VIRY.CZ

Spusťte tedy toto:

Stáhněte Malwarebytes Anti-Rootkit http://www.malwarebytes.org/products/mbar/

Uložte nejlépe na Plochu a rozbalte
Spusťte kliknutím na mbar
Nyní postupně klikněte na Next a Update
Po dokončení update (aktualizace) databáze klikněte opět na Next
Nechte zaškrtnute všechny tři možnosti a kliněte na Scan čímž spustíte prohledavani PC
Po dokončeni skenu (cca 5 minutek) zkontrolujte, zda-li je u všech nalezů (samozrejme pokud budou) zatržítko
Tež zkontrolujte, jestli je zatržitko u Create Restore point
Nyní klikněte na CleanUp čímž nalezenou infekci odstraníme
PC bude restartován
Složka mbar by měla obsahovat log (a zřejmě se i sám otevře) mbar-log-rok-měsíc-den (hodina-minuta-sekunda).txt, ten mi sem dejte.

Nechtělo se mi to nejdříve spustit, tak jsem musel odinstalovat ten anti-malware, který jsme instalovali pár kroků zpět a po provedení skenu to nic nenašlo...

Malwarebytes Anti-Rootkit BETA 1.08.3.1004



main: v0000.00.00.00
rootkit: v0000.00.00.00

Windows 7 Service Pack 1 x64 NTFS
11.0.9600.17501
Marek :: MAREK-PC

1.2.2015 15:34:16
mbar-log-2015-02-01 (15-34-16).txt




2684
1 , 53

0


0


0


0


0


0


0


0

a ještě vlastně když jsem to pouštěl poprvé, tak mi tam naskočila nějaká hláška, že tam možná je nějaký rootkit a jestli to má rovnou odstranit, nebo něco takového. Bez toho, abych dal ok, tak mě to nepustilo dál... Doufám, že jsem neudělal nic blbě, když jsem dal ok.

Stáhněte, rozbalte a spusťte Avenger: http://swandog46.geekstogo.com/avenger2/avenger.zip a do bílého okna zkopírujte:

Files to delete:
C:\Windows\util\numlock.exe
C:\Windows\Installer\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}\NewShortcut2_C40B08E982EB4577A9E0A3E77F8FD97E.exe
C:\Windows\Installer\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}\NewShortcut1_F786A42112584B209F0A451D45676774.exe
C:\Windows\Installer\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}\ARPPRODUCTICON.exe
C:\Windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\Configlcon.dll

a klikněte na >Execute<. Restartujte PC.

Hotovo

Tím by mělo být čisto.

Pořád to tam je Nemůže to být nějaký "planý poplach"? Zkusil jsem provést jak hloubkový test, tak potom i test před spuštěním PC a teď ještě jednou a je to tam pořád, ty stejné...

Dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

Tak jsem to zkoušel včera a dostalo se to k dokončení fáze č. 32 a tam to zůstalo celou noc. Teď jsem to zkoušel a dopadlo to stejně - nechal jsem to hodinu. Antivir jsem měl vypnutý a i jsem po jeho vypnutí restaroval pc a pak až spustil Combofix...

Zkuste to v nouz. režimu.

Tam mě to nepustí, jelikož tam nedokážu vypnout ani odinstalovat antivirák - je tam pořád nainstalován Mcafee, ten jsem v normálním režimu odinstaloval hned po prvním spuštění pc, to nechápu.

Zkuste to tedy bez vypnutí AV. Jinou možnost nemáme.

Tak se povedlo. Trvalo to do deseti minut Akorát tam teda byl ten AV...

