VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Podozrenie an vír

https://forum.viry.cz:443/viewtopic.php?t=143518

Stránka 2 z 2

Re: Podozrenie an vír

Napsal: 20 dub 2015 20:50
od Rudy
OK. Takže vše v pořádku?

Re: Podozrenie an vír

Napsal: 20 dub 2015 21:10
od 7777
Bohužiaľ nie, po reštarte sa chyba znova prejavuje. No po znovu zapnurí programu USBfix a vymazaní dotyčných temporat zasa áno ale len do ďalšieho reštartu.

Re: Podozrenie an vír

Napsal: 20 dub 2015 21:37
od Rudy
Dejte log ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

Re: Podozrenie an vír

Napsal: 20 dub 2015 21:56
od 7777
Tu je log:
ComboFix 15-04-19.01 - Tomas . 04. 2015 22:47:14.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.8130.6698 [GMT 2:00]
Running from: c:\users\Tomas\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Install
c:\windows\Install\AsusSetup.exe
c:\windows\Install\AsusSetup.exe.manifest
c:\windows\Install\AsusSetup.ini
c:\windows\Install\Driver\AsusSetup.exe
c:\windows\Install\Driver\AsusSetup.exe.manifest
c:\windows\Install\Driver\AsusSetup.ini
c:\windows\Install\Driver\AsusSetup32.ini
c:\windows\Install\Driver\AsusSetup64.ini
c:\windows\Install\Driver\English.ini
c:\windows\Install\Driver\French.ini
c:\windows\Install\Driver\German.ini
c:\windows\Install\Driver\Japanese.ini
c:\windows\Install\Driver\Korean.ini
c:\windows\Install\Driver\mup.xml
c:\windows\Install\Driver\Russian.ini
c:\windows\Install\Driver\SetupRST.exe
c:\windows\Install\Driver\SChinese.ini
c:\windows\Install\Driver\Spanish.ini
c:\windows\Install\Driver\TChinese.ini
c:\windows\Install\netfx\AsusSetup.exe
c:\windows\Install\netfx\AsusSetup.exe.manifest
c:\windows\Install\netfx\AsusSetup.ini
c:\windows\Install\netfx\dotnetfx45\AsusSetup.exe
c:\windows\Install\netfx\dotnetfx45\AsusSetup.exe.manifest
c:\windows\Install\netfx\dotnetfx45\AsusSetup.ini
c:\windows\Install\netfx\dotnetfx45\Installer.bat
c:\windows\Install\netfx\dotnetfx45\NDP451-KB2858728-x86-x64-AllOS-ENU.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
.
.
((((((((((((((((((((((((( Files Created from 2015-03-20 to 2015-04-20 )))))))))))))))))))))))))))))))
.
.
2015-04-20 20:50 . 2015-04-20 20:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-20 19:34 . 2015-04-20 19:34 -------- d-----w- c:\programdata\Licenses
2015-04-20 19:26 . 2006-06-19 10:01 69632 ----a-w- c:\windows\SysWow64\ztvcabinet.dll
2015-04-20 19:26 . 2006-05-25 12:52 162304 ----a-w- c:\windows\SysWow64\ztvunrar36.dll
2015-04-20 19:26 . 2005-08-25 22:50 77312 ----a-w- c:\windows\SysWow64\ztvunace26.dll
2015-04-20 19:26 . 2003-02-02 17:06 153088 ----a-w- c:\windows\SysWow64\UNRAR3.dll
2015-04-20 19:26 . 2002-03-05 22:00 75264 ----a-w- c:\windows\SysWow64\unacev2.dll
2015-04-20 19:26 . 2015-04-20 19:33 -------- d-----w- c:\program files (x86)\Trojan Remover
2015-04-20 19:26 . 2015-04-20 19:26 -------- d-----w- c:\programdata\Simply Super Software
2015-04-20 17:59 . 2015-03-23 00:32 12002392 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0CC960C5-B1E5-47EB-9018-DB8AB54F223C}\mpengine.dll
2015-04-20 17:57 . 2015-04-20 17:57 -------- d-----w- c:\program files (x86)\MSXML 4.0
2015-04-20 17:54 . 2015-03-25 03:24 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-04-20 17:52 . 2015-03-04 04:55 367552 ----a-w- c:\windows\system32\clfs.sys
2015-04-20 17:52 . 2015-03-04 04:41 79360 ----a-w- c:\windows\system32\clfsw32.dll
2015-04-20 17:52 . 2015-03-04 04:10 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll
2015-04-20 17:52 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2015-04-20 17:52 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-04-20 17:17 . 2013-05-23 06:39 41032 ----a-w- c:\windows\system32\drivers\gfiark.sys
2015-04-20 17:16 . 2014-01-22 14:34 47496 ----a-w- c:\windows\system32\sbbd.exe
2015-04-20 17:13 . 2015-04-20 17:18 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2015-04-20 17:11 . 2015-04-20 17:11 -------- d-----w- c:\program files\Microsoft Office 15
