log z combofix (po problémech s conhost.exe)

[kubak]

Dobrý den.
Po té co N360 nahlásil zablokovaní neautorizovaného přístupu z conhost.exe jsem projel celé PC pomocí N360 a všech jeho dalších nástrojů. PC se nepřestávalo zasekávat a tak jsem použil combofix. PC se přestalo sekat. Přesto raději poprosím odborníky, zda by nemrkli na níže uvedený log. MOC DĚKUJU!

ComboFix 14-08-31.01 - kuba 03.09.2014 10:38:35.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.16374.12969 [GMT 2:00]
Spuštěný z: c:\users\kuba\Desktop\xyz.exe
AV: Norton 360 *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton 360 *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton 360 *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\87443810NZZ
c:\users\kuba\AppData\Local\assembly\tmp
c:\users\kuba\AppData\Roaming\Mozilla\Firefox\Profiles\at16fwip.default\search-metadata.json
E:\install.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-08-03 do 2014-09-03 )))))))))))))))))))))))))))))))
.
.
2014-09-03 08:47 . 2014-09-03 08:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-03 07:50 . 2014-09-03 07:50 -------- d-----w- c:\windows\SysWow64\N360_BACKUP
2014-09-03 07:39 . 2014-09-03 07:39 96856 ----a-w- c:\windows\system32\drivers\SMR410.SYS
2014-08-28 08:32 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-28 08:32 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-28 08:32 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-26 12:46 . 2014-08-26 14:04 -------- d-----w- c:\users\kuba\AppData\Roaming\uTorrent
2014-08-20 08:36 . 2014-08-20 08:36 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-08-20 08:36 . 2014-08-20 08:36 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-20 08:36 . 2014-08-20 08:36 -------- d-----w- c:\program files (x86)\Java
2014-08-14 07:15 . 2014-07-07 06:29 -------- d---a-w- c:\users\kuba\AppData\Roaming\com.adobe.AdobeMuseCC.2014.1
2014-08-13 08:28 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-13 08:28 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-13 08:28 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-13 08:28 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-13 08:28 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-13 08:28 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-13 08:28 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-13 08:28 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-13 04:22 . 2014-07-31 23:16 812224 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe
2014-08-10 13:29 . 2014-08-28 00:26 -------- d-----w- c:\windows\system32\drivers\N360x64\1505000.013
2014-08-07 11:09 . 2014-08-07 11:09 -------- d-----w- c:\users\kuba\AppData\Local\TuneUp Software
2014-08-07 11:00 . 2014-07-16 08:24 43320 ----a-w- c:\windows\system32\uxtuneup.dll
2014-08-07 11:00 . 2014-07-16 08:24 36152 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2014-08-07 10:59 . 2014-07-16 08:24 40760 ----a-w- c:\windows\system32\TURegOpt.exe
2014-08-07 10:59 . 2014-07-16 08:24 29496 ----a-w- c:\windows\system32\authuitu.dll
2014-08-07 10:59 . 2014-07-16 08:24 25400 ----a-w- c:\windows\SysWow64\authuitu.dll
2014-08-07 10:59 . 2014-08-07 10:59 -------- d-----w- c:\users\kuba\AppData\Roaming\TuneUp Software
2014-08-07 10:59 . 2014-08-07 11:10 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2014
2014-08-07 10:58 . 2014-08-07 11:00 -------- d-----w- c:\programdata\TuneUp Software
2014-08-07 10:58 . 2014-08-07 11:05 -------- d-sh--w- c:\programdata\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-28 12:05 . 2012-07-17 13:37 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-26 12:42 . 2014-02-04 17:28 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-26 12:42 . 2014-02-04 17:28 699568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-13 08:30 . 2014-02-04 15:41 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-07-11 07:01 . 2014-03-01 18:10 20832 ----a-w- c:\windows\system32\drivers\DDCDrv.sys
2014-07-11 07:01 . 2014-03-01 18:10 145920 ----a-w- c:\windows\system32\DDCHelper.dll
2014-07-11 07:01 . 2014-03-01 18:10 125440 ----a-w- c:\windows\system32\DDCHelperX.dll
2014-07-11 07:01 . 2014-03-01 18:10 108032 ----a-w- c:\windows\SysWow64\DDCHelperX.dll
2014-07-11 07:01 . 2014-03-01 18:10 10240 ----a-w- c:\windows\SysWow64\drivers\DDCDrv.sys
2014-06-23 15:13 . 2014-06-23 15:13 382832 ----a-w- c:\windows\SysWow64\XRiteDevice.dll
2014-06-22 08:42 . 2014-06-22 08:42 78432 ----a-w- c:\windows\system32\atimpc64.dll
2014-06-22 08:42 . 2014-06-22 08:42 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2014-06-22 08:42 . 2014-06-22 08:42 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2014-06-22 08:42 . 2014-06-22 08:42 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2014-06-22 08:42 . 2014-06-22 08:42 143304 ----a-w- c:\windows\system32\atiuxp64.dll
2014-06-22 08:42 . 2014-03-14 18:08 126336 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2014-06-22 08:41 . 2014-06-22 08:41 116024 ----a-w- c:\windows\system32\atiu9p64.dll
2014-06-22 08:41 . 2013-12-24 07:38 99008 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2014-06-22 08:41 . 2014-06-22 08:41 1329864 ----a-w- c:\windows\system32\aticfx64.dll
2014-06-22 08:41 . 2013-12-24 07:36 1107384 ----a-w- c:\windows\SysWow64\aticfx32.dll
2014-06-22 08:41 . 2014-06-22 08:41 10177112 ----a-w- c:\windows\system32\atidxx64.dll
