mishicka . 06. 2014 9:55.1.2 - x64
Microsoft Windows 8 6.2.9200.0.1250.420.1029.18.3980.2638 [GMT 2:00]
Spuštěný z: c:\users\Mishicka\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Internet Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Internet Security *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SetStretch.exe
c:\users\Mishicka\AppData\Roaming\Microsoft\Windows\Recent\cnsminimum.lnk
c:\users\Mishicka\Desktop\ana\CNS\cnsminimum.pdf
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-05-03 do 2014-06-03 )))))))))))))))))))))))))))))))
.
.
2014-06-03 08:29 . 2014-06-03 08:29 -------- d-----w- c:\users\Mishicka\AppData\Local\temp
2014-06-03 08:29 . 2014-06-03 08:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-03 08:29 . 2014-06-03 08:29 -------- d-----w- c:\users\Jitka\AppData\Local\temp
2014-06-03 08:29 . 2014-06-03 08:29 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-05-25 13:06 . 2014-05-25 13:06 -------- d-----w- c:\users\Mishicka\AppData\Local\Avg2014
2014-05-21 14:16 . 2014-05-21 14:21 -------- d-----w- c:\program files\OlyVIA
2014-05-20 16:53 . 2014-05-31 04:52 -------- d-----w- c:\windows\system32\drivers\NISx64\1503000.00C
2014-05-15 18:21 . 2014-03-28 08:23 1287168 ----a-w- c:\windows\system32\schedsvc.dll
2014-05-15 18:21 . 2014-03-28 08:23 19759104 ----a-w- c:\windows\system32\shell32.dll
2014-05-15 18:20 . 2014-05-06 05:14 97280 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-15 18:20 . 2014-05-06 05:14 19274752 ----a-w- c:\windows\system32\mshtml.dll
2014-05-15 18:20 . 2014-05-06 03:37 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-15 18:20 . 2014-05-06 03:26 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-15 14:56 . 2014-03-01 09:47 1258496 ----a-w- c:\windows\system32\kernel32.dll
2014-05-15 14:56 . 2014-02-26 23:18 621568 ----a-w- c:\windows\system32\drivers\srv2.sys
2014-05-15 14:56 . 2014-02-26 23:18 370688 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2014-05-15 14:56 . 2014-03-01 09:47 1120768 ----a-w- c:\windows\system32\gpedit.dll
2014-05-15 14:56 . 2014-03-01 08:07 1075200 ----a-w- c:\windows\SysWow64\gpedit.dll
2014-05-15 14:56 . 2014-02-26 23:18 215040 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2014-05-15 14:56 . 2014-02-26 23:18 247808 ----a-w- c:\windows\system32\drivers\srvnet.sys
2014-05-15 14:56 . 2014-02-15 04:15 78336 ----a-w- c:\windows\system32\drivers\IPMIDrv.sys
2014-05-13 19:11 . 2014-05-13 19:11 -------- d-----w- c:\program files (x86)\Nokia
2014-05-13 19:10 . 2014-05-13 19:10 -------- d-----w- c:\programdata\Installations
2014-05-06 06:37 . 2014-04-19 09:39 628024 ----a-w- c:\windows\system32\NotificationUI.exe
2014-05-06 06:37 . 2014-04-19 08:45 693760 ----a-w- c:\windows\system32\WSShared.dll
2014-05-06 06:37 . 2014-04-19 08:45 163840 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-06 06:37 . 2014-04-19 06:57 566784 ----a-w- c:\windows\SysWow64\WSShared.dll
2014-05-06 06:37 . 2014-04-19 06:57 124928 ----a-w- c:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-03 06:22 . 2013-07-05 03:49 380 ----a-w- c:\users\Mishicka\AppData\Roaming\sp_data.sys
2014-05-31 04:42 . 2013-07-08 09:06 380 ----a-w- c:\users\Jitka\AppData\Roaming\sp_data.sys
2014-05-24 16:13 . 2013-07-15 11:22 589008 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-05-18 18:11 . 2013-07-06 04:52 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-05-02 17:15 . 2013-08-18 01:53 380 ----a-w- c:\users\Guest\AppData\Roaming\sp_data.sys
2014-05-01 20:37 . 2013-12-03 16:09 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-01 20:37 . 2013-12-03 16:09 694240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-28 08:23 . 2014-05-15 18:21 1287168 ----a-w- c:\windows\system32\schedsvc.dll
2014-03-11 00:41 . 2014-05-15 18:19 323072 ----a-w- c:\windows\SysWow64\schannel.dll
2014-03-11 00:38 . 2014-05-15 18:19 419328 ----a-w- c:\windows\system32\schannel.dll
2014-03-07 00:48 . 2014-04-13 17:37 1766400 ----a-w- c:\windows\SysWow64\wininet.dll