2015-04-20 17:09 . 2015-04-20 17:09 -------- d-sh--w- c:\windows\ftpcache
2015-04-20 16:15 . 2015-04-20 19:40 -------- d-----w- C:\UsbFix
2015-04-20 14:58 . 2015-04-20 14:58 -------- d-----w- c:\program files (x86)\ESET
2015-04-20 12:01 . 2015-04-20 12:01 -------- d-----w- C:\rsit
2015-04-20 12:01 . 2015-04-20 12:01 -------- d-----w- c:\program files\trend micro
2015-04-20 11:39 . 2015-04-20 11:39 -------- d-----w- C:\NPE
2015-04-20 11:37 . 2015-04-20 11:38 -------- d-----w- c:\programdata\Norton
2015-04-20 11:22 . 2015-04-20 11:22 -------- d-----w- c:\program files\Reason
2015-04-19 18:20 . 2015-04-19 18:20 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-19 18:20 . 2015-04-19 18:20 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-19 18:01 . 2015-04-19 21:12 -------- d-----w- c:\programdata\Nero
2015-04-19 17:41 . 2015-04-19 17:41 -------- d-----w- c:\program files\CCleaner
2015-04-18 17:43 . 2015-04-19 05:55 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2015-04-18 15:40 . 2015-04-20 17:13 627920 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2015-04-18 13:48 . 2015-04-18 13:48 -------- d-----w- c:\program files\VideoLAN
2015-04-11 17:57 . 2014-04-23 06:51 545 ----a-w- c:\windows\UC.PIF
2015-04-11 17:57 . 2014-04-23 06:51 545 ----a-w- c:\windows\RAR.PIF
2015-04-11 17:57 . 2014-04-23 06:51 545 ----a-w- c:\windows\LHA.PIF
2015-04-11 17:57 . 2014-04-23 06:51 545 ----a-w- c:\windows\ARJ.PIF
2015-04-11 17:57 . 2015-04-11 17:57 -------- d-----w- C:\totalcmd
2015-04-10 14:49 . 2015-04-10 14:49 -------- d-----w- c:\windows\CheckSur
2015-04-08 16:45 . 2015-04-08 16:50 -------- d-----w- C:\LibreOfficePortable
2015-04-08 15:40 . 2015-04-08 15:40 -------- d-----w- c:\windows\SysWow64\Macromed
2015-04-08 15:40 . 2015-04-08 15:40 -------- d-----w- c:\windows\system32\Macromed
2015-04-08 14:03 . 2015-04-20 19:07 -------- d-----w- c:\users\Animatrix
2015-04-08 13:22 . 2015-04-08 13:21 936664 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2015-04-08 13:22 . 2015-04-08 13:21 73800 ----a-w- c:\windows\system32\RtNicProp64.dll
2015-04-08 13:19 . 2015-04-10 15:00 -------- d-----w- c:\windows\SysWow64\RTCOM
2015-04-08 13:19 . 2015-04-08 13:19 -------- d-----w- c:\program files\Realtek
2015-04-08 07:30 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2015-04-08 07:30 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2015-04-08 07:28 . 2014-09-05 02:11 6584320 ----a-w- c:\windows\system32\mstscax.dll
2015-04-08 07:28 . 2014-09-05 01:52 5703168 ----a-w- c:\windows\SysWow64\mstscax.dll
2015-04-08 07:28 . 2014-12-11 17:47 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
2015-04-08 07:28 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2015-04-08 07:28 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2015-04-07 22:21 . 2015-04-18 13:45 -------- d-----w- c:\program files (x86)\VideoLAN
2015-04-07 22:18 . 2015-04-07 22:18 271200 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-04-07 22:18 . 2015-04-07 22:18 136752 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-04-07 22:18 . 2015-04-07 22:18 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-04-07 22:18 . 2015-04-07 22:18 442264 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-04-07 22:18 . 2015-04-07 22:18 88408 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-04-07 22:18 . 2015-04-07 22:18 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-04-07 22:18 . 2015-04-07 22:18 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-04-07 22:18 . 2015-04-07 22:18 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-04-07 22:18 . 2015-04-07 22:18 364472 ----a-w- c:\windows\system32\aswBoot.exe
2015-04-07 22:18 . 2015-04-07 22:18 43112 ----a-w- c:\windows\avastSS.scr
2015-04-07 22:17 . 2015-04-07 22:17 -------- d-----w- c:\program files\AVAST Software
2015-04-07 22:16 . 2015-04-07 22:16 -------- d-----w- c:\programdata\AVAST Software
2015-04-07 22:16 . 2015-04-19 17:53 -------- d-----w- c:\program files (x86)\Microsoft OneDrive
2015-04-07 22:16 . 2015-04-07 22:16 -------- d-----w- c:\programdata\Microsoft OneDrive
2015-04-07 22:04 . 2015-04-07 22:04 -------- d-----w- c:\program files (x86)\Longman
2015-04-07 21:59 . 2012-01-31 13:12 712552 ------w- c:\windows\system32\HPDiscoPMB011.dll
2015-04-07 21:56 . 2012-01-31 17:01 622440 ----a-w- c:\windows\system32\HPWia2_DJ3520.dll
2015-04-07 21:56 . 2012-01-31 17:01 2701160 ----a-w- c:\windows\system32\HPScanTRDrv_DJ3520.dll
2015-04-07 21:51 . 2015-04-07 21:59 -------- d-----w- c:\program files (x86)\HP
2015-04-07 21:51 . 2015-04-07 21:59 -------- d-----w- c:\program files\HP
2015-04-07 21:48 . 2015-04-07 21:56 -------- d-----w- c:\programdata\HP
2015-04-07 21:48 . 2012-10-02 23:47 622480 ----a-w- c:\windows\system32\HPWia2_DJ1050_J410.dll
2015-04-07 21:48 . 2012-10-02 23:47 2723728 ----a-w- c:\windows\system32\HPScanTRDrv_DJ1050_J410.dll
2015-04-07 21:14 . 2015-04-07 21:14 -------- d-----w- c:\windows\SysWow64\Wat
2015-04-07 21:14 . 2015-04-07 21:14 -------- d-----w- c:\windows\system32\Wat
2015-04-07 21:13 . 2015-02-03 03:31 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-04-07 21:13 . 2015-02-03 03:12 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-04-07 21:13 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-04-07 21:13 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-04-07 21:01 . 2015-04-07 21:01 0 ----a-w- c:\windows\ativpsrm.bin
2015-04-07 20:58 . 2015-04-07 21:03 -------- d-s---w- c:\windows\system32\GWX
2015-04-07 20:58 . 2015-04-07 20:58 -------- d-s---w- c:\windows\SysWow64\GWX
2015-04-07 20:58 . 2015-04-07 20:58 -------- d-s---w- c:\windows\system32\CompatTel
2015-04-07 20:58 . 2015-04-07 20:58 -------- d-----w- c:\windows\system32\appraiser
2015-04-07 20:40 . 2013-10-14 16:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2015-04-07 20:33 . 2015-04-07 20:33 -------- d-----w- c:\programdata\ATI
2015-04-07 20:20 . 2004-08-03 22:56 1392671 ----a-w- c:\windows\msvbvm60.dll
2015-04-07 20:20 . 2002-01-05 01:40 487424 ----a-w- c:\windows\msvcp70.dll
2015-04-07 20:20 . 2002-01-05 01:37 344064 ----a-w- c:\windows\msvcr70.dll
2015-04-07 19:59 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2015-04-07 19:59 . 2012-08-23 14:08 30208 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys
2015-04-07 19:59 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2015-04-07 19:59 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2015-04-07 19:43 . 2015-04-15 12:34 -------- d-----w- c:\windows\system32\MRT
2015-04-07 19:38 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2015-04-07 19:38 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2015-04-07 19:38 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2015-04-07 19:35 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2015-04-07 19:35 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2015-04-07 19:35 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2015-04-07 19:35 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2015-04-07 19:35 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2015-04-07 19:35 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2015-04-07 19:35 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2015-04-07 19:35 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2015-04-07 19:33 . 2014-03-04 09:44 39936 ----a-w- c:\windows\system32\wincredprovider.dll
2015-04-07 19:32 . 2014-06-03 10:02 1719296 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2015-04-07 19:31 . 2013-07-04 12:57 259584 ----a-w- c:\windows\system32\WebClnt.dll
2015-04-07 19:30 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
2015-04-07 19:27 . 2015-04-09 08:11 -------- d-----w- c:\windows\Panther
2015-04-07 19:17 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2015-04-07 19:17 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2015-04-07 19:15 . 2015-04-07 19:15 -------- d-----w- c:\programdata\AMD
2015-04-07 19:15 . 2015-04-07 19:15 -------- d-----w- c:\program files (x86)\AMD AVT
2015-04-07 19:15 . 2015-04-07 19:15 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2015-04-07 19:15 . 2013-09-24 14:53 94208 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2015-04-07 19:15 . 2013-09-24 14:51 110080 ----a-w- c:\windows\system32\DelayAPO.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-08 13:56 . 2013-04-26 02:24 41984 ----a-w- c:\windows\system32\drivers\USB3Ver.dll
2015-04-07 20:35 . 2015-04-07 20:35 208384 ----a-w- c:\windows\SysWow64\webcheck.dll
2015-04-07 20:35 . 2015-04-07 20:35 243200 ----a-w- c:\windows\system32\webcheck.dll
2015-03-17 04:56 . 2015-04-20 17:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-02-24 02:17 . 2010-11-21 03:27 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-02-04 10:23 . 2015-02-04 10:23 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2015-02-04 10:13 . 2015-02-04 10:13 869536 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-04-19 19:48 329376 ----a-w- c:\users\Tomas\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2015-04-19 19:48 329376 ----a-w- c:\users\Tomas\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2015-04-19 19:48 329376 ----a-w- c:\users\Tomas\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-04-19 19:48 329376 ----a-w- c:\users\Tomas\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-04-19 19:48 329376 ----a-w- c:\users\Tomas\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2013-12-06 389120]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-03-13 7451928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2015-04-08 292848]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-12-06 766208]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-04-07 5512912]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2015-04-20 1797496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; [x]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Ovládač prepínača hostiteľského radiča Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 ClickToRunSvc;Služba Klikni a spusti balíka Microsoft Office;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 iusb3hub;Ovládač rozbočovača Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovládač hostiteľského radiča Intel(R) USB 3.0 eXtensible;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2015-04-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-19 18:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-04-19 19:48 358056 ----a-w- c:\users\Tomas\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2015-04-19 19:48 358056 ----a-w- c:\users\Tomas\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2015-04-19 19:48 358056 ----a-w- c:\users\Tomas\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-04-19 19:48 358056 ----a-w- c:\users\Tomas\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-04-19 19:48 358056 ----a-w- c:\users\Tomas\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-04-20 17:14 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-04-20 17:14 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-04-20 17:14 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-04-07 22:18 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2014-11-26 7659736]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2014-05-28 36352]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\30eva419.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-04-20 22:51:45
ComboFix-quarantined-files.txt 2015-04-20 20:51
.
Pre-Run: 70 976 901 120 bytes free
Post-Run: 70 602 969 088 bytes free
.
- - End Of File - - BE86DA12B691B07760AB4F14DEEC1EBC
A36C5E4F47E84449FF07ED3517B43A31

Re: Podozrenie an vír

Napsal: 21 dub 2015 16:57
od Rudy
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Re: Podozrenie an vír

Napsal: 21 dub 2015 17:31
od 7777
ComboFix 15-04-19.01 - Tomas . 04. 2015 18:24:28.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.8130.6619 [GMT 2:00]
Running from: c:\users\Tomas\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tomas\AppData\Local\Temp\nsm976.tmp\System.dll
.
.
((((((((((((((((((((((((( Files Created from 2015-03-21 to 2015-04-21 )))))))))))))))))))))))))))))))
.
.
2015-04-21 16:27 . 2015-04-21 16:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-21 10:54 . 2015-04-21 11:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2015-04-21 10:54 . 2015-04-21 10:55 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2015-04-21 10:00 . 2015-04-21 10:00 -------- d-----w- c:\program files\CamStudio 2.7
2015-04-20 19:34 . 2015-04-20 19:34 -------- d-----w- c:\programdata\Licenses
2015-04-20 19:26 . 2015-04-20 19:26 -------- d-----w- c:\programdata\Simply Super Software
2015-04-20 17:59 . 2015-03-23 00:32 12002392 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0CC960C5-B1E5-47EB-9018-DB8AB54F223C}\mpengine.dll
2015-04-20 17:57 . 2015-04-20 17:57 -------- d-----w- c:\program files (x86)\MSXML 4.0
2015-04-20 17:54 . 2015-03-25 03:24 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-04-20 17:52 . 2015-03-04 04:55 367552 ----a-w- c:\windows\system32\clfs.sys
2015-04-20 17:52 . 2015-03-04 04:41 79360 ----a-w- c:\windows\system32\clfsw32.dll
2015-04-20 17:52 . 2015-03-04 04:10 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll
2015-04-20 17:52 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2015-04-20 17:52 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-04-20 17:17 . 2013-05-23 06:39 41032 ----a-w- c:\windows\system32\drivers\gfiark.sys
2015-04-20 17:16 . 2014-01-22 14:34 47496 ----a-w- c:\windows\system32\sbbd.exe
2015-04-20 17:13 . 2015-04-20 17:18 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2015-04-20 17:11 . 2015-04-20 17:11 -------- d-----w- c:\program files\Microsoft Office 15
2015-04-20 17:09 . 2015-04-20 17:09 -------- d-sh--w- c:\windows\ftpcache
2015-04-20 14:58 . 2015-04-20 14:58 -------- d-----w- c:\program files (x86)\ESET
2015-04-20 12:01 . 2015-04-20 12:01 -------- d-----w- C:\rsit
2015-04-20 12:01 . 2015-04-20 12:01 -------- d-----w- c:\program files\trend micro
2015-04-20 11:39 . 2015-04-20 11:39 -------- d-----w- C:\NPE
2015-04-20 11:37 . 2015-04-20 11:38 -------- d-----w- c:\programdata\Norton
2015-04-20 11:22 . 2015-04-20 11:22 -------- d-----w- c:\program files\Reason
2015-04-19 18:20 . 2015-04-19 18:20 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-19 18:20 . 2015-04-19 18:20 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-19 18:01 . 2015-04-19 21:12 -------- d-----w- c:\programdata\Nero
2015-04-19 17:41 . 2015-04-19 17:41 -------- d-----w- c:\program files\CCleaner
2015-04-18 17:43 . 2015-04-19 05:55 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2015-04-18 15:40 . 2015-04-20 17:13 627920 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2015-04-18 13:48 . 2015-04-18 13:48 -------- d-----w- c:\program files\VideoLAN
2015-04-11 17:57 . 2014-04-23 06:51 545 ----a-w- c:\windows\UC.PIF
2015-04-11 17:57 . 2014-04-23 06:51 545 ----a-w- c:\windows\RAR.PIF
2015-04-11 17:57 . 2014-04-23 06:51 545 ----a-w- c:\windows\LHA.PIF
2015-04-11 17:57 . 2014-04-23 06:51 545 ----a-w- c:\windows\ARJ.PIF
2015-04-11 17:57 . 2015-04-11 17:57 -------- d-----w- C:\totalcmd
2015-04-10 14:49 . 2015-04-10 14:49 -------- d-----w- c:\windows\CheckSur
2015-04-08 16:45 . 2015-04-08 16:50 -------- d-----w- C:\LibreOfficePortable
2015-04-08 15:40 . 2015-04-08 15:40 -------- d-----w- c:\windows\SysWow64\Macromed
2015-04-08 15:40 . 2015-04-08 15:40 -------- d-----w- c:\windows\system32\Macromed
2015-04-08 14:03 . 2015-04-20 19:07 -------- d-----w- c:\users\Animatrix
2015-04-08 13:22 . 2015-04-08 13:21 936664 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2015-04-08 13:22 . 2015-04-08 13:21 73800 ----a-w- c:\windows\system32\RtNicProp64.dll
2015-04-08 13:19 . 2015-04-10 15:00 -------- d-----w- c:\windows\SysWow64\RTCOM
2015-04-08 13:19 . 2015-04-08 13:19 -------- d-----w- c:\program files\Realtek
2015-04-08 07:30 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2015-04-08 07:30 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2015-04-08 07:28 . 2014-09-05 02:11 6584320 ----a-w- c:\windows\system32\mstscax.dll
2015-04-08 07:28 . 2014-09-05 01:52 5703168 ----a-w- c:\windows\SysWow64\mstscax.dll
2015-04-08 07:28 . 2014-12-11 17:47 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
2015-04-08 07:28 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2015-04-08 07:28 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2015-04-07 22:21 . 2015-04-18 13:45 -------- d-----w- c:\program files (x86)\VideoLAN
2015-04-07 22:18 . 2015-04-07 22:18 271200 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-04-07 22:18 . 2015-04-07 22:18 136752 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-04-07 22:18 . 2015-04-07 22:18 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-04-07 22:18 . 2015-04-07 22:18 442264 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-04-07 22:18 . 2015-04-07 22:18 88408 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-04-07 22:18 . 2015-04-07 22:18 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-04-07 22:18 . 2015-04-07 22:18 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-04-07 22:18 . 2015-04-07 22:18 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-04-07 22:18 . 2015-04-07 22:18 364472 ----a-w- c:\windows\system32\aswBoot.exe
2015-04-07 22:18 . 2015-04-07 22:18 43112 ----a-w- c:\windows\avastSS.scr
2015-04-07 22:17 . 2015-04-07 22:17 -------- d-----w- c:\program files\AVAST Software
2015-04-07 22:16 . 2015-04-07 22:16 -------- d-----w- c:\programdata\AVAST Software
2015-04-07 22:16 . 2015-04-19 17:53 -------- d-----w- c:\program files (x86)\Microsoft OneDrive
2015-04-07 22:16 . 2015-04-07 22:16 -------- d-----w- c:\programdata\Microsoft OneDrive
2015-04-07 22:04 . 2015-04-07 22:04 -------- d-----w- c:\program files (x86)\Longman
2015-04-07 21:59 . 2012-01-31 13:12 712552 ------w- c:\windows\system32\HPDiscoPMB011.dll
2015-04-07 21:56 . 2012-01-31 17:01 622440 ----a-w- c:\windows\system32\HPWia2_DJ3520.dll
2015-04-07 21:56 . 2012-01-31 17:01 2701160 ----a-w- c:\windows\system32\HPScanTRDrv_DJ3520.dll
2015-04-07 21:51 . 2015-04-07 21:59 -------- d-----w- c:\program files (x86)\HP
2015-04-07 21:51 . 2015-04-07 21:59 -------- d-----w- c:\program files\HP
2015-04-07 21:48 . 2015-04-07 21:56 -------- d-----w- c:\programdata\HP
2015-04-07 21:48 . 2012-10-02 23:47 622480 ----a-w- c:\windows\system32\HPWia2_DJ1050_J410.dll
2015-04-07 21:48 . 2012-10-02 23:47 2723728 ----a-w- c:\windows\system32\HPScanTRDrv_DJ1050_J410.dll
2015-04-07 21:14 . 2015-04-07 21:14 -------- d-----w- c:\windows\SysWow64\Wat
2015-04-07 21:14 . 2015-04-07 21:14 -------- d-----w- c:\windows\system32\Wat
2015-04-07 21:13 . 2015-02-03 03:31 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-04-07 21:13 . 2015-02-03 03:12 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-04-07 21:13 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-04-07 21:13 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-04-07 21:01 . 2015-04-07 21:01 0 ----a-w- c:\windows\ativpsrm.bin
2015-04-07 20:58 . 2015-04-07 21:03 -------- d-s---w- c:\windows\system32\GWX
2015-04-07 20:58 . 2015-04-07 20:58 -------- d-s---w- c:\windows\SysWow64\GWX
2015-04-07 20:58 . 2015-04-07 20:58 -------- d-s---w- c:\windows\system32\CompatTel
2015-04-07 20:58 . 2015-04-07 20:58 -------- d-----w- c:\windows\system32\appraiser
2015-04-07 20:40 . 2013-10-14 16:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2015-04-07 20:33 . 2015-04-07 20:33 -------- d-----w- c:\programdata\ATI
2015-04-07 20:20 . 2004-08-03 22:56 1392671 ----a-w- c:\windows\msvbvm60.dll
2015-04-07 20:20 . 2002-01-05 01:40 487424 ----a-w- c:\windows\msvcp70.dll
2015-04-07 20:20 . 2002-01-05 01:37 344064 ----a-w- c:\windows\msvcr70.dll
2015-04-07 19:59 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2015-04-07 19:59 . 2012-08-23 14:08 30208 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys
2015-04-07 19:59 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2015-04-07 19:59 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2015-04-07 19:43 . 2015-04-15 12:34 -------- d-----w- c:\windows\system32\MRT
2015-04-07 19:38 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2015-04-07 19:38 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2015-04-07 19:38 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2015-04-07 19:35 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2015-04-07 19:35 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2015-04-07 19:35 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2015-04-07 19:35 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2015-04-07 19:35 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2015-04-07 19:35 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2015-04-07 19:35 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2015-04-07 19:35 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2015-04-07 19:33 . 2014-03-04 09:44 39936 ----a-w- c:\windows\system32\wincredprovider.dll
2015-04-07 19:32 . 2014-06-03 10:02 1719296 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2015-04-07 19:31 . 2013-07-04 12:57 259584 ----a-w- c:\windows\system32\WebClnt.dll
2015-04-07 19:30 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
2015-04-07 19:27 . 2015-04-09 08:11 -------- d-----w- c:\windows\Panther
2015-04-07 19:17 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2015-04-07 19:17 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2015-04-07 19:15 . 2015-04-07 19:15 -------- d-----w- c:\programdata\AMD
2015-04-07 19:15 . 2015-04-07 19:15 -------- d-----w- c:\program files (x86)\AMD AVT
2015-04-07 19:15 . 2015-04-07 19:15 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2015-04-07 19:15 . 2013-09-24 14:53 94208 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2015-04-07 19:15 . 2013-09-24 14:51 110080 ----a-w- c:\windows\system32\DelayAPO.dll
2015-04-07 19:15 . 2015-04-07 19:15 -------- d-----w- c:\program files\AMD
2015-04-07 19:08 . 2015-04-07 19:15 -------- d-----w- c:\program files\ATI Technologies
2015-04-07 19:08 . 2015-04-07 19:08 -------- d-----w- c:\program files\ATI
2015-04-07 19:08 . 2015-04-07 19:08 -------- d-----w- C:\AMD
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-21 11:11 . 2015-04-21 11:11 897761 ----a-w- C:\UsbFix_Upload_Me_TOMAS-PC.zip
2015-04-08 13:56 . 2013-04-26 02:24 41984 ----a-w- c:\windows\system32\drivers\USB3Ver.dll
2015-04-07 20:35 . 2015-04-07 20:35 208384 ----a-w- c:\windows\SysWow64\webcheck.dll
2015-04-07 20:35 . 2015-04-07 20:35 243200 ----a-w- c:\windows\system32\webcheck.dll
2015-03-17 04:56 . 2015-04-20 17:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-02-24 02:17 . 2010-11-21 03:27 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-02-04 10:23 . 2015-02-04 10:23 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2015-02-04 10:13 . 2015-02-04 10:13 869536 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-04-19 19:48 329376 ----a-w- c:\users\Tomas\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2015-04-19 19:48 329376 ----a-w- c:\users\Tomas\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2015-04-19 19:48 329376 ----a-w- c:\users\Tomas\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-04-19 19:48 329376 ----a-w- c:\users\Tomas\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-04-19 19:48 329376 ----a-w- c:\users\Tomas\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2013-12-06 389120]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-03-13 7451928]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2015-04-08 292848]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-12-06 766208]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-04-07 5512912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; [x]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Ovládač prepínača hostiteľského radiča Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 ClickToRunSvc;Služba Klikni a spusti balíka Microsoft Office;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 iusb3hub;Ovládač rozbočovača Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovládač hostiteľského radiča Intel(R) USB 3.0 eXtensible;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2015-04-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-19 18:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-04-19 19:48 358056 ----a-w- c:\users\Tomas\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2015-04-19 19:48 358056 ----a-w- c:\users\Tomas\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2015-04-19 19:48 358056 ----a-w- c:\users\Tomas\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-04-19 19:48 358056 ----a-w- c:\users\Tomas\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-04-19 19:48 358056 ----a-w- c:\users\Tomas\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-04-20 17:14 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-04-20 17:14 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-04-20 17:14 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-04-07 22:18 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2014-11-26 7659736]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2014-05-28 36352]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\30eva419.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2015-04-21 18:31:30 - machine was rebooted
ComboFix-quarantined-files.txt 2015-04-21 16:31
ComboFix2.txt 2015-04-20 20:51
.
Pre-Run: 70 001 995 776 bytes free
Post-Run: 69 956 808 704 bytes free
.
- - End Of File - - 004C057105756D9FD15949261D6479A5
A36C5E4F47E84449FF07ED3517B43A31

Re: Podozrenie an vír

Napsal: 21 dub 2015 18:04
od 7777
Nejaká buglá verzia combofix vymazala aj to čo nemala, problém nevyriešený, nutná reinštalácia windows.

Re: Podozrenie an vír

Napsal: 21 dub 2015 18:47
od Rudy
7777 píše:Nejaká buglá verzia combofix vymazala aj to čo nemala, problém nevyriešený, nutná reinštalácia windows.
To sotva. CF vám sice může nakopnout systém, ale jen tehdy, pokud napíšete chybný skript. Některé aplikace sice může smazat, ale proto nejprve prověřujeme systém jinými prostředky, abychom věděli, že v něm nejsou aplikace, které CF nekompromisně maže. Toto není váš problém. Buď jste nedodržel postup, nebo byl z nějakého důvodu systém nakopnut už dříve. Tohle z logu většinou poznat nejde. Stejnou verzí tu s vámi pracoval jiný uživatel současně a nic se nestalo.

Re: Podozrenie an vír

Napsal: 24 dub 2015 13:34
od 7777
Systém preinštalovaný, aktualizácie vypnuté ale bohužiaľ Exel zasa nefunkčný. Mám tentoraz mám podozrenie na nakazený USB Kľuč, preliezol som ho avastom aj Nodom aj USBfix alebo ešte nejaké inštalačné CD z drivermi. Ale skôr ten usb kľuč...

Re: Podozrenie an vír

Napsal: 24 dub 2015 16:50
od Rudy
Office se instalují tak, že si je stáhnete z webu MS a pak do nich vložíte koupený klíč. Toť vše, žádný USB klíč k tomu nepotřebujete.

Re: Podozrenie an vír

Napsal: 24 dub 2015 17:03
od 7777
Veď hovorím že som inštalčku stiahol z webu www.microsoft.com/setup a nainštaloval som office ