Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu RSIT
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu RSIT
Tak to se ještě nestalo. Jaká okna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu RSIT
Jedno okno bylo modré combofix a další dvě černá. Pořád se otevírala a zavírala. Přihlásil jsem se na admin účet a tam to po docela dlouhé době nakonec vyplivlo log.
ComboFix 16-01-24.01 - Valča 24.01.2016 22:01:25.1.2 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1250.420.1029.18.3819.2119 [GMT 1:00]
Spuštěný z: c:\users\Mamka\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\PFRO.log
c:\windows\SysWow64\DEBUG.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-12-25 do 2016-01-25 )))))))))))))))))))))))))))))))
.
.
2016-01-23 17:02 . 2016-01-23 17:09 -------- d-----w- C:\AdwCleaner
2016-01-23 06:43 . 2016-01-24 08:14 -------- d-----w- c:\program files\trend micro
2016-01-23 05:43 . 2015-11-25 11:02 11154520 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CDAB5470-5DA2-44BB-8C82-0988CF2A5CE0}\mpengine.dll
2016-01-19 19:05 . 2016-01-19 19:05 4499648 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2016-01-15 06:03 . 2016-01-16 06:20 -------- d-----w- c:\programdata\Package Cache
2016-01-13 07:04 . 2015-12-08 17:58 3211264 ----a-w- c:\windows\system32\win32k.sys
2016-01-13 07:03 . 2015-12-08 21:53 641536 ----a-w- c:\windows\SysWow64\advapi32.dll
2016-01-13 05:36 . 2016-01-13 05:36 386096 ----a-w- c:\windows\system32\aswBoot.exe
2016-01-13 05:36 . 2016-01-13 05:36 43112 ----a-w- c:\windows\avastSS.scr
2016-01-12 18:31 . 2016-01-13 05:27 -------- d-----w- c:\users\Valča\Doctor Web
2016-01-08 19:40 . 2016-01-08 19:40 -------- d-----w- c:\program files\CCleaner
2016-01-08 19:04 . 2015-10-05 08:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-01-08 19:04 . 2015-10-05 08:50 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-01-08 19:04 . 2016-01-08 19:04 -------- d-----w- c:\programdata\Malwarebytes
2016-01-08 19:04 . 2015-10-05 08:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-12-27 15:17 . 2015-12-27 15:17 -------- d-----w- c:\users\Mamka\AppData\Local\Apple Computer
2015-12-26 09:45 . 2016-01-17 16:12 -------- d-----w- c:\users\Valča\AppData\Local\Apple Inc
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-01-21 05:36 . 2014-09-15 16:51 1065208 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2016-01-21 05:36 . 2014-09-15 16:51 464256 ----a-w- c:\windows\system32\drivers\aswsp.sys
2016-01-19 19:05 . 2012-04-24 18:30 796864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-01-19 19:05 . 2012-04-24 18:30 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-01-15 06:20 . 2012-04-21 14:36 143671360 ----a-w- c:\windows\system32\MRT.exe
2016-01-13 05:37 . 2014-09-15 16:51 97648 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2016-01-13 05:36 . 2014-09-15 16:51 155304 ----a-w- c:\windows\system32\drivers\aswStm.sys
2016-01-13 05:36 . 2014-09-15 16:51 273784 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2016-01-13 05:36 . 2014-09-15 16:51 65224 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-01-13 05:36 . 2014-09-15 16:51 28656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-01-13 05:36 . 2014-09-15 16:51 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-12-30 19:01 . 2016-01-13 07:03 344064 ----a-w- c:\windows\system32\schannel.dll
2015-12-30 18:40 . 2016-01-13 07:03 251392 ----a-w- c:\windows\SysWow64\schannel.dll
2015-12-30 18:37 . 2016-01-13 07:03 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-12-08 19:07 . 2009-07-14 00:22 1393152 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2015-12-02 12:18 . 2010-11-21 03:27 301728 ------w- c:\windows\system32\MpSigStub.exe
2015-11-27 14:41 . 2012-07-17 13:37 24288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2015-11-20 18:54 . 2015-12-09 07:15 3170304 ----a-w- c:\windows\system32\wucltux.dll
2015-11-20 18:54 . 2015-12-09 07:15 2609152 ----a-w- c:\windows\system32\wuaueng.dll
2015-11-20 18:54 . 2015-12-09 07:15 98816 ----a-w- c:\windows\system32\wudriver.dll