2014-03-07 00:47 . 2014-04-13 17:36 2877952 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-03-07 00:08 . 2014-04-13 17:37 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2014-03-07 00:08 . 2014-04-13 17:37 2240000 ----a-w- c:\windows\system32\wininet.dll
2014-03-07 00:08 . 2014-04-13 17:37 1365504 ----a-w- c:\windows\system32\urlmon.dll
2014-03-07 00:08 . 2014-04-13 17:37 915968 ----a-w- c:\windows\system32\uxtheme.dll
2014-03-07 00:08 . 2014-04-13 17:37 603136 ----a-w- c:\windows\system32\msfeeds.dll
2014-03-07 00:08 . 2014-04-13 17:37 855552 ----a-w- c:\windows\system32\jscript.dll
2014-03-07 00:08 . 2014-04-13 17:36 3959808 ----a-w- c:\windows\system32\jscript9.dll
2014-03-07 00:08 . 2014-04-13 17:37 15404544 ----a-w- c:\windows\system32\ieframe.dll
2014-03-07 00:08 . 2014-04-13 17:36 2648576 ----a-w- c:\windows\system32\iertutil.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-07-15 11:27 222712 ----a-w- c:\users\Mishicka\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-07-15 11:27 222712 ----a-w- c:\users\Mishicka\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-07-15 11:27 222712 ----a-w- c:\users\Mishicka\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"icq"="c:\users\Mishicka\AppData\Roaming\ICQM\icq.exe" [2013-08-27 28698984]
"SDP"="c:\users\Mishicka\AppData\Local\FilesFrog Update Checker\update_checker.exe" [2013-01-31 201808]
"NokiaPCInternetAccess"="c:\program files (x86)\Nokia\PC Internet Access\NPCIA.exe" [2009-05-26 651264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-08-16 5264016]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2012-08-23 366720]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-28 91432]
"ASUSWebStorage"="c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe" [2012-08-28 3417984]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2012-9-20 549040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R0 SymELAM;Symantec ELAM Driver;c:\windows\system32\drivers\NISx64\1503000.00C\SymELAM.sys;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\SymELAM.sys [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 vmicheartbeat;Služba prezenčního signálu technologie Hyper-V;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1503000.00C\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1503000.00C\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\SYMEFA64.SYS [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [x]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1503000.00C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140602.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140602.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1503000.00C\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1503000.00C\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1503000.00C\SYMNETS.SYS [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 ClickToRunSvc;Služba Microsoft Office ClickToRun;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 ATP;ASUS Input Device;c:\windows\System32\drivers\AsusTP.sys;c:\windows\SYSNATIVE\drivers\AsusTP.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 BthLEEnum;Ovladač úspory energie technologie Bluetooth;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 HIDSwitch;ASUS Wireless Radio Control;c:\windows\System32\drivers\AsHIDSwitch64.sys;c:\windows\SYSNATIVE\drivers\AsHIDSwitch64.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C63x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C63x64.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-22 18:59 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-06-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2093069776-1758892961-1618552926-1001Core.job
- c:\users\Mishicka\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-10 17:37]
.
2014-06-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2093069776-1758892961-1618552926-1001UA.job
- c:\users\Mishicka\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-10 17:37]
.
2014-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-10 14:55]
.