2014-06-22 08:41 . 2014-03-14 18:08 8764952 ----a-w- c:\windows\SysWow64\atidxx32.dll
2014-06-22 08:41 . 2013-12-24 07:34 10147688 ----a-w- c:\windows\SysWow64\atiumdva.dll
2014-06-22 08:41 . 2013-12-24 07:33 6715752 ----a-w- c:\windows\SysWow64\atiumdag.dll
2014-06-22 08:41 . 2014-06-22 08:41 10901696 ----a-w- c:\windows\system32\atiumd6a.dll
2014-06-22 08:41 . 2014-06-22 08:41 7896632 ----a-w- c:\windows\system32\atiumd64.dll
2014-06-22 08:35 . 2014-06-22 08:35 13955584 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2014-06-22 08:21 . 2014-06-22 08:21 230912 ----a-w- c:\windows\system32\clinfo.exe
2014-06-22 08:21 . 2014-06-22 08:21 98816 ----a-w- c:\windows\system32\OpenVideo64.dll
2014-06-22 08:20 . 2014-06-22 08:20 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2014-06-22 08:20 . 2014-06-22 08:20 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2014-06-22 08:20 . 2014-06-22 08:20 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll
2014-06-22 08:20 . 2014-06-22 08:20 28427264 ----a-w- c:\windows\system32\amdocl64.dll
2014-06-22 08:18 . 2014-06-22 08:18 23905280 ----a-w- c:\windows\SysWow64\amdocl.dll
2014-06-22 08:15 . 2014-06-22 08:15 65024 ----a-w- c:\windows\system32\OpenCL.dll
2014-06-22 08:15 . 2014-06-22 08:15 58880 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-06-22 08:05 . 2014-06-22 08:05 368640 ----a-w- c:\windows\system32\atiapfxx.exe
2014-06-22 08:05 . 2014-06-22 08:05 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2014-06-22 08:05 . 2014-06-22 08:05 27228672 ----a-w- c:\windows\system32\atio6axx.dll
2014-06-22 08:05 . 2014-06-22 08:05 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2014-06-22 08:05 . 2014-06-22 08:05 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2014-06-22 08:05 . 2014-06-22 08:05 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2014-06-22 08:04 . 2014-06-22 08:04 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
2014-06-22 08:01 . 2014-06-22 08:01 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2014-06-22 07:45 . 2014-06-22 07:45 22903296 ----a-w- c:\windows\SysWow64\atioglxx.dll
2014-06-22 07:44 . 2014-06-22 07:44 442368 ----a-w- c:\windows\system32\atidemgy.dll
2014-06-22 07:44 . 2014-06-22 07:44 31232 ----a-w- c:\windows\system32\atimuixx.dll
2014-06-22 07:44 . 2014-06-22 07:44 589824 ----a-w- c:\windows\system32\atieclxx.exe
2014-06-22 07:43 . 2014-06-22 07:43 240128 ----a-w- c:\windows\system32\atiesrxx.exe
2014-06-22 07:41 . 2014-06-22 07:41 190976 ----a-w- c:\windows\system32\atitmm64.dll
2014-06-22 07:30 . 2014-06-22 07:30 44544 ----a-w- c:\windows\system32\amdmmcl6.dll
2014-06-22 07:30 . 2014-06-22 07:30 35840 ----a-w- c:\windows\SysWow64\amdmmcl.dll
2014-06-22 07:18 . 2014-05-20 18:31 808960 ----a-w- c:\windows\system32\coinst_13.352.dll
2014-06-22 07:07 . 2014-06-22 07:07 1147904 ----a-w- c:\windows\system32\atiadlxx.dll
2014-06-22 07:07 . 2014-06-22 07:07 826880 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2014-06-22 07:07 . 2014-06-22 07:07 75264 ----a-w- c:\windows\system32\atig6pxx.dll
2014-06-22 07:07 . 2014-06-22 07:07 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2014-06-22 07:07 . 2014-06-22 07:07 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2014-06-22 07:07 . 2014-06-22 07:07 146432 ----a-w- c:\windows\system32\atig6txx.dll
2014-06-22 07:06 . 2014-06-22 07:06 133120 ----a-w- c:\windows\SysWow64\atigktxx.dll
2014-06-22 07:06 . 2014-06-22 07:06 630784 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2014-06-22 07:02 . 2014-06-22 07:02 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2014-06-22 02:31 . 2014-06-22 02:31 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
2014-06-22 02:26 . 2014-06-22 02:26 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2014-06-21 07:49 . 2014-06-21 07:49 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2014-06-18 02:18 . 2014-07-09 21:52 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 21:52 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-17 00:57 . 2014-07-08 09:35 10779000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F1434496-C09C-446E-BA43-80CE0CB4703B}\mpengine.dll
2014-06-06 10:10 . 2014-07-09 21:52 624128 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-09 21:52 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-09 21:52 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-09 21:52 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-09 21:52 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-08-01 18:53 233128 ----a-w- c:\users\kuba\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-08-01 18:53 233128 ----a-w- c:\users\kuba\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-08-01 18:53 233128 ----a-w- c:\users\kuba\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-07-08 12:11 463360 ----a-w- c:\users\kuba\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-07-08 12:11 463360 ----a-w- c:\users\kuba\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-07-08 12:11 463360 ----a-w- c:\users\kuba\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NextLive"="c:\users\kuba\AppData\Roaming\newnext.me\nengine.dll" [2014-01-06 1283584]
"SkyDrive"="c:\users\kuba\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2014-08-01 251040]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2014-07-15 39408]