ComboFix 15-02-02.01 - Marek 04.02.2015 17:57:02.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3998.3301 [GMT 1:00]
Spuštěný z: c:\users\Marek\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
ADS - Windows: deleted 0 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
c:\syspart\Default\Program Files\Lenovo\Lenovo Solution Center\Microsoft Fix it\FixitUi\_desktop.ini
c:\users\Public\AlexaNSISPlugin.5884.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-01-04 do 2015-02-04 )))))))))))))))))))))))))))))))
.
.
2015-02-04 17:02 . 2015-02-04 17:02 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-02-04 17:02 . 2015-02-04 17:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-03 20:17 . 2015-02-03 20:17 -------- d-----w- c:\programdata\McAfee
2015-02-03 19:49 . 2015-02-03 19:49 -------- d-----w- c:\users\Marek\AppData\Local\ElevatedDiagnostics
2015-01-31 20:55 . 2015-01-31 20:55 -------- d-----w- c:\users\Marek\AppData\Local\Google
2015-01-31 09:08 . 2015-01-31 09:08 267632 ----a-w- c:\windows\system32\drivers\ASWVMM.sys
2015-01-31 09:08 . 2015-01-31 09:08 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-01-31 09:08 . 2015-01-31 09:08 65776 ----a-w- c:\windows\system32\drivers\ASWRVRT.sys
2015-01-31 09:08 . 2015-01-31 09:08 436624 ----a-w- c:\windows\system32\drivers\ASWSP.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-31 09:08 . 1601-01-01 00:14 1050432 ----a-w- c:\windows\system32\drivers\ASWSNX.sys
2015-01-06 03:36 . 1601-01-01 00:14 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-12-13 05:09 . 2014-12-18 15:39 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2014-12-18 15:39 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-12-08 16:04 . 1601-01-01 00:14 7717984 ----a-w- c:\windows\system32\drivers\KL1.sys
2014-12-08 16:04 . 1601-01-01 00:14 54368 ------w- c:\windows\system32\drivers\KLTDI.sys
2014-12-08 16:04 . 1601-01-01 00:14 178448 ------w- c:\windows\system32\drivers\KNEPS.sys
2014-12-08 16:04 . 1601-01-01 00:14 28504 ----a-w- c:\windows\system32\drivers\KLIM6.sys
2014-12-08 16:03 . 1601-01-01 00:14 84536 ------w- c:\windows\system32\drivers\CSCRYSEC.sys
2014-12-08 16:03 . 1601-01-01 00:14 66616 ------w- c:\windows\system32\drivers\CSVIRTUALDISKDRV.sys
2014-12-08 16:02 . 1601-01-01 00:14 626272 ----a-w- c:\windows\system32\drivers\KLIF.sys
2014-12-04 02:50 . 2014-12-10 17:25 413184 ----a-w- c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-10 17:25 741376 ----a-w- c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-10 17:25 396800 ----a-w- c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-10 17:25 830976 ----a-w- c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-10 17:25 192000 ----a-w- c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-10 17:24 227328 ----a-w- c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-10 17:25 1083392 ----a-w- c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-10 17:25 1232040 ----a-w- c:\windows\system32\aitstatic.exe
2014-11-29 15:19 . 1601-01-01 00:14 593112 ----a-r- c:\windows\system32\drivers\N360x64\1505000.013\SYMNETS.SYS
2014-11-29 15:19 . 1601-01-01 00:14 493656 ----a-r- c:\windows\system32\drivers\N360x64\1505000.013\SYMDS64.SYS
2014-11-29 15:19 . 1601-01-01 00:14 36952 ----a-r- c:\windows\system32\drivers\N360x64\1505000.013\SRTSPX64.SYS
2014-11-29 15:19 . 1601-01-01 00:14 1148120 ----a-r- c:\windows\system32\drivers\N360x64\1505000.013\SYMEFA64.SYS
2014-11-29 15:19 . 1601-01-01 00:14 264280 ----a-r- c:\windows\system32\drivers\N360x64\1505000.013\Ironx64.SYS
2014-11-29 15:19 . 1601-01-01 00:14 162392 ----a-r- c:\windows\system32\drivers\N360x64\1505000.013\ccSetx64.sys
2014-11-29 14:49 . 2014-11-29 14:49 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-11-29 14:48 . 2014-11-29 14:48 942592 ----a-w- c:\windows\system32\jsIntl.dll
2014-11-29 14:48 . 2014-11-29 14:48 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-11-29 14:48 . 2014-11-29 14:48 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-11-29 14:48 . 2014-11-29 14:48 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-11-29 14:48 . 2014-11-29 14:48 81408 ----a-w- c:\windows\system32\icardie.dll
2014-11-29 14:48 . 2014-11-29 14:48 774144 ----a-w- c:\windows\system32\jscript.dll
2014-11-29 14:48 . 2014-11-29 14:48 77312 ----a-w- c:\windows\system32\tdc.ocx
2014-11-29 14:48 . 2014-11-29 14:48 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-11-29 14:48 . 2014-11-29 14:48 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-11-29 14:48 . 2014-11-29 14:48 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2014-11-29 14:48 . 2014-11-29 14:48 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-11-29 14:48 . 2014-11-29 14:48 62464 ----a-w- c:\windows\system32\pngfilt.dll