2014-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-10 14:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-07-15 11:27 261624 ----a-w- c:\users\Mishicka\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-07-15 11:27 261624 ----a-w- c:\users\Mishicka\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-07-15 11:27 261624 ----a-w- c:\users\Mishicka\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-05-24 16:14 2333400 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-05-24 16:14 2333400 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-05-24 16:14 2333400 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]
@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"
[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]
2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-16 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-16 398656]
"BtTray"="c:\program files (x86)\Bluetooth Suite\BtTray.exe" [2012-08-10 764032]
"BtvStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-08-10 127616]
"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-06-07 90832]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.search.ask.com/?o=apn10640a&gct=hp& ... 97-145&t=4
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 85.193.0.1 192.168.1.254
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{2A836234-186C-41A0-9863-40BECDEDED9F} - (no file)
Toolbar-Locked - (no file)
Toolbar-{3444c3c5-6c56-4a16-a453-832b05bf6ea4} - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-cz.seznam.software.autoupdate - c:\users\Mishicka\AppData\Roaming\Seznam.cz\szninstall.exe
Wow6432Node-HKCU-Run-cz.seznam.software.szndesktop - c:\users\Mishicka\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe
Wow6432Node-HKLM-Run-20131121 - c:\program files\AVAST Software\Avast\setup\emupdate\e82dfa76-2bec-496a-97e1-3e24c1471737.exe
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-SeznamInstall - c:\users\Mishicka\AppData\Roaming\Seznam.cz\szninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Celkový čas: 2014-06-03 10:32:51
ComboFix-quarantined-files.txt 2014-06-03 08:32
.
Před spuštěním: 124 188 610 560 bytes free
Po spuštění: 124 591 472 640 bytes free
.
- - End Of File - - 32680F596375812ECD66DC3F038DE2C9
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Chtěla bych poprosit o zkontrolování CF logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119541
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Chtěla bych poprosit o zkontrolování CF logu
Zdravím!
Proč spouštíte ComboFix, utiltiu určenou pouze profesionálům? Hodláte si nabořit systém, nebo některou aplikaci?
Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:
Proč spouštíte ComboFix, utiltiu určenou pouze profesionálům? Hodláte si nabořit systém, nebo některou aplikaci?
Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt.Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.KillAll::
File::
c:\users\Mishicka\AppData\Local\Facebook\Update
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2093069776-1758892961-1618552926-1001Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2093069776-1758892961-1618552926-1001UA.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
Reboot::
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Chtěla bych poprosit o zkontrolování CF logu
Děkuji 
a cituji: Práce s ComboFixem je jednoduchá. Program si stáhněte na této adrese a spusťte jej. Nejprve ovšem musíte udělat dvě jednoduché věci....
http://www.antivirovecentrum.cz/navody/combofix.aspx
hold jsem navštívila špatný web
a cituji: Práce s ComboFixem je jednoduchá. Program si stáhněte na této adrese a spusťte jej. Nejprve ovšem musíte udělat dvě jednoduché věci....http://www.antivirovecentrum.cz/navody/combofix.aspx
hold jsem navštívila špatný web
-
Rudy
- Site Admin
- Příspěvky: 119541
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Chtěla bych poprosit o zkontrolování CF logu
Asi ano. Naše zkušenosti hovoří jinak, už jsme tu několikrát opravovali systém po svévolném použití CF. Navíc naše fórum má od autora kompletní tech. podporu. Potřebuji log CF z druhého skenu. Měl by být v c:\combofix.txt.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Chtěla bych poprosit o zkontrolování CF logu
ComboFix 14-06-03.01 - Mishicka . 06. 2014 18:39:30.2.2 - x64
Microsoft Windows 8 6.2.9200.0.1250.420.1029.18.3980.2320 [GMT 2:00]
Spuštěný z: c:\users\Mishicka\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\Mishicka\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Internet Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Internet Security *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
.
FILE ::
"c:\users\Mishicka\AppData\Local\Facebook\Update"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2093069776-1758892961-1618552926-1001Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2093069776-1758892961-1618552926-1001UA.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msvcr71.dll
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2093069776-1758892961-1618552926-1001Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2093069776-1758892961-1618552926-1001UA.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-05-03 do 2014-06-03 )))))))))))))))))))))))))))))))
.
.