"Grid"="c:\program files (x86)\ATI Technologies\HydraVision\HydraGrd.exe" [2013-12-24 401408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2014-07-22 2694040]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2012-09-23 3477640]
"RUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe" [2011-09-20 115048]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"FontExpertType1Loader"="c:\program files (x86)\FontExpert\Type1Loader.exe" [2010-05-14 294208]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-06-22 767200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-07-23 688984]
.
c:\users\kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
i1Profiler Tray.lnk - c:\program files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe [2014-3-1 2519552]
Logo Calibration Loader.lnk - c:\program files (x86)\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [2014-3-1 708608]
ProfileReminder.lnk - c:\program files (x86)\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [2014-3-1 954368]
SrvMod.lnk - c:\windows\twain_32\L12U16U2\SrvMod.exe [2008-7-23 49152]
XRGamma.lnk - c:\program files (x86)\X-Rite\i1Profiler\XRGamma.exe [2014-3-1 802816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys;c:\windows\SYSNATIVE\drivers\pdihwctl.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 EyeOneDisplay;EyeOneDisplay;c:\windows\system32\Drivers\i1display_x64.sys;c:\windows\SYSNATIVE\Drivers\i1display_x64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Samsung UPD Service2;Samsung UPD Service2;c:\windows\System32\SUPDSvc2.exe;c:\windows\SYSNATIVE\SUPDSvc2.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 vdisk;Virtual Disk Driver;c:\windows\system32\DRIVERS\vdisk.sys;c:\windows\SYSNATIVE\DRIVERS\vdisk.sys [x]
R3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\kuba\AppData\Local\Temp\tmp7AF9.tmp;c:\users\kuba\AppData\Local\Temp\tmp7AF9.tmp [x]
R3 WSDScan;Podpora skenování WSD přes UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);c:\program files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE;c:\program files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 oodisr;O&O DiskImage Snapshot/Restore Driver;c:\windows\system32\DRIVERS\oodisr.sys;c:\windows\SYSNATIVE\DRIVERS\oodisr.sys [x]
S0 oodisrh;oodisrh;c:\windows\system32\DRIVERS\oodisrh.sys;c:\windows\SYSNATIVE\DRIVERS\oodisrh.sys [x]
S0 oodivd;O&O DiskImage Virtual Devices Driver;c:\windows\system32\DRIVERS\oodivd.sys;c:\windows\SYSNATIVE\DRIVERS\oodivd.sys [x]
S0 oodivdh;oodivdh;c:\windows\system32\DRIVERS\oodivdh.sys;c:\windows\SYSNATIVE\DRIVERS\oodivdh.sys [x]
S0 SMR410;Symantec SMR Utility Service 4.1.0;c:\windows\System32\drivers\SMR410.SYS;c:\windows\SYSNATIVE\drivers\SMR410.SYS [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1505000.013\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1505000.013\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1505000.013\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1505000.013\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140821.007\BHDrvx64.sys;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140821.007\BHDrvx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1505000.013\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1505000.013\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140901.001\IDSvia64.sys;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140901.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1505000.013\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1505000.013\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1505000.013\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1505000.013\SYMNETS.SYS [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run;c:\windows\SYSNATIVE\hasplms.exe -run [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 IOCBIOS;IOCBIOS;c:\programdata\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.sys;c:\programdata\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.sys [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\21.5.0.19\N360.exe;c:\program files (x86)\Norton 360\Engine\21.5.0.19\N360.exe [x]
S2 OO DiskImage;OO DiskImage;c:\program files\OO Software\DiskImage\oodiag.exe;c:\program files\OO Software\DiskImage\oodiag.exe [x]
S2 PSI_SVC_2_x64;Corel License Validation Service V2 x64, Powered by arvato;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [x]
S2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\system32\drivers\DDCDrv.sys;c:\windows\SYSNATIVE\drivers\DDCDrv.sys [x]
S2 xrdd.exe;X-Rite Device Services Manager;c:\program files (x86)\X-Rite\Devices\Services\xrdd.exe;c:\program files (x86)\X-Rite\Devices\Services\xrdd.exe [x]
S2 XTUService;Intel(R) Extreme Tuning Utility;c:\program files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe;c:\program files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 e1kexpress;Intel(R) Network Connections Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 EyeOne;EyeOne;c:\windows\system32\Drivers\i1_x64.sys;c:\windows\SYSNATIVE\Drivers\i1_x64.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\rusb3hub.sys [x]
S3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\rusb3xhc.sys [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys;c:\windows\SYSNATIVE\DRIVERS\teamviewervpn.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-13 12:51 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-09-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-04 12:42]