2015-11-20 18:54 . 2015-12-09 07:15 37888 ----a-w- c:\windows\system32\wups2.dll
2015-11-20 18:54 . 2015-12-09 07:15 192512 ----a-w- c:\windows\system32\wuwebv.dll
2015-11-20 18:54 . 2015-12-09 07:15 36864 ----a-w- c:\windows\system32\wups.dll
2015-11-20 18:54 . 2015-12-09 07:15 709632 ----a-w- c:\windows\system32\wuapi.dll
2015-11-20 18:54 . 2015-12-09 07:15 91136 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-11-20 18:54 . 2015-12-09 07:15 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-11-20 18:54 . 2015-12-09 07:15 140288 ----a-w- c:\windows\system32\wuauclt.exe
2015-11-20 18:54 . 2015-12-09 07:15 37888 ----a-w- c:\windows\system32\wuapp.exe
2015-11-20 18:34 . 2015-12-09 07:15 93696 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-11-20 18:34 . 2015-12-09 07:15 174080 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-11-20 18:34 . 2015-12-09 07:15 30208 ----a-w- c:\windows\SysWow64\wups.dll
2015-11-20 18:34 . 2015-12-09 07:15 573440 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-11-20 18:33 . 2015-12-09 07:15 35328 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-11-11 18:53 . 2015-12-09 07:14 1735680 ----a-w- c:\windows\system32\comsvcs.dll
2015-11-11 18:53 . 2015-12-09 07:14 525312 ----a-w- c:\windows\system32\catsrvut.dll
2015-11-11 18:39 . 2015-12-09 07:14 1242624 ----a-w- c:\windows\SysWow64\comsvcs.dll
2015-11-11 18:39 . 2015-12-09 07:14 487936 ----a-w- c:\windows\SysWow64\catsrvut.dll
2015-11-10 18:55 . 2015-12-09 07:14 1648128 ----a-w- c:\windows\system32\DWrite.dll
2015-11-10 18:55 . 2015-12-09 07:14 1180160 ----a-w- c:\windows\system32\FntCache.dll
2015-11-10 18:55 . 2015-12-09 07:14 1008640 ----a-w- c:\windows\system32\user32.dll
2015-11-10 18:39 . 2015-12-09 07:14 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-11-10 18:37 . 2015-12-09 07:14 833024 ----a-w- c:\windows\SysWow64\user32.dll
2015-11-05 19:05 . 2015-12-09 07:14 17408 ----a-w- c:\windows\system32\wshrm.dll
2015-11-05 19:02 . 2015-12-09 07:14 14848 ----a-w- c:\windows\SysWow64\wshrm.dll
2015-11-05 19:02 . 2015-12-09 07:15 2048 ----a-w- c:\windows\system32\tzres.dll
2015-11-05 19:00 . 2015-12-09 07:15 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2015-11-05 09:53 . 2015-12-09 07:14 146944 ----a-w- c:\windows\system32\drivers\rmcast.sys
2015-11-03 19:04 . 2015-12-09 07:15 802304 ----a-w- c:\windows\system32\usp10.dll
2015-11-03 19:04 . 2015-12-09 07:11 241664 ----a-w- c:\windows\system32\els.dll
2015-11-03 18:56 . 2015-12-09 07:15 627712 ----a-w- c:\windows\SysWow64\usp10.dll
2015-11-03 18:55 . 2015-12-09 07:11 179712 ----a-w- c:\windows\SysWow64\els.dll
2015-10-29 17:50 . 2015-11-11 06:12 6656 ----a-w- c:\windows\system32\shimeng.dll
2015-10-29 17:50 . 2015-11-11 06:12 342016 ----a-w- c:\windows\system32\apphelp.dll
2015-10-29 17:50 . 2015-11-11 06:12 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2015-10-29 17:50 . 2015-11-11 06:12 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-10-29 17:50 . 2015-11-11 06:12 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2015-10-29 17:50 . 2015-11-11 06:12 72192 ----a-w- c:\windows\system32\aelupsvc.dll
2015-10-29 17:50 . 2015-11-11 06:12 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-10-29 17:50 . 2015-11-11 06:12 5120 ----a-w- c:\windows\SysWow64\shimeng.dll
2015-10-29 17:50 . 2015-11-11 06:12 23552 ----a-w- c:\windows\system32\sdbinst.exe
2015-10-29 17:49 . 2015-11-11 06:12 295936 ----a-w- c:\windows\SysWow64\apphelp.dll
2015-10-29 17:49 . 2015-11-11 06:12 562176 ----a-w- c:\windows\apppatch\AcLayers.dll
2015-10-29 17:49 . 2015-11-11 06:12 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-10-29 17:49 . 2015-11-11 06:12 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-10-29 17:49 . 2015-11-11 06:12 211968 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2015-10-29 17:49 . 2015-11-11 06:12 20992 ----a-w- c:\windows\SysWow64\sdbinst.exe