2014-06-03 16:48 . 2014-06-03 16:48 -------- d-----w- c:\users\Jitka\AppData\Local\temp
2014-06-03 16:48 . 2014-06-03 16:48 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-06-03 16:48 . 2014-06-03 16:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-03 09:59 . 2014-06-03 09:59 -------- d-----w- c:\windows\ServiceProfiles\LocalService\winhttp
2014-06-03 08:41 . 2014-06-03 08:59 -------- d-----w- C:\rsit
2014-06-03 08:41 . 2014-06-03 08:42 -------- d-----w- c:\program files\trend micro
2014-06-03 08:32 . 2014-06-03 16:52 -------- d-----w- c:\users\Mishicka\AppData\Local\temp
2014-05-25 13:14 . 2014-06-03 09:58 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-05-25 13:06 . 2014-05-25 13:06 -------- d-----w- c:\users\Mishicka\AppData\Local\Avg2014
2014-05-20 16:53 . 2014-05-31 04:52 -------- d-----w- c:\windows\system32\drivers\NISx64\1503000.00C
2014-05-15 18:21 . 2014-03-28 08:23 1287168 ----a-w- c:\windows\system32\schedsvc.dll
2014-05-15 18:21 . 2014-03-28 08:23 19759104 ----a-w- c:\windows\system32\shell32.dll
2014-05-15 18:20 . 2014-05-06 05:14 97280 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-15 18:20 . 2014-05-06 05:14 19274752 ----a-w- c:\windows\system32\mshtml.dll
2014-05-15 18:20 . 2014-05-06 03:37 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-15 18:20 . 2014-05-06 03:26 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-15 14:56 . 2014-03-01 09:47 1258496 ----a-w- c:\windows\system32\kernel32.dll
2014-05-15 14:56 . 2014-02-26 23:18 621568 ----a-w- c:\windows\system32\drivers\srv2.sys
2014-05-15 14:56 . 2014-02-26 23:18 370688 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2014-05-15 14:56 . 2014-03-01 09:47 1120768 ----a-w- c:\windows\system32\gpedit.dll
2014-05-15 14:56 . 2014-03-01 08:07 1075200 ----a-w- c:\windows\SysWow64\gpedit.dll
2014-05-15 14:56 . 2014-02-26 23:18 215040 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2014-05-15 14:56 . 2014-02-26 23:18 247808 ----a-w- c:\windows\system32\drivers\srvnet.sys
2014-05-15 14:56 . 2014-02-15 04:15 78336 ----a-w- c:\windows\system32\drivers\IPMIDrv.sys
2014-05-13 19:10 . 2014-05-13 19:10 -------- d-----w- c:\programdata\Installations
2014-05-06 06:37 . 2014-04-19 09:39 628024 ----a-w- c:\windows\system32\NotificationUI.exe
2014-05-06 06:37 . 2014-04-19 08:45 693760 ----a-w- c:\windows\system32\WSShared.dll
2014-05-06 06:37 . 2014-04-19 08:45 163840 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-06 06:37 . 2014-04-19 06:57 566784 ----a-w- c:\windows\SysWow64\WSShared.dll
2014-05-06 06:37 . 2014-04-19 06:57 124928 ----a-w- c:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-03 16:51 . 2013-07-05 03:49 380 ----a-w- c:\users\Mishicka\AppData\Roaming\sp_data.sys
2014-05-31 04:42 . 2013-07-08 09:06 380 ----a-w- c:\users\Jitka\AppData\Roaming\sp_data.sys
2014-05-24 16:13 . 2013-07-15 11:22 589008 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-05-18 18:11 . 2013-07-06 04:52 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-05-02 17:15 . 2013-08-18 01:53 380 ----a-w- c:\users\Guest\AppData\Roaming\sp_data.sys
2014-05-01 20:37 . 2013-12-03 16:09 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-01 20:37 . 2013-12-03 16:09 694240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-28 08:23 . 2014-05-15 18:21 1287168 ----a-w- c:\windows\system32\schedsvc.dll
2014-03-11 00:41 . 2014-05-15 18:19 323072 ----a-w- c:\windows\SysWow64\schannel.dll
2014-03-11 00:38 . 2014-05-15 18:19 419328 ----a-w- c:\windows\system32\schannel.dll
2014-03-07 00:48 . 2014-04-13 17:37 1766400 ----a-w- c:\windows\SysWow64\wininet.dll
2014-03-07 00:47 . 2014-04-13 17:36 2877952 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-03-07 00:08 . 2014-04-13 17:37 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2014-03-07 00:08 . 2014-04-13 17:37 2240000 ----a-w- c:\windows\system32\wininet.dll
2014-03-07 00:08 . 2014-04-13 17:37 1365504 ----a-w- c:\windows\system32\urlmon.dll
2014-03-07 00:08 . 2014-04-13 17:37 915968 ----a-w- c:\windows\system32\uxtheme.dll
2014-03-07 00:08 . 2014-04-13 17:37 603136 ----a-w- c:\windows\system32\msfeeds.dll
2014-03-07 00:08 . 2014-04-13 17:37 855552 ----a-w- c:\windows\system32\jscript.dll
2014-03-07 00:08 . 2014-04-13 17:36 3959808 ----a-w- c:\windows\system32\jscript9.dll
2014-03-07 00:08 . 2014-04-13 17:37 15404544 ----a-w- c:\windows\system32\ieframe.dll
2014-03-07 00:08 . 2014-04-13 17:36 2648576 ----a-w- c:\windows\system32\iertutil.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-07-15 11:27 222712 ----a-w- c:\users\Mishicka\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-07-15 11:27 222712 ----a-w- c:\users\Mishicka\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-07-15 11:27 222712 ----a-w- c:\users\Mishicka\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"icq"="c:\users\Mishicka\AppData\Roaming\ICQM\icq.exe" [2013-08-27 28698984]
"SDP"="c:\users\Mishicka\AppData\Local\FilesFrog Update Checker\update_checker.exe" [2013-01-31 201808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-08-16 5264016]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2012-08-23 366720]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-28 91432]
"ASUSWebStorage"="c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe" [2012-08-28 3417984]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2012-9-20 549040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R0 SymELAM;Symantec ELAM Driver;c:\windows\system32\drivers\NISx64\1503000.00C\SymELAM.sys;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\SymELAM.sys [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 vmicheartbeat;Služba prezenčního signálu technologie Hyper-V;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1503000.00C\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1503000.00C\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\SYMEFA64.SYS [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [x]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1503000.00C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140602.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140602.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1503000.00C\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1503000.00C\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1503000.00C\SYMNETS.SYS [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 ClickToRunSvc;Služba Microsoft Office ClickToRun;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 ATP;ASUS Input Device;c:\windows\System32\drivers\AsusTP.sys;c:\windows\SYSNATIVE\drivers\AsusTP.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 BthLEEnum;Ovladač úspory energie technologie Bluetooth;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 HIDSwitch;ASUS Wireless Radio Control;c:\windows\System32\drivers\AsHIDSwitch64.sys;c:\windows\SYSNATIVE\drivers\AsHIDSwitch64.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C63x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C63x64.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-22 18:59 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-07-15 11:27 261624 ----a-w- c:\users\Mishicka\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-07-15 11:27 261624 ----a-w- c:\users\Mishicka\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-07-15 11:27 261624 ----a-w- c:\users\Mishicka\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-05-24 16:14 2333400 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-05-24 16:14 2333400 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-05-24 16:14 2333400 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]
@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"
[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]
2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-16 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-16 398656]
"BtTray"="c:\program files (x86)\Bluetooth Suite\BtTray.exe" [2012-08-10 764032]
"BtvStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-08-10 127616]
"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-06-07 90832]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.search.ask.com/?o=apn10640a&gct=hp& ... 97-145&t=4
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 85.193.0.1 192.168.1.254
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{2A836234-186C-41A0-9863-40BECDEDED9F} - (no file)
Toolbar-Locked - (no file)
Toolbar-{3444c3c5-6c56-4a16-a453-832b05bf6ea4} - (no file)
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NISx64\1503000.00C\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12;c:\program files (x86)\Norton Internet Security\Engine64\21.3.0.12"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
c:\program files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\windows\SysWOW64\ACEngSvr.exe
c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
.
**************************************************************************
.
Celkový čas: 2014-06-03 19:05:29 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-06-03 17:05
ComboFix2.txt 2014-06-03 08:32
.
Před spuštěním: 135 981 936 640 bytes free
Po spuštění: 135 555 821 568 bytes free
.
- - End Of File - - FD1FF885EC6C3194982C95494F14A6CF
Microsoft Windows 8 6.2.9200.0.1250.420.1029.18.3980.2320 [GMT 2:00]
Spuštěný z: c:\users\Mishicka\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\Mishicka\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Internet Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Internet Security *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
.
FILE ::
"c:\users\Mishicka\AppData\Local\Facebook\Update"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2093069776-1758892961-1618552926-1001Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2093069776-1758892961-1618552926-1001UA.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msvcr71.dll
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2093069776-1758892961-1618552926-1001Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2093069776-1758892961-1618552926-1001UA.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-05-03 do 2014-06-03 )))))))))))))))))))))))))))))))
.
.
2014-06-03 16:48 . 2014-06-03 16:48 -------- d-----w- c:\users\Jitka\AppData\Local\temp
2014-06-03 16:48 . 2014-06-03 16:48 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-06-03 16:48 . 2014-06-03 16:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-03 09:59 . 2014-06-03 09:59 -------- d-----w- c:\windows\ServiceProfiles\LocalService\winhttp
2014-06-03 08:41 . 2014-06-03 08:59 -------- d-----w- C:\rsit
2014-06-03 08:41 . 2014-06-03 08:42 -------- d-----w- c:\program files\trend micro
2014-06-03 08:32 . 2014-06-03 16:52 -------- d-----w- c:\users\Mishicka\AppData\Local\temp
2014-05-25 13:14 . 2014-06-03 09:58 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-05-25 13:06 . 2014-05-25 13:06 -------- d-----w- c:\users\Mishicka\AppData\Local\Avg2014
2014-05-20 16:53 . 2014-05-31 04:52 -------- d-----w- c:\windows\system32\drivers\NISx64\1503000.00C
2014-05-15 18:21 . 2014-03-28 08:23 1287168 ----a-w- c:\windows\system32\schedsvc.dll
2014-05-15 18:21 . 2014-03-28 08:23 19759104 ----a-w- c:\windows\system32\shell32.dll
2014-05-15 18:20 . 2014-05-06 05:14 97280 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-15 18:20 . 2014-05-06 05:14 19274752 ----a-w- c:\windows\system32\mshtml.dll
2014-05-15 18:20 . 2014-05-06 03:37 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-15 18:20 . 2014-05-06 03:26 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-15 14:56 . 2014-03-01 09:47 1258496 ----a-w- c:\windows\system32\kernel32.dll
2014-05-15 14:56 . 2014-02-26 23:18 621568 ----a-w- c:\windows\system32\drivers\srv2.sys
2014-05-15 14:56 . 2014-02-26 23:18 370688 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2014-05-15 14:56 . 2014-03-01 09:47 1120768 ----a-w- c:\windows\system32\gpedit.dll
2014-05-15 14:56 . 2014-03-01 08:07 1075200 ----a-w- c:\windows\SysWow64\gpedit.dll
2014-05-15 14:56 . 2014-02-26 23:18 215040 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2014-05-15 14:56 . 2014-02-26 23:18 247808 ----a-w- c:\windows\system32\drivers\srvnet.sys
2014-05-15 14:56 . 2014-02-15 04:15 78336 ----a-w- c:\windows\system32\drivers\IPMIDrv.sys
2014-05-13 19:10 . 2014-05-13 19:10 -------- d-----w- c:\programdata\Installations
2014-05-06 06:37 . 2014-04-19 09:39 628024 ----a-w- c:\windows\system32\NotificationUI.exe
2014-05-06 06:37 . 2014-04-19 08:45 693760 ----a-w- c:\windows\system32\WSShared.dll
2014-05-06 06:37 . 2014-04-19 08:45 163840 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-06 06:37 . 2014-04-19 06:57 566784 ----a-w- c:\windows\SysWow64\WSShared.dll
2014-05-06 06:37 . 2014-04-19 06:57 124928 ----a-w- c:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-03 16:51 . 2013-07-05 03:49 380 ----a-w- c:\users\Mishicka\AppData\Roaming\sp_data.sys
2014-05-31 04:42 . 2013-07-08 09:06 380 ----a-w- c:\users\Jitka\AppData\Roaming\sp_data.sys
2014-05-24 16:13 . 2013-07-15 11:22 589008 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-05-18 18:11 . 2013-07-06 04:52 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-05-02 17:15 . 2013-08-18 01:53 380 ----a-w- c:\users\Guest\AppData\Roaming\sp_data.sys
2014-05-01 20:37 . 2013-12-03 16:09 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-01 20:37 . 2013-12-03 16:09 694240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-28 08:23 . 2014-05-15 18:21 1287168 ----a-w- c:\windows\system32\schedsvc.dll
2014-03-11 00:41 . 2014-05-15 18:19 323072 ----a-w- c:\windows\SysWow64\schannel.dll
2014-03-11 00:38 . 2014-05-15 18:19 419328 ----a-w- c:\windows\system32\schannel.dll
2014-03-07 00:48 . 2014-04-13 17:37 1766400 ----a-w- c:\windows\SysWow64\wininet.dll
2014-03-07 00:47 . 2014-04-13 17:36 2877952 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-03-07 00:08 . 2014-04-13 17:37 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2014-03-07 00:08 . 2014-04-13 17:37 2240000 ----a-w- c:\windows\system32\wininet.dll
2014-03-07 00:08 . 2014-04-13 17:37 1365504 ----a-w- c:\windows\system32\urlmon.dll
2014-03-07 00:08 . 2014-04-13 17:37 915968 ----a-w- c:\windows\system32\uxtheme.dll
2014-03-07 00:08 . 2014-04-13 17:37 603136 ----a-w- c:\windows\system32\msfeeds.dll
2014-03-07 00:08 . 2014-04-13 17:37 855552 ----a-w- c:\windows\system32\jscript.dll
2014-03-07 00:08 . 2014-04-13 17:36 3959808 ----a-w- c:\windows\system32\jscript9.dll
2014-03-07 00:08 . 2014-04-13 17:37 15404544 ----a-w- c:\windows\system32\ieframe.dll
2014-03-07 00:08 . 2014-04-13 17:36 2648576 ----a-w- c:\windows\system32\iertutil.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-07-15 11:27 222712 ----a-w- c:\users\Mishicka\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-07-15 11:27 222712 ----a-w- c:\users\Mishicka\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-07-15 11:27 222712 ----a-w- c:\users\Mishicka\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"icq"="c:\users\Mishicka\AppData\Roaming\ICQM\icq.exe" [2013-08-27 28698984]
"SDP"="c:\users\Mishicka\AppData\Local\FilesFrog Update Checker\update_checker.exe" [2013-01-31 201808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-08-16 5264016]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2012-08-23 366720]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-28 91432]
"ASUSWebStorage"="c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe" [2012-08-28 3417984]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2012-9-20 549040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R0 SymELAM;Symantec ELAM Driver;c:\windows\system32\drivers\NISx64\1503000.00C\SymELAM.sys;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\SymELAM.sys [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 vmicheartbeat;Služba prezenčního signálu technologie Hyper-V;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1503000.00C\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1503000.00C\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\SYMEFA64.SYS [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [x]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1503000.00C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140602.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140602.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1503000.00C\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1503000.00C\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1503000.00C\SYMNETS.SYS [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 ClickToRunSvc;Služba Microsoft Office ClickToRun;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 ATP;ASUS Input Device;c:\windows\System32\drivers\AsusTP.sys;c:\windows\SYSNATIVE\drivers\AsusTP.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 BthLEEnum;Ovladač úspory energie technologie Bluetooth;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 HIDSwitch;ASUS Wireless Radio Control;c:\windows\System32\drivers\AsHIDSwitch64.sys;c:\windows\SYSNATIVE\drivers\AsHIDSwitch64.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C63x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C63x64.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-22 18:59 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-07-15 11:27 261624 ----a-w- c:\users\Mishicka\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-07-15 11:27 261624 ----a-w- c:\users\Mishicka\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-07-15 11:27 261624 ----a-w- c:\users\Mishicka\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-05-24 16:14 2333400 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-05-24 16:14 2333400 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-05-24 16:14 2333400 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]
@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"
[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]
2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-16 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-16 398656]
"BtTray"="c:\program files (x86)\Bluetooth Suite\BtTray.exe" [2012-08-10 764032]
"BtvStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-08-10 127616]
"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-06-07 90832]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.search.ask.com/?o=apn10640a&gct=hp& ... 97-145&t=4
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 85.193.0.1 192.168.1.254
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{2A836234-186C-41A0-9863-40BECDEDED9F} - (no file)
Toolbar-Locked - (no file)
Toolbar-{3444c3c5-6c56-4a16-a453-832b05bf6ea4} - (no file)
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NISx64\1503000.00C\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12;c:\program files (x86)\Norton Internet Security\Engine64\21.3.0.12"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
c:\program files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\windows\SysWOW64\ACEngSvr.exe
c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
.
**************************************************************************
.
Celkový čas: 2014-06-03 19:05:29 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-06-03 17:05
ComboFix2.txt 2014-06-03 08:32
.
Před spuštěním: 135 981 936 640 bytes free
Po spuštění: 135 555 821 568 bytes free
.
- - End Of File - - FD1FF885EC6C3194982C95494F14A6CF
-
Rudy
- Site Admin
- Příspěvky: 119541
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Chtěla bych poprosit o zkontrolování CF logu
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Chtěla bych poprosit o zkontrolování CF logu
Změna nastala po prvním použití CF, kdy kleslo využití CPU, teď po domazání jsem žádnou viditelnou změnu nezaznamenala. Děkuji, snad to už bude v pořádku.
-
Rudy
- Site Admin
- Příspěvky: 119541
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Chtěla bych poprosit o zkontrolování CF logu
Rádo se stalo!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?