.
2014-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-04 16:22]
.
2014-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-04 16:22]
.
2014-09-03 c:\windows\Tasks\OO DiskImage {0c871c33-6807-42de-a27d-187132c51a68}.job
- c:\program files\OO Software\DiskImage\oodiag.exe [2014-08-04 13:57]
.
2014-09-03 c:\windows\Tasks\OO DiskImage {420417f3-7e6a-4016-9f08-9a0b9988e68c}.job
- c:\program files\OO Software\DiskImage\oodiag.exe [2014-08-04 13:57]
.
2014-09-03 c:\windows\Tasks\OO DiskImage {c617d1fd-d25a-4205-90ea-15c04fa85d2d}.job
- c:\program files\OO Software\DiskImage\oodiag.exe [2014-08-04 13:57]
.
2014-09-03 c:\windows\Tasks\X-Rite Device Services Software Updater.job
- c:\program files (x86)\X-Rite\Devices\Services\XRD Software Update.exe [2014-06-23 15:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-05-30 09:42 2471744 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2014-07-16 09:06 672416 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2014-07-16 09:06 672416 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2014-07-16 09:06 672416 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-08-01 18:53 260776 ----a-w- c:\users\kuba\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-08-01 18:53 260776 ----a-w- c:\users\kuba\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-08-01 18:53 260776 ----a-w- c:\users\kuba\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-07-08 12:11 470016 ----a-w- c:\users\kuba\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-07-08 12:11 470016 ----a-w- c:\users\kuba\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-07-08 12:11 470016 ----a-w- c:\users\kuba\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OODIIcon]
@="{14A94384-BBED-47ed-86C0-6BF63FD892D0}"
[HKEY_CLASSES_ROOT\CLSID\{14A94384-BBED-47ed-86C0-6BF63FD892D0}]
2014-08-04 13:58 114984 ----a-w- c:\program files\OO Software\DiskImage\oodishi.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-03-22 36352]
"OODITRAY.EXE"="c:\program files\OO Software\DiskImage\ooditray.exe" [2014-08-04 6336808]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-27 558496]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-05-30 13672152]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Převést cíl vazby do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{9AE50D72-20FB-43F3-94FB-51EA747180B2}: NameServer = 8.8.8.8
FF - ProfilePath - c:\users\kuba\AppData\Roaming\Mozilla\Firefox\Profiles\at16fwip.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\21.5.0.19\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\21.5.0.19\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1505000.013\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton 360\Engine\21.5.0.19;c:\program files (x86)\Norton 360\Engine64\21.5.0.19"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\kuba\AppData\Local\Temp\tmp7AF9.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODI08.00.00.01PRO"="556E430E91D9CFEC8F90884F4C8428A1F9FB7661CE0122EDAEA17AA8D3E03CD7B2C26A6AC0CFEA046E7D4B66DFD0753A3E32B6B83A43D93007AE430B73BC4022E2B1859FC3B286405B3D229F72F2D57035FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D14078EDD5E5BE2F6E667BA7FD869164D6794A6171C11EC38DE3D53303E3CBF1CF4F2B48529315B0398819B85AC1F967EEC3B9DF8635DF07D62A0C50EC67AD00AA548EAE5FEC3FB605EAECB390D5060133A8A03FC3B282A474A3844ABE377B0742E396D8B05CB2DBE92B76B90A26D3FDE7C29E34B813CCB15656E3AE4A4A52231A798DE32A5A674A73C2C70CBD6DB20BB4700AA423CA6C83373A328594CDF3C1C9EE073D901162FA6D4BBE56A46674506A2185703265CE46F2ADBA36BCE5FE716142DF4C56B3F8CCC4B3D68B1413DC0A088227C752B34BC1C303ED2C2DAC7E6037DC0BF00EB2C902E7FABAB2B4CEF7D7167EF42426D683B90211773C9CA1C49C8C2FEC6D33D491364492375241F773860A3F7E258439AA3A78ED5D53034C477D443708D5150683F0B73E6A02DA72C00DB93D62EEAB44C0C3FFA8F5DE9DB0E2A954DC3AECCC73F15C3395C9A1C064E3B56824A08ED0066DC3A5F7A82ACBD2873FE2848D5DEFA66E832CE0CE6098DFD22452EB5E59C1633557F28F3D273072833880B734662F6DC628159A61AD2C8C3C1A1CB1F55F41E628679337B6CFE9A85A12F255ED3F77902FC5AF37C5F98738879E90132F3B97007D596573585D18E9DC97115C56884769C08702B8375417C1C011EE9BDF5EF1B9AFD4ADAE764322F3089D2710B01AF1656A77702D5AE758AAF5E4693B422E2DD758B8B7A01E72CF863945B42B1AF65333B54296DB06FA1755A6FEA822E54A0B0586253650FFD8E1FBCEF16856319D6DDBD593F59F634F6C996E419AE647AF93CE7B5A141462C6D89A9F714ABEDF576D932D67D22AD0A6CC742436281361906DC291178A37F8A1FD07C5C6799C014FD9C533FA61B7F1438649F645ED9A7471F2689D1DE1CB5C53EC3669CA8A971556854BEDC04893A885A48D573240B5EB0E3DCD6A9DEA6889D2B660392F327B92E76DF74C863A6503192CDEEF1D35DA693B479C59D873A3EE508ED4D67E7D375A82D525AF313A155EBE588D8B58C896EC4B9AA6D89ECBD3B88BBC4249BA7E4A4E05372B9A1E99C85AB9D3CE6E576414729DC514898230D0E00730B4E7FDC836E0975BC406BBE2DBE76C7E0CF7F39256B3ECA04374EC5F8E45D1C1173BB31CB9AE5E36180BAEF5C0267B4A22C55034E3312F50B7C80F3C495C3695E9FCA56CE16D1B2C26D51DCAA74AA78627B0986461EC895644057D0A896ED53ADC3F9FD13F139B9F762C16A08E185EE352195F80DCF1924428DD20251"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-09-03 11:00:32
ComboFix-quarantined-files.txt 2014-09-03 09:00
.
Před spuštěním: Volných bajtů: 28 279 443 456
Po spuštění: Volných bajtů: 28 861 116 416
.
- - End Of File - - 7751689D06E02D08532203B20DCAF64B
A36C5E4F47E84449FF07ED3517B43A31

[Rudy]

Zdravím!
Proč spouštíte ComboFix, profesionální utilitu, která není určena laikům? Hodláte si nabořit systém, nebo některou aplikaci?

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Folder::
c:\program files (x86)\Google\GoogleToolbarNotifier

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=-

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Regnull::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]

Reboot::

Uložte nna plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[kubak]

Zoufalost a časový press kvůli zakázce od klienta, který mne ve své podstatě živí... A modlil jsem se, aby to systém nezbouralo. Za chvilku udělám a dám vědět.
Díky moc!!!

[Rudy]

Zoufalost a časový press kvůli zakázce od klienta, který mne ve své podstatě živí... A modlil jsem se, aby to systém nezbouralo. Za chvilku udělám a dám vědět.
Díky moc!!!

Ani já si nedovolím spustit CF bez předchozí kontrolxy běžným skenerem. Abych si mohl dovolit CF spustit, musím vědět, co v systému běží.

[kubak]

Tak tady to je.
Moc děkuju!

ComboFix 14-08-31.01 - kuba 03.09.2014 20:07:56.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.16374.13820 [GMT 2:00]
Spuštěný z: c:\users\kuba\Desktop\xyz.exe
Použité ovládací přepínače :: c:\users\kuba\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton 360 *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton 360 *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\GoogleToolbarNotifier
c:\program files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\gth.dll
c:\program files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\gtn.dll
c:\program files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\Readme.url
c:\program files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\users\kuba\AppData\Local\assembly\tmp
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-08-03 do 2014-09-03 )))))))))))))))))))))))))))))))
.
.
2014-09-03 18:17 . 2014-09-03 18:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-03 07:50 . 2014-09-03 07:50 -------- d-----w- c:\windows\SysWow64\N360_BACKUP
2014-08-28 08:32 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-28 08:32 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-28 08:32 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-26 12:46 . 2014-08-26 14:04 -------- d-----w- c:\users\kuba\AppData\Roaming\uTorrent
2014-08-20 08:36 . 2014-08-20 08:36 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-08-20 08:36 . 2014-08-20 08:36 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-20 08:36 . 2014-08-20 08:36 -------- d-----w- c:\program files (x86)\Java
2014-08-14 07:15 . 2014-07-07 06:29 -------- d---a-w- c:\users\kuba\AppData\Roaming\com.adobe.AdobeMuseCC.2014.1
2014-08-13 08:28 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-13 08:28 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-13 08:28 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-13 08:28 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-13 08:28 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-13 08:28 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-13 08:28 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-13 08:28 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-13 04:22 . 2014-07-31 23:16 812224 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe
2014-08-10 13:29 . 2014-08-28 00:26 -------- d-----w- c:\windows\system32\drivers\N360x64\1505000.013
2014-08-07 11:09 . 2014-08-07 11:09 -------- d-----w- c:\users\kuba\AppData\Local\TuneUp Software
2014-08-07 11:00 . 2014-07-16 08:24 43320 ----a-w- c:\windows\system32\uxtuneup.dll
2014-08-07 11:00 . 2014-07-16 08:24 36152 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2014-08-07 10:59 . 2014-07-16 08:24 40760 ----a-w- c:\windows\system32\TURegOpt.exe
2014-08-07 10:59 . 2014-07-16 08:24 29496 ----a-w- c:\windows\system32\authuitu.dll
2014-08-07 10:59 . 2014-07-16 08:24 25400 ----a-w- c:\windows\SysWow64\authuitu.dll
2014-08-07 10:59 . 2014-08-07 10:59 -------- d-----w- c:\users\kuba\AppData\Roaming\TuneUp Software
2014-08-07 10:59 . 2014-08-07 11:10 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2014
2014-08-07 10:58 . 2014-08-07 11:00 -------- d-----w- c:\programdata\TuneUp Software
2014-08-07 10:58 . 2014-08-07 11:05 -------- d-sh--w- c:\programdata\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-28 12:05 . 2012-07-17 13:37 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-26 12:42 . 2014-02-04 17:28 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-26 12:42 . 2014-02-04 17:28 699568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-13 08:30 . 2014-02-04 15:41 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-07-11 07:01 . 2014-03-01 18:10 20832 ----a-w- c:\windows\system32\drivers\DDCDrv.sys
2014-07-11 07:01 . 2014-03-01 18:10 145920 ----a-w- c:\windows\system32\DDCHelper.dll
2014-07-11 07:01 . 2014-03-01 18:10 125440 ----a-w- c:\windows\system32\DDCHelperX.dll
2014-07-11 07:01 . 2014-03-01 18:10 108032 ----a-w- c:\windows\SysWow64\DDCHelperX.dll
2014-07-11 07:01 . 2014-03-01 18:10 10240 ----a-w- c:\windows\SysWow64\drivers\DDCDrv.sys
2014-06-23 15:13 . 2014-06-23 15:13 382832 ----a-w- c:\windows\SysWow64\XRiteDevice.dll
2014-06-22 08:42 . 2014-06-22 08:42 78432 ----a-w- c:\windows\system32\atimpc64.dll
2014-06-22 08:42 . 2014-06-22 08:42 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2014-06-22 08:42 . 2014-06-22 08:42 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2014-06-22 08:42 . 2014-06-22 08:42 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2014-06-22 08:42 . 2014-06-22 08:42 143304 ----a-w- c:\windows\system32\atiuxp64.dll