2015-10-29 17:39 . 2015-11-11 06:12 2560 ----a-w- c:\windows\apppatch\AcRes.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-11-27 14:32 223432 ----a-w- c:\users\Valča\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-11-27 14:32 223432 ----a-w- c:\users\Valča\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-11-27 14:32 223432 ----a-w- c:\users\Valča\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_DD4F918F109122146B27F9FBB40C7B24"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2016-01-12 748360]
"cz.seznam.software.autoupdate"="c:\users\Valča\AppData\Roaming\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
"cz.seznam.software.szndesktop"="c:\users\Valča\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" [2015-05-26 103080]
"WebcamMaxAutoRun"="c:\program files (x86)\WebcamMax\wcmmon.exe" [2011-07-17 1038848]
"Zoner Photo Studio Autoupdate"="c:\program files\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE" [2013-09-16 800280]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-11-30 50509440]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2015-11-30 60688]
"iCloudPhotos"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe" [2015-11-30 349968]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-12-08 8590760]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2015-11-30 61200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]
"seznam-listicka-distribuce"="c:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-01-13 7021880]
.
c:\users\Valča\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Valča\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-3-19 32667896]
Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2015-10-13 246472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi7"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam64.sys;c:\windows\SYSNATIVE\DRIVERS\wcmvcam64.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-01-15 05:49 1006920 ----a-w- c:\program files (x86)\Google\Chrome\Application\47.0.2526.111\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2016-01-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 19:05]
.
2016-01-23 c:\windows\Tasks\Norton Security Scan for Valča.job
- c:\progra~2\NORTON~2\Engine\430~1.43\Nss.exe [2015-09-10 07:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-11-27 14:33 262344 ----a-w- c:\users\Valča\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-11-27 14:33 262344 ----a-w- c:\users\Valča\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-11-27 14:33 262344 ----a-w- c:\users\Valča\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-01-13 05:36 873304 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-12-17 170256]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.seznam.cz/?clid=22668
mStart Page = https://www.seznam.cz/?clid=22668
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
mSearch Bar = https://www.seznam.cz/?clid=22668
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{445395C6-054D-4288-AB24-31F58281FF7C}: NameServer = 62.129.50.20,62.129.32.100
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-Zoner Photo Studio Service 16 - c:\program files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXEc:\program files\Zoner\Photo Studio 16\Program32\ZPSService.exe
Wow6432Node-HKCU-Run-GSplay.exe - c:\users\Val%c4%8da\Downloads\GSplay\GSplay.exe
Wow6432Node-HKU-Default-Run-Advanced SystemCare 6 - c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
Wow6432Node-HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Audacity_is1 - c:\program files (x86)\Audacity\unins000.exe
AddRemove-{87082377-0F79-41FD-BB99-9C12DF782262} - c:\users\Valča\AppData\Local\TNT2\2.0.0.1534\TNT2User.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_286_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_286_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_286_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_286_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.20"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\users\Mamka\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
**************************************************************************
.
Celkový čas: 2016-01-25 20:18:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-01-25 19:18
.
Před spuštěním: 3 452 575 744
Po spuštění: 2 828 374 016
.