2014-11-29 14:48 . 2014-11-29 14:48 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2014-11-29 14:48 . 2014-11-29 14:48 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-11-29 14:48 . 2014-11-29 14:48 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-11-29 14:48 . 2014-11-29 14:48 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-11-29 14:48 . 2014-11-29 14:48 48128 ----a-w- c:\windows\system32\imgutil.dll
2014-11-29 14:48 . 2014-11-29 14:48 413696 ----a-w- c:\windows\system32\html.iec
2014-11-29 14:48 . 2014-11-29 14:48 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-11-29 14:48 . 2014-11-29 14:48 337408 ----a-w- c:\windows\SysWow64\html.iec
2014-11-29 14:48 . 2014-11-29 14:48 30208 ----a-w- c:\windows\system32\licmgr10.dll
2014-11-29 14:48 . 2014-11-29 14:48 247808 ----a-w- c:\windows\system32\msls31.dll
2014-11-29 14:48 . 2014-11-29 14:48 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-11-29 14:48 . 2014-11-29 14:48 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-11-29 14:48 . 2014-11-29 14:48 235520 ----a-w- c:\windows\system32\url.dll
2014-11-29 14:48 . 2014-11-29 14:48 235008 ----a-w- c:\windows\system32\elshyph.dll
2014-11-29 14:48 . 2014-11-29 14:48 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2014-11-29 14:48 . 2014-11-29 14:48 167424 ----a-w- c:\windows\system32\iexpress.exe
2014-11-29 14:48 . 2014-11-29 14:48 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2014-11-29 14:48 . 2014-11-29 14:48 147968 ----a-w- c:\windows\system32\occache.dll
2014-11-29 14:48 . 2014-11-29 14:48 143872 ----a-w- c:\windows\system32\wextract.exe
2014-11-29 14:48 . 2014-11-29 14:48 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2014-11-29 14:48 . 2014-11-29 14:48 13824 ----a-w- c:\windows\system32\mshta.exe
2014-11-29 14:48 . 2014-11-29 14:48 135680 ----a-w- c:\windows\system32\iepeers.dll
2014-11-29 14:48 . 2014-11-29 14:48 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2014-11-29 14:48 . 2014-11-29 14:48 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2014-11-29 14:48 . 2014-11-29 14:48 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-11-29 14:48 . 2014-11-29 14:48 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2014-11-29 14:48 . 2014-11-29 14:48 105984 ----a-w- c:\windows\system32\iesysprep.dll
2014-11-29 14:48 . 2014-11-29 14:48 101376 ----a-w- c:\windows\system32\inseng.dll
2014-11-29 14:47 . 2014-11-29 14:47 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-11-29 14:47 . 2014-11-29 14:47 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-11-29 14:47 . 2014-11-29 14:47 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2014-11-29 14:47 . 2014-11-29 14:47 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2014-11-29 14:47 . 2014-11-29 14:47 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-11-29 14:47 . 2014-11-29 14:47 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-11-29 14:47 . 2014-11-29 14:47 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-11-29 14:47 . 2014-11-29 14:47 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-11-29 14:47 . 2014-11-29 14:47 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2014-11-29 14:47 . 2014-11-29 14:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-11-29 14:47 . 2014-11-29 14:47 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-11-29 14:47 . 2014-11-29 14:47 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2014-11-29 14:47 . 2014-11-29 14:47 363008 ----a-w- c:\windows\system32\dxgi.dll
2014-11-29 14:47 . 2014-11-29 14:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-11-29 14:47 . 2014-11-29 14:47 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-11-29 14:47 . 2014-11-29 14:47 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2014-11-29 14:47 . 2014-11-29 14:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2014-11-29 14:47 . 2014-11-29 14:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-11-29 14:47 . 2014-11-29 14:47 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-11-29 14:47 . 2014-11-29 14:47 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-11-29 14:47 . 2014-11-29 14:47 296960 ----a-w- c:\windows\system32\d3d10core.dll
2014-11-29 14:47 . 2014-11-29 14:47 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2014-11-29 14:47 . 2014-11-29 14:47 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-11-29 14:47 . 2014-11-29 14:47 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-11-29 14:47 . 2014-11-29 14:47 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2014-11-29 14:47 . 2014-11-29 14:47 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2014-11-29 14:47 . 2014-11-29 14:47 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2014-11-29 14:47 . 2014-11-29 14:47 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2014-11-29 14:47 . 2014-11-29 14:47 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2014-11-29 14:47 . 2014-11-29 14:47 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2014-11-29 14:47 . 2014-11-29 14:47 1643520 ----a-w- c:\windows\system32\DWrite.dll
2014-11-29 14:47 . 2014-11-29 14:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2014-11-29 14:47 . 2014-11-29 14:47 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2014-11-29 14:47 . 2014-11-29 14:47 1238528 ----a-w- c:\windows\system32\d3d10.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2012-09-07 11:37 433648 ----a-w- c:\programdata\Partner\Partner.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-21 291648]
"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2011-12-21 507744]
"332BigDog"="c:\program files (x86)\USB Camera2\VM332_STI.EXE" [2011-12-09 548864]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-23 1675160]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2012-01-26 4351712]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-29 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-29 228448]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2012-09-07 329056]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"LockKey"="c:\program files (x86)\LockKey\LockKey.exe" [2011-08-26 337776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"OTM"="c:\users\Marek\Downloads\OTM.exe" [2015-01-31 522240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2012-2-2 1380128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\Lenovo\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 aswRvrt;avast! Revert; [x]
R0 aswVmm;avast! VM Monitor; [x]
R0 ngfiapdl;ngfiapdl;c:\windows\system32\drivers\kwmslird.sys;c:\windows\SYSNATIVE\drivers\kwmslird.sys [x]
R0 ntehzgf;ntehzgf;c:\windows\system32\drivers\bbvpybjp.sys;c:\windows\SYSNATIVE\drivers\bbvpybjp.sys [x]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
R1 DamageGuard;DamageGuard;c:\windows\system32\DRIVERS\DamageGuardX64.sys;c:\windows\SYSNATIVE\DRIVERS\DamageGuardX64.sys [x]
R1 dgFltr;dgFltr;c:\windows\system32\drivers\dgFltrX64.sys;c:\windows\SYSNATIVE\drivers\dgFltrX64.sys [x]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
R2 DamageGuardSvc;Lenovo Instant Reset Service;c:\program files\Lenovo\Instant Reset\DamageGuardSvc.exe;c:\program files\Lenovo\Instant Reset\DamageGuardSvc.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 LSCWinService;LSCWinService;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 vm332avs;Lenovo Camera2;c:\windows\system32\Drivers\vm332avs.sys;c:\windows\SYSNATIVE\Drivers\vm332avs.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-11-22 16:08 1087304 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.65\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2012-09-07 11:37 750064 ----a-w- c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2012-09-07 11:37 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-06-07 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-06-07 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-06-07 440128]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-12-15 564352]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-09-07 8079408]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-09-07 6202416]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2012-09-07 206176]
"OneKeyReminder"="c:\program files\Lenovo\OneKey App\OneKey Recovery\OneKey Reminder.exe" [2012-01-12 537896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"OneKeyReminder"="c:\program files\Lenovo\OneKey App\OneKey Recovery\OneKey Reminder.exe" [2012-01-12 537896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=KMOH&bmod=KMOH
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{008f6853-9cb4-41c5-a950-39d55e5e06ba} - c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
BHO-{F443A627-5009-4323-9C1D-7FD598D0D712} - c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
Toolbar-Locked - (no file)
Toolbar-{EA582743-9076-4178-9AA6-7393FDF4D5CE} - c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-02-04 18:04:31
ComboFix-quarantined-files.txt 2015-02-04 17:04
.
Před spuštěním: Volných bajtů: 517 762 785 280
Po spuštění: Volných bajtů: 517 481 914 368
.
- - End Of File - - 55BFA5A220C287DF8A4C3270E06FB520

Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

File::
C:\Windows\util\numlock.exe
C:\Windows\Installer\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}\NewShortcut2_C40B08E982EB4577A9E0A3E77F8FD97E.exe
C:\Windows\Installer\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}\NewShortcut1_F786A42112584B209F0A451D45676774.exe
C:\Windows\Installer\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}\ARPPRODUCTICON.exe
C:\Windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\Configlcon.dll

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix pusťte. CF se spustí vykoná příkazy ze skriptu.

opět v nouzovém režimu...

ComboFix 15-02-02.01 - Marek 04.02.2015 20:08:36.2.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3998.3405 [GMT 1:00]
Spuštěný z: c:\users\Marek\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Marek\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\Configlcon.dll"
"c:\windows\Installer\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}\ARPPRODUCTICON.exe"
"c:\windows\Installer\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}\NewShortcut1_F786A42112584B209F0A451D45676774.exe"
"c:\windows\Installer\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}\NewShortcut2_C40B08E982EB4577A9E0A3E77F8FD97E.exe"
"c:\windows\util\numlock.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
c:\windows\Installer\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}\ARPPRODUCTICON.exe
c:\windows\Installer\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}\NewShortcut1_F786A42112584B209F0A451D45676774.exe
c:\windows\Installer\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}\NewShortcut2_C40B08E982EB4577A9E0A3E77F8FD97E.exe
c:\windows\util\numlock.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-01-04 do 2015-02-04 )))))))))))))))))))))))))))))))
.
.
2015-02-04 19:12 . 2015-02-04 19:12 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-02-04 19:12 . 2015-02-04 19:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-03 20:17 . 2015-02-03 20:17 -------- d-----w- c:\programdata\McAfee
2015-02-03 19:49 . 2015-02-03 19:49 -------- d-----w- c:\users\Marek\AppData\Local\ElevatedDiagnostics
2015-01-31 20:55 . 2015-01-31 20:55 -------- d-----w- c:\users\Marek\AppData\Local\Google
2015-01-31 09:08 . 2015-01-31 09:08 267632 ----a-w- c:\windows\system32\drivers\ASWVMM.sys
2015-01-31 09:08 . 2015-01-31 09:08 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-01-31 09:08 . 2015-01-31 09:08 65776 ----a-w- c:\windows\system32\drivers\ASWRVRT.sys
2015-01-31 09:08 . 2015-01-31 09:08 436624 ----a-w- c:\windows\system32\drivers\ASWSP.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-31 09:08 . 1601-01-01 00:14 1050432 ----a-w- c:\windows\system32\drivers\ASWSNX.sys
2015-01-06 03:36 . 1601-01-01 00:14 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-12-13 05:09 . 2014-12-18 15:39 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2014-12-18 15:39 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-12-08 16:04 . 1601-01-01 00:14 7717984 ----a-w- c:\windows\system32\drivers\KL1.sys
2014-12-08 16:04 . 1601-01-01 00:14 54368 ------w- c:\windows\system32\drivers\KLTDI.sys
2014-12-08 16:04 . 1601-01-01 00:14 178448 ------w- c:\windows\system32\drivers\KNEPS.sys
2014-12-08 16:04 . 1601-01-01 00:14 28504 ----a-w- c:\windows\system32\drivers\KLIM6.sys
2014-12-08 16:03 . 1601-01-01 00:14 84536 ------w- c:\windows\system32\drivers\CSCRYSEC.sys
2014-12-08 16:03 . 1601-01-01 00:14 66616 ------w- c:\windows\system32\drivers\CSVIRTUALDISKDRV.sys
2014-12-08 16:02 . 1601-01-01 00:14 626272 ----a-w- c:\windows\system32\drivers\KLIF.sys
2014-12-04 02:50 . 2014-12-10 17:25 413184 ----a-w- c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-10 17:25 741376 ----a-w- c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-10 17:25 396800 ----a-w- c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-10 17:25 830976 ----a-w- c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-10 17:25 192000 ----a-w- c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-10 17:24 227328 ----a-w- c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-10 17:25 1083392 ----a-w- c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-10 17:25 1232040 ----a-w- c:\windows\system32\aitstatic.exe
2014-11-29 15:19 . 1601-01-01 00:14 593112 ----a-r- c:\windows\system32\drivers\N360x64\1505000.013\SYMNETS.SYS
2014-11-29 15:19 . 1601-01-01 00:14 493656 ----a-r- c:\windows\system32\drivers\N360x64\1505000.013\SYMDS64.SYS
2014-11-29 15:19 . 1601-01-01 00:14 36952 ----a-r- c:\windows\system32\drivers\N360x64\1505000.013\SRTSPX64.SYS
2014-11-29 15:19 . 1601-01-01 00:14 1148120 ----a-r- c:\windows\system32\drivers\N360x64\1505000.013\SYMEFA64.SYS
2014-11-29 15:19 . 1601-01-01 00:14 264280 ----a-r- c:\windows\system32\drivers\N360x64\1505000.013\Ironx64.SYS
2014-11-29 15:19 . 1601-01-01 00:14 162392 ----a-r- c:\windows\system32\drivers\N360x64\1505000.013\ccSetx64.sys
2014-11-29 14:49 . 2014-11-29 14:49 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-11-29 14:48 . 2014-11-29 14:48 942592 ----a-w- c:\windows\system32\jsIntl.dll
2014-11-29 14:48 . 2014-11-29 14:48 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-11-29 14:48 . 2014-11-29 14:48 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-11-29 14:48 . 2014-11-29 14:48 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-11-29 14:48 . 2014-11-29 14:48 81408 ----a-w- c:\windows\system32\icardie.dll
2014-11-29 14:48 . 2014-11-29 14:48 774144 ----a-w- c:\windows\system32\jscript.dll
2014-11-29 14:48 . 2014-11-29 14:48 77312 ----a-w- c:\windows\system32\tdc.ocx
2014-11-29 14:48 . 2014-11-29 14:48 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-11-29 14:48 . 2014-11-29 14:48 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-11-29 14:48 . 2014-11-29 14:48 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2014-11-29 14:48 . 2014-11-29 14:48 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-11-29 14:48 . 2014-11-29 14:48 62464 ----a-w- c:\windows\system32\pngfilt.dll
2014-11-29 14:48 . 2014-11-29 14:48 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2014-11-29 14:48 . 2014-11-29 14:48 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-11-29 14:48 . 2014-11-29 14:48 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-11-29 14:48 . 2014-11-29 14:48 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-11-29 14:48 . 2014-11-29 14:48 48128 ----a-w- c:\windows\system32\imgutil.dll
2014-11-29 14:48 . 2014-11-29 14:48 413696 ----a-w- c:\windows\system32\html.iec
2014-11-29 14:48 . 2014-11-29 14:48 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-11-29 14:48 . 2014-11-29 14:48 337408 ----a-w- c:\windows\SysWow64\html.iec
2014-11-29 14:48 . 2014-11-29 14:48 30208 ----a-w- c:\windows\system32\licmgr10.dll
2014-11-29 14:48 . 2014-11-29 14:48 247808 ----a-w- c:\windows\system32\msls31.dll
2014-11-29 14:48 . 2014-11-29 14:48 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-11-29 14:48 . 2014-11-29 14:48 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-11-29 14:48 . 2014-11-29 14:48 235520 ----a-w- c:\windows\system32\url.dll
2014-11-29 14:48 . 2014-11-29 14:48 235008 ----a-w- c:\windows\system32\elshyph.dll
2014-11-29 14:48 . 2014-11-29 14:48 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2014-11-29 14:48 . 2014-11-29 14:48 167424 ----a-w- c:\windows\system32\iexpress.exe
2014-11-29 14:48 . 2014-11-29 14:48 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2014-11-29 14:48 . 2014-11-29 14:48 147968 ----a-w- c:\windows\system32\occache.dll
2014-11-29 14:48 . 2014-11-29 14:48 143872 ----a-w- c:\windows\system32\wextract.exe
2014-11-29 14:48 . 2014-11-29 14:48 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2014-11-29 14:48 . 2014-11-29 14:48 13824 ----a-w- c:\windows\system32\mshta.exe
2014-11-29 14:48 . 2014-11-29 14:48 135680 ----a-w- c:\windows\system32\iepeers.dll
2014-11-29 14:48 . 2014-11-29 14:48 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2014-11-29 14:48 . 2014-11-29 14:48 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2014-11-29 14:48 . 2014-11-29 14:48 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-11-29 14:48 . 2014-11-29 14:48 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2014-11-29 14:48 . 2014-11-29 14:48 105984 ----a-w- c:\windows\system32\iesysprep.dll
2014-11-29 14:48 . 2014-11-29 14:48 101376 ----a-w- c:\windows\system32\inseng.dll
2014-11-29 14:47 . 2014-11-29 14:47 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-11-29 14:47 . 2014-11-29 14:47 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-11-29 14:47 . 2014-11-29 14:47 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2014-11-29 14:47 . 2014-11-29 14:47 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2014-11-29 14:47 . 2014-11-29 14:47 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-11-29 14:47 . 2014-11-29 14:47 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-11-29 14:47 . 2014-11-29 14:47 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-11-29 14:47 . 2014-11-29 14:47 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-11-29 14:47 . 2014-11-29 14:47 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2014-11-29 14:47 . 2014-11-29 14:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-11-29 14:47 . 2014-11-29 14:47 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-11-29 14:47 . 2014-11-29 14:47 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2014-11-29 14:47 . 2014-11-29 14:47 363008 ----a-w- c:\windows\system32\dxgi.dll
2014-11-29 14:47 . 2014-11-29 14:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-11-29 14:47 . 2014-11-29 14:47 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-11-29 14:47 . 2014-11-29 14:47 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2014-11-29 14:47 . 2014-11-29 14:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2014-11-29 14:47 . 2014-11-29 14:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-11-29 14:47 . 2014-11-29 14:47 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-11-29 14:47 . 2014-11-29 14:47 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-11-29 14:47 . 2014-11-29 14:47 296960 ----a-w- c:\windows\system32\d3d10core.dll
2014-11-29 14:47 . 2014-11-29 14:47 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2014-11-29 14:47 . 2014-11-29 14:47 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-11-29 14:47 . 2014-11-29 14:47 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-11-29 14:47 . 2014-11-29 14:47 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2014-11-29 14:47 . 2014-11-29 14:47 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2014-11-29 14:47 . 2014-11-29 14:47 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2014-11-29 14:47 . 2014-11-29 14:47 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2014-11-29 14:47 . 2014-11-29 14:47 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2014-11-29 14:47 . 2014-11-29 14:47 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2014-11-29 14:47 . 2014-11-29 14:47 1643520 ----a-w- c:\windows\system32\DWrite.dll
2014-11-29 14:47 . 2014-11-29 14:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2014-11-29 14:47 . 2014-11-29 14:47 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2014-11-29 14:47 . 2014-11-29 14:47 1238528 ----a-w- c:\windows\system32\d3d10.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{008f6853-9cb4-41c5-a950-39d55e5e06ba}]
c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2012-09-07 11:37 433648 ----a-w- c:\programdata\Partner\Partner.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F443A627-5009-4323-9C1D-7FD598D0D712}]
c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EA582743-9076-4178-9AA6-7393FDF4D5CE}"= "c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{ea582743-9076-4178-9aa6-7393fdf4d5ce}]
[HKEY_CLASSES_ROOT\TypeLib\{33D0AD98-3347-4A54-8929-5163EBEB9F72}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-21 291648]
"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2011-12-21 507744]
"332BigDog"="c:\program files (x86)\USB Camera2\VM332_STI.EXE" [2011-12-09 548864]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-23 1675160]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2012-01-26 4351712]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-29 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-29 228448]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2012-09-07 329056]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"LockKey"="c:\program files (x86)\LockKey\LockKey.exe" [2011-08-26 337776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"OTM"="c:\users\Marek\Downloads\OTM.exe" [2015-01-31 522240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2012-2-2 1380128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\Lenovo\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 aswRvrt;avast! Revert; [x]
R0 aswVmm;avast! VM Monitor; [x]
R0 ngfiapdl;ngfiapdl;c:\windows\system32\drivers\kwmslird.sys;c:\windows\SYSNATIVE\drivers\kwmslird.sys [x]
R0 ntehzgf;ntehzgf;c:\windows\system32\drivers\bbvpybjp.sys;c:\windows\SYSNATIVE\drivers\bbvpybjp.sys [x]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
R1 DamageGuard;DamageGuard;c:\windows\system32\DRIVERS\DamageGuardX64.sys;c:\windows\SYSNATIVE\DRIVERS\DamageGuardX64.sys [x]
R1 dgFltr;dgFltr;c:\windows\system32\drivers\dgFltrX64.sys;c:\windows\SYSNATIVE\drivers\dgFltrX64.sys [x]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
R2 DamageGuardSvc;Lenovo Instant Reset Service;c:\program files\Lenovo\Instant Reset\DamageGuardSvc.exe;c:\program files\Lenovo\Instant Reset\DamageGuardSvc.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 LSCWinService;LSCWinService;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 vm332avs;Lenovo Camera2;c:\windows\system32\Drivers\vm332avs.sys;c:\windows\SYSNATIVE\Drivers\vm332avs.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-11-22 16:08 1087304 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.65\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2012-09-07 11:37 750064 ----a-w- c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2012-09-07 11:37 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-06-07 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-06-07 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-06-07 440128]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-12-15 564352]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-09-07 8079408]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-09-07 6202416]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2012-09-07 206176]
"OneKeyReminder"="c:\program files\Lenovo\OneKey App\OneKey Recovery\OneKey Reminder.exe" [2012-01-12 537896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"OneKeyReminder"="c:\program files\Lenovo\OneKey App\OneKey Recovery\OneKey Reminder.exe" [2012-01-12 537896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=KMOH&bmod=KMOH
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
Celkový čas: 2015-02-04 20:27:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-02-04 19:27
ComboFix2.txt 2015-02-04 17:04
.
Před spuštěním: Volných bajtů: 517 732 642 816
Po spuštění: Volných bajtů: 517 461 278 720
.
- - End Of File - - B8865442A6C4252B22C202B35E8D1B72