2014-06-22 08:42 . 2014-03-14 18:08 126336 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2014-06-22 08:41 . 2014-06-22 08:41 116024 ----a-w- c:\windows\system32\atiu9p64.dll
2014-06-22 08:41 . 2013-12-24 07:38 99008 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2014-06-22 08:41 . 2014-06-22 08:41 1329864 ----a-w- c:\windows\system32\aticfx64.dll
2014-06-22 08:41 . 2013-12-24 07:36 1107384 ----a-w- c:\windows\SysWow64\aticfx32.dll
2014-06-22 08:41 . 2014-06-22 08:41 10177112 ----a-w- c:\windows\system32\atidxx64.dll
2014-06-22 08:41 . 2014-03-14 18:08 8764952 ----a-w- c:\windows\SysWow64\atidxx32.dll
2014-06-22 08:41 . 2013-12-24 07:34 10147688 ----a-w- c:\windows\SysWow64\atiumdva.dll
2014-06-22 08:41 . 2013-12-24 07:33 6715752 ----a-w- c:\windows\SysWow64\atiumdag.dll
2014-06-22 08:41 . 2014-06-22 08:41 10901696 ----a-w- c:\windows\system32\atiumd6a.dll
2014-06-22 08:41 . 2014-06-22 08:41 7896632 ----a-w- c:\windows\system32\atiumd64.dll
2014-06-22 08:35 . 2014-06-22 08:35 13955584 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2014-06-22 08:21 . 2014-06-22 08:21 230912 ----a-w- c:\windows\system32\clinfo.exe
2014-06-22 08:21 . 2014-06-22 08:21 98816 ----a-w- c:\windows\system32\OpenVideo64.dll
2014-06-22 08:20 . 2014-06-22 08:20 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2014-06-22 08:20 . 2014-06-22 08:20 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2014-06-22 08:20 . 2014-06-22 08:20 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll
2014-06-22 08:20 . 2014-06-22 08:20 28427264 ----a-w- c:\windows\system32\amdocl64.dll
2014-06-22 08:18 . 2014-06-22 08:18 23905280 ----a-w- c:\windows\SysWow64\amdocl.dll
2014-06-22 08:15 . 2014-06-22 08:15 65024 ----a-w- c:\windows\system32\OpenCL.dll
2014-06-22 08:15 . 2014-06-22 08:15 58880 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-06-22 08:05 . 2014-06-22 08:05 368640 ----a-w- c:\windows\system32\atiapfxx.exe
2014-06-22 08:05 . 2014-06-22 08:05 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2014-06-22 08:05 . 2014-06-22 08:05 27228672 ----a-w- c:\windows\system32\atio6axx.dll
2014-06-22 08:05 . 2014-06-22 08:05 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2014-06-22 08:05 . 2014-06-22 08:05 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2014-06-22 08:05 . 2014-06-22 08:05 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2014-06-22 08:04 . 2014-06-22 08:04 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
2014-06-22 08:01 . 2014-06-22 08:01 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2014-06-22 07:45 . 2014-06-22 07:45 22903296 ----a-w- c:\windows\SysWow64\atioglxx.dll
2014-06-22 07:44 . 2014-06-22 07:44 442368 ----a-w- c:\windows\system32\atidemgy.dll
2014-06-22 07:44 . 2014-06-22 07:44 31232 ----a-w- c:\windows\system32\atimuixx.dll
2014-06-22 07:44 . 2014-06-22 07:44 589824 ----a-w- c:\windows\system32\atieclxx.exe
2014-06-22 07:43 . 2014-06-22 07:43 240128 ----a-w- c:\windows\system32\atiesrxx.exe
2014-06-22 07:41 . 2014-06-22 07:41 190976 ----a-w- c:\windows\system32\atitmm64.dll
2014-06-22 07:30 . 2014-06-22 07:30 44544 ----a-w- c:\windows\system32\amdmmcl6.dll
2014-06-22 07:30 . 2014-06-22 07:30 35840 ----a-w- c:\windows\SysWow64\amdmmcl.dll
2014-06-22 07:18 . 2014-05-20 18:31 808960 ----a-w- c:\windows\system32\coinst_13.352.dll
2014-06-22 07:07 . 2014-06-22 07:07 1147904 ----a-w- c:\windows\system32\atiadlxx.dll
2014-06-22 07:07 . 2014-06-22 07:07 826880 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2014-06-22 07:07 . 2014-06-22 07:07 75264 ----a-w- c:\windows\system32\atig6pxx.dll
2014-06-22 07:07 . 2014-06-22 07:07 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2014-06-22 07:07 . 2014-06-22 07:07 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2014-06-22 07:07 . 2014-06-22 07:07 146432 ----a-w- c:\windows\system32\atig6txx.dll
2014-06-22 07:06 . 2014-06-22 07:06 133120 ----a-w- c:\windows\SysWow64\atigktxx.dll
2014-06-22 07:06 . 2014-06-22 07:06 630784 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2014-06-22 07:02 . 2014-06-22 07:02 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2014-06-22 02:31 . 2014-06-22 02:31 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
2014-06-22 02:26 . 2014-06-22 02:26 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2014-06-21 07:49 . 2014-06-21 07:49 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2014-06-18 02:18 . 2014-07-09 21:52 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 21:52 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-17 00:57 . 2014-07-08 09:35 10779000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F1434496-C09C-446E-BA43-80CE0CB4703B}\mpengine.dll
2014-06-06 10:10 . 2014-07-09 21:52 624128 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-09 21:52 509440 ----a-w- c:\windows\SysWow64\qedit.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-08-01 18:53 233128 ----a-w- c:\users\kuba\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-08-01 18:53 233128 ----a-w- c:\users\kuba\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-08-01 18:53 233128 ----a-w- c:\users\kuba\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-07-08 12:11 463360 ----a-w- c:\users\kuba\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-07-08 12:11 463360 ----a-w- c:\users\kuba\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-07-08 12:11 463360 ----a-w- c:\users\kuba\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NextLive"="c:\users\kuba\AppData\Roaming\newnext.me\nengine.dll" [2014-01-06 1283584]
"SkyDrive"="c:\users\kuba\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2014-08-01 251040]
"Grid"="c:\program files (x86)\ATI Technologies\HydraVision\HydraGrd.exe" [2013-12-24 401408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2014-07-22 2694040]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2012-09-23 3477640]
"RUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe" [2011-09-20 115048]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"FontExpertType1Loader"="c:\program files (x86)\FontExpert\Type1Loader.exe" [2010-05-14 294208]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-06-22 767200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-07-23 688984]
.
c:\users\kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
i1Profiler Tray.lnk - c:\program files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe [2014-3-1 2519552]
Logo Calibration Loader.lnk - c:\program files (x86)\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [2014-3-1 708608]
ProfileReminder.lnk - c:\program files (x86)\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [2014-3-1 954368]
SrvMod.lnk - c:\windows\twain_32\L12U16U2\SrvMod.exe [2008-7-23 49152]
XRGamma.lnk - c:\program files (x86)\X-Rite\i1Profiler\XRGamma.exe [2014-3-1 802816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys;c:\windows\SYSNATIVE\drivers\pdihwctl.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 EyeOneDisplay;EyeOneDisplay;c:\windows\system32\Drivers\i1display_x64.sys;c:\windows\SYSNATIVE\Drivers\i1display_x64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Samsung UPD Service2;Samsung UPD Service2;c:\windows\System32\SUPDSvc2.exe;c:\windows\SYSNATIVE\SUPDSvc2.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 vdisk;Virtual Disk Driver;c:\windows\system32\DRIVERS\vdisk.sys;c:\windows\SYSNATIVE\DRIVERS\vdisk.sys [x]
R3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\kuba\AppData\Local\Temp\tmp7AF9.tmp;c:\users\kuba\AppData\Local\Temp\tmp7AF9.tmp [x]
R3 WSDScan;Podpora skenování WSD přes UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);c:\program files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE;c:\program files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 oodisr;O&O DiskImage Snapshot/Restore Driver;c:\windows\system32\DRIVERS\oodisr.sys;c:\windows\SYSNATIVE\DRIVERS\oodisr.sys [x]
S0 oodisrh;oodisrh;c:\windows\system32\DRIVERS\oodisrh.sys;c:\windows\SYSNATIVE\DRIVERS\oodisrh.sys [x]
S0 oodivd;O&O DiskImage Virtual Devices Driver;c:\windows\system32\DRIVERS\oodivd.sys;c:\windows\SYSNATIVE\DRIVERS\oodivd.sys [x]
S0 oodivdh;oodivdh;c:\windows\system32\DRIVERS\oodivdh.sys;c:\windows\SYSNATIVE\DRIVERS\oodivdh.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1505000.013\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1505000.013\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1505000.013\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1505000.013\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140821.007\BHDrvx64.sys;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140821.007\BHDrvx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1505000.013\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1505000.013\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140901.001\IDSvia64.sys;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140901.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1505000.013\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1505000.013\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1505000.013\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1505000.013\SYMNETS.SYS [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run;c:\windows\SYSNATIVE\hasplms.exe -run [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 IOCBIOS;IOCBIOS;c:\programdata\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.sys;c:\programdata\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.sys [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\21.5.0.19\N360.exe;c:\program files (x86)\Norton 360\Engine\21.5.0.19\N360.exe [x]
S2 OO DiskImage;OO DiskImage;c:\program files\OO Software\DiskImage\oodiag.exe;c:\program files\OO Software\DiskImage\oodiag.exe [x]
S2 PSI_SVC_2_x64;Corel License Validation Service V2 x64, Powered by arvato;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [x]
S2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\system32\drivers\DDCDrv.sys;c:\windows\SYSNATIVE\drivers\DDCDrv.sys [x]
S2 xrdd.exe;X-Rite Device Services Manager;c:\program files (x86)\X-Rite\Devices\Services\xrdd.exe;c:\program files (x86)\X-Rite\Devices\Services\xrdd.exe [x]
S2 XTUService;Intel(R) Extreme Tuning Utility;c:\program files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe;c:\program files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 e1kexpress;Intel(R) Network Connections Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 EyeOne;EyeOne;c:\windows\system32\Drivers\i1_x64.sys;c:\windows\SYSNATIVE\Drivers\i1_x64.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\rusb3hub.sys [x]
S3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\rusb3xhc.sys [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys;c:\windows\SYSNATIVE\DRIVERS\teamviewervpn.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-13 12:51 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-09-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-04 12:42]
.
2014-09-03 c:\windows\Tasks\OO DiskImage {0c871c33-6807-42de-a27d-187132c51a68}.job
- c:\program files\OO Software\DiskImage\oodiag.exe [2014-08-04 13:57]
.
2014-09-03 c:\windows\Tasks\OO DiskImage {420417f3-7e6a-4016-9f08-9a0b9988e68c}.job
- c:\program files\OO Software\DiskImage\oodiag.exe [2014-08-04 13:57]
.
2014-09-03 c:\windows\Tasks\OO DiskImage {c617d1fd-d25a-4205-90ea-15c04fa85d2d}.job
- c:\program files\OO Software\DiskImage\oodiag.exe [2014-08-04 13:57]
.
2014-09-03 c:\windows\Tasks\X-Rite Device Services Software Updater.job
- c:\program files (x86)\X-Rite\Devices\Services\XRD Software Update.exe [2014-06-23 15:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-05-30 09:42 2471744 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2014-07-16 09:06 672416 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2014-07-16 09:06 672416 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2014-07-16 09:06 672416 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-08-01 18:53 260776 ----a-w- c:\users\kuba\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-08-01 18:53 260776 ----a-w- c:\users\kuba\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-08-01 18:53 260776 ----a-w- c:\users\kuba\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-07-08 12:11 470016 ----a-w- c:\users\kuba\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-07-08 12:11 470016 ----a-w- c:\users\kuba\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-07-08 12:11 470016 ----a-w- c:\users\kuba\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OODIIcon]
@="{14A94384-BBED-47ed-86C0-6BF63FD892D0}"
[HKEY_CLASSES_ROOT\CLSID\{14A94384-BBED-47ed-86C0-6BF63FD892D0}]
2014-08-04 13:58 114984 ----a-w- c:\program files\OO Software\DiskImage\oodishi.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-03-22 36352]
"OODITRAY.EXE"="c:\program files\OO Software\DiskImage\ooditray.exe" [2014-08-04 6336808]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-27 558496]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-05-30 13672152]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Převést cíl vazby do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{9AE50D72-20FB-43F3-94FB-51EA747180B2}: NameServer = 8.8.8.8
FF - ProfilePath - c:\users\kuba\AppData\Roaming\Mozilla\Firefox\Profiles\at16fwip.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\21.5.0.19\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\21.5.0.19\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1505000.013\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton 360\Engine\21.5.0.19;c:\program files (x86)\Norton 360\Engine64\21.5.0.19"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\kuba\AppData\Local\Temp\tmp7AF9.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODI08.00.00.01PRO"="556E430E91D9CFEC8F90884F4C8428A1F9FB7661CE0122EDAEA17AA8D3E03CD7B2C26A6AC0CFEA046E7D4B66DFD0753A3E32B6B83A43D93007AE430B73BC4022E2B1859FC3B286405B3D229F72F2D57035FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D14078EDD5E5BE2F6E667BA7FD869164D6794A6171C11EC38DE3D53303E3CBF1CF4F2B48529315B0398819B85AC1F967EEC3B9DF8635DF07D62A0C50EC67AD00AA548EAE5FEC3FB605EAECB390D5060133A8A03FC3B282A474A3844ABE377B0742E396D8B05CB2DBE92B76B90A26D3FDE7C29E34B813CCB15656E3AE4A4A52231A798DE32A5A674A73C2C70CBD6DB20BB4700AA423CA6C83373A328594CDF3C1C9EE073D901162FA6D4BBE56A46674506A2185703265CE46F2ADBA36BCE5FE716142DF4C56B3F8CCC4B3D68B1413DC0A088227C752B34BC1C303ED2C2DAC7E6037DC0BF00EB2C902E7FABAB2B4CEF7D7167EF42426D683B90211773C9CA1C49C8C2FEC6D33D491364492375241F773860A3F7E258439AA3A78ED5D53034C477D443708D5150683F0B73E6A02DA72C00DB93D62EEAB44C0C3FFA8F5DE9DB0E2A954DC3AECCC73F15C3395C9A1C064E3B56824A08ED0066DC3A5F7A82ACBD2873FE2848D5DEFA66E832CE0CE6098DFD22452EB5E59C1633557F28F3D273072833880B734662F6DC628159A61AD2C8C3C1A1CB1F55F41E628679337B6CFE9A85A12F255ED3F77902FC5AF37C5F98738879E90132F3B97007D596573585D18E9DC97115C56884769C08702B8375417C1C011EE9BDF5EF1B9AFD4ADAE764322F3089D2710B01AF1656A77702D5AE758AAF5E4693B422E2DD758B8B7A01E72CF863945B42B1AF65333B54296DB06FA1755A6FEA822E54A0B0586253650FFD8E1FBCEF16856319D6DDBD593F59F634F6C996E419AE647AF93CE7B5A141462C6D89A9F714ABEDF576D932D67D22AD0A6CC742436281361906DC291178A37F8A1FD07C5C6799C014FD9C533FA61B7F1438649F645ED9A7471F2689D1DE1CB5C53EC3669CA8A971556854BEDC04893A885A48D573240B5EB0E3DCD6A9DEA6889D2B660392F327B92E76DF74C863A6503192CDEEF1D35DA693B479C59D873A3EE508ED4D67E7D375A82D525AF313A155EBE588D8B58C896EC4B9AA6D89ECBD3B88BBC4249BA7E4A4E05372B9A1E99C85AB9D3CE6E576414729DC514898230D0E00730B4E7FDC836E0975BC406BBE2DBE76C7E0CF7F39256B3ECA04374EC5F8E45D1C1173BB31CB9AE5E36180BAEF5C0267B4A22C55034E3312F50B7C80F3C495C3695E9FCA56CE16D1B2C26D51DCAA74AA78627B0986461EC895644057D0A896ED53ADC3F9FD13F139B9F762C16A08E185EE352195F80DCF1924428DD20251"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\windows\system32\hasplms.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
.
**************************************************************************
.
Celkový čas: 2014-09-03 20:29:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-09-03 18:29
ComboFix2.txt 2014-09-03 09:00
.
Před spuštěním: Volných bajtů: 28 382 650 368
Po spuštění: Volných bajtů: 28 351 832 064
.
- - End Of File - - 55FBAC2FCD614201F0FB67C6CE69F97E
A36C5E4F47E84449FF07ED3517B43A31

[Rudy]

Ano, tak. Věřte, že už jsme tu pár nabouraných systémů řešili. Jinak smazáno, log je již OK. Nastala nějaká změna?

[kubak]

Jdu zase pracovat, tak uvidím. Ráno dám vědět.
Ještě jednou děkuju!

[Rudy]

Zatím není zač, budu tu až večer.