- - End Of File - - E8151EA703B89FD153532D54611E084D
A36C5E4F47E84449FF07ED3517B43A31
ComboFix 16-01-24.01 - Valča 24.01.2016 22:01:25.1.2 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1250.420.1029.18.3819.2119 [GMT 1:00]
Spuštěný z: c:\users\Mamka\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\PFRO.log
c:\windows\SysWow64\DEBUG.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-12-25 do 2016-01-25 )))))))))))))))))))))))))))))))
.
.
2016-01-23 17:02 . 2016-01-23 17:09 -------- d-----w- C:\AdwCleaner
2016-01-23 06:43 . 2016-01-24 08:14 -------- d-----w- c:\program files\trend micro
2016-01-23 05:43 . 2015-11-25 11:02 11154520 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CDAB5470-5DA2-44BB-8C82-0988CF2A5CE0}\mpengine.dll
2016-01-19 19:05 . 2016-01-19 19:05 4499648 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2016-01-15 06:03 . 2016-01-16 06:20 -------- d-----w- c:\programdata\Package Cache
2016-01-13 07:04 . 2015-12-08 17:58 3211264 ----a-w- c:\windows\system32\win32k.sys
2016-01-13 07:03 . 2015-12-08 21:53 641536 ----a-w- c:\windows\SysWow64\advapi32.dll
2016-01-13 05:36 . 2016-01-13 05:36 386096 ----a-w- c:\windows\system32\aswBoot.exe
2016-01-13 05:36 . 2016-01-13 05:36 43112 ----a-w- c:\windows\avastSS.scr
2016-01-12 18:31 . 2016-01-13 05:27 -------- d-----w- c:\users\Valča\Doctor Web
2016-01-08 19:40 . 2016-01-08 19:40 -------- d-----w- c:\program files\CCleaner
2016-01-08 19:04 . 2015-10-05 08:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-01-08 19:04 . 2015-10-05 08:50 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-01-08 19:04 . 2016-01-08 19:04 -------- d-----w- c:\programdata\Malwarebytes
2016-01-08 19:04 . 2015-10-05 08:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-12-27 15:17 . 2015-12-27 15:17 -------- d-----w- c:\users\Mamka\AppData\Local\Apple Computer
2015-12-26 09:45 . 2016-01-17 16:12 -------- d-----w- c:\users\Valča\AppData\Local\Apple Inc
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-01-21 05:36 . 2014-09-15 16:51 1065208 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2016-01-21 05:36 . 2014-09-15 16:51 464256 ----a-w- c:\windows\system32\drivers\aswsp.sys
2016-01-19 19:05 . 2012-04-24 18:30 796864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-01-19 19:05 . 2012-04-24 18:30 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-01-15 06:20 . 2012-04-21 14:36 143671360 ----a-w- c:\windows\system32\MRT.exe
2016-01-13 05:37 . 2014-09-15 16:51 97648 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2016-01-13 05:36 . 2014-09-15 16:51 155304 ----a-w- c:\windows\system32\drivers\aswStm.sys
2016-01-13 05:36 . 2014-09-15 16:51 273784 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2016-01-13 05:36 . 2014-09-15 16:51 65224 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-01-13 05:36 . 2014-09-15 16:51 28656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-01-13 05:36 . 2014-09-15 16:51 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-12-30 19:01 . 2016-01-13 07:03 344064 ----a-w- c:\windows\system32\schannel.dll
2015-12-30 18:40 . 2016-01-13 07:03 251392 ----a-w- c:\windows\SysWow64\schannel.dll
2015-12-30 18:37 . 2016-01-13 07:03 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-12-08 19:07 . 2009-07-14 00:22 1393152 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2015-12-02 12:18 . 2010-11-21 03:27 301728 ------w- c:\windows\system32\MpSigStub.exe
2015-11-27 14:41 . 2012-07-17 13:37 24288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2015-11-20 18:54 . 2015-12-09 07:15 3170304 ----a-w- c:\windows\system32\wucltux.dll
2015-11-20 18:54 . 2015-12-09 07:15 2609152 ----a-w- c:\windows\system32\wuaueng.dll
2015-11-20 18:54 . 2015-12-09 07:15 98816 ----a-w- c:\windows\system32\wudriver.dll
2015-11-20 18:54 . 2015-12-09 07:15 37888 ----a-w- c:\windows\system32\wups2.dll
2015-11-20 18:54 . 2015-12-09 07:15 192512 ----a-w- c:\windows\system32\wuwebv.dll
2015-11-20 18:54 . 2015-12-09 07:15 36864 ----a-w- c:\windows\system32\wups.dll
2015-11-20 18:54 . 2015-12-09 07:15 709632 ----a-w- c:\windows\system32\wuapi.dll
2015-11-20 18:54 . 2015-12-09 07:15 91136 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-11-20 18:54 . 2015-12-09 07:15 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-11-20 18:54 . 2015-12-09 07:15 140288 ----a-w- c:\windows\system32\wuauclt.exe
2015-11-20 18:54 . 2015-12-09 07:15 37888 ----a-w- c:\windows\system32\wuapp.exe
2015-11-20 18:34 . 2015-12-09 07:15 93696 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-11-20 18:34 . 2015-12-09 07:15 174080 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-11-20 18:34 . 2015-12-09 07:15 30208 ----a-w- c:\windows\SysWow64\wups.dll
2015-11-20 18:34 . 2015-12-09 07:15 573440 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-11-20 18:33 . 2015-12-09 07:15 35328 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-11-11 18:53 . 2015-12-09 07:14 1735680 ----a-w- c:\windows\system32\comsvcs.dll
2015-11-11 18:53 . 2015-12-09 07:14 525312 ----a-w- c:\windows\system32\catsrvut.dll
2015-11-11 18:39 . 2015-12-09 07:14 1242624 ----a-w- c:\windows\SysWow64\comsvcs.dll
2015-11-11 18:39 . 2015-12-09 07:14 487936 ----a-w- c:\windows\SysWow64\catsrvut.dll
2015-11-10 18:55 . 2015-12-09 07:14 1648128 ----a-w- c:\windows\system32\DWrite.dll
2015-11-10 18:55 . 2015-12-09 07:14 1180160 ----a-w- c:\windows\system32\FntCache.dll
2015-11-10 18:55 . 2015-12-09 07:14 1008640 ----a-w- c:\windows\system32\user32.dll
2015-11-10 18:39 . 2015-12-09 07:14 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-11-10 18:37 . 2015-12-09 07:14 833024 ----a-w- c:\windows\SysWow64\user32.dll
2015-11-05 19:05 . 2015-12-09 07:14 17408 ----a-w- c:\windows\system32\wshrm.dll
2015-11-05 19:02 . 2015-12-09 07:14 14848 ----a-w- c:\windows\SysWow64\wshrm.dll
2015-11-05 19:02 . 2015-12-09 07:15 2048 ----a-w- c:\windows\system32\tzres.dll
2015-11-05 19:00 . 2015-12-09 07:15 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2015-11-05 09:53 . 2015-12-09 07:14 146944 ----a-w- c:\windows\system32\drivers\rmcast.sys
2015-11-03 19:04 . 2015-12-09 07:15 802304 ----a-w- c:\windows\system32\usp10.dll
2015-11-03 19:04 . 2015-12-09 07:11 241664 ----a-w- c:\windows\system32\els.dll
2015-11-03 18:56 . 2015-12-09 07:15 627712 ----a-w- c:\windows\SysWow64\usp10.dll
2015-11-03 18:55 . 2015-12-09 07:11 179712 ----a-w- c:\windows\SysWow64\els.dll
2015-10-29 17:50 . 2015-11-11 06:12 6656 ----a-w- c:\windows\system32\shimeng.dll
2015-10-29 17:50 . 2015-11-11 06:12 342016 ----a-w- c:\windows\system32\apphelp.dll
2015-10-29 17:50 . 2015-11-11 06:12 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2015-10-29 17:50 . 2015-11-11 06:12 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-10-29 17:50 . 2015-11-11 06:12 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2015-10-29 17:50 . 2015-11-11 06:12 72192 ----a-w- c:\windows\system32\aelupsvc.dll
2015-10-29 17:50 . 2015-11-11 06:12 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-10-29 17:50 . 2015-11-11 06:12 5120 ----a-w- c:\windows\SysWow64\shimeng.dll
2015-10-29 17:50 . 2015-11-11 06:12 23552 ----a-w- c:\windows\system32\sdbinst.exe
2015-10-29 17:49 . 2015-11-11 06:12 295936 ----a-w- c:\windows\SysWow64\apphelp.dll
2015-10-29 17:49 . 2015-11-11 06:12 562176 ----a-w- c:\windows\apppatch\AcLayers.dll
2015-10-29 17:49 . 2015-11-11 06:12 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-10-29 17:49 . 2015-11-11 06:12 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-10-29 17:49 . 2015-11-11 06:12 211968 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2015-10-29 17:49 . 2015-11-11 06:12 20992 ----a-w- c:\windows\SysWow64\sdbinst.exe
2015-10-29 17:39 . 2015-11-11 06:12 2560 ----a-w- c:\windows\apppatch\AcRes.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-11-27 14:32 223432 ----a-w- c:\users\Valča\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-11-27 14:32 223432 ----a-w- c:\users\Valča\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-11-27 14:32 223432 ----a-w- c:\users\Valča\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_DD4F918F109122146B27F9FBB40C7B24"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2016-01-12 748360]
"cz.seznam.software.autoupdate"="c:\users\Valča\AppData\Roaming\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
"cz.seznam.software.szndesktop"="c:\users\Valča\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" [2015-05-26 103080]
"WebcamMaxAutoRun"="c:\program files (x86)\WebcamMax\wcmmon.exe" [2011-07-17 1038848]
"Zoner Photo Studio Autoupdate"="c:\program files\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE" [2013-09-16 800280]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-11-30 50509440]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2015-11-30 60688]
"iCloudPhotos"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe" [2015-11-30 349968]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-12-08 8590760]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2015-11-30 61200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]
"seznam-listicka-distribuce"="c:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-01-13 7021880]
.
c:\users\Valča\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Valča\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-3-19 32667896]
Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2015-10-13 246472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi7"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam64.sys;c:\windows\SYSNATIVE\DRIVERS\wcmvcam64.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-01-15 05:49 1006920 ----a-w- c:\program files (x86)\Google\Chrome\Application\47.0.2526.111\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2016-01-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 19:05]
.
2016-01-23 c:\windows\Tasks\Norton Security Scan for Valča.job
- c:\progra~2\NORTON~2\Engine\430~1.43\Nss.exe [2015-09-10 07:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-11-27 14:33 262344 ----a-w- c:\users\Valča\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-11-27 14:33 262344 ----a-w- c:\users\Valča\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-11-27 14:33 262344 ----a-w- c:\users\Valča\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-01-13 05:36 873304 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-12-17 170256]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.seznam.cz/?clid=22668
mStart Page = https://www.seznam.cz/?clid=22668
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
mSearch Bar = https://www.seznam.cz/?clid=22668
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{445395C6-054D-4288-AB24-31F58281FF7C}: NameServer = 62.129.50.20,62.129.32.100
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-Zoner Photo Studio Service 16 - c:\program files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXEc:\program files\Zoner\Photo Studio 16\Program32\ZPSService.exe
Wow6432Node-HKCU-Run-GSplay.exe - c:\users\Val%c4%8da\Downloads\GSplay\GSplay.exe
Wow6432Node-HKU-Default-Run-Advanced SystemCare 6 - c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
Wow6432Node-HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Audacity_is1 - c:\program files (x86)\Audacity\unins000.exe
AddRemove-{87082377-0F79-41FD-BB99-9C12DF782262} - c:\users\Valča\AppData\Local\TNT2\2.0.0.1534\TNT2User.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_286_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_286_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_286_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_286_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.20"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\users\Mamka\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
**************************************************************************
.
Celkový čas: 2016-01-25 20:18:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-01-25 19:18
.
Před spuštěním: 3 452 575 744
Po spuštění: 2 828 374 016
.
- - End Of File - - E8151EA703B89FD153532D54611E084D
A36C5E4F47E84449FF07ED3517B43A31
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu RSIT
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
Reboot::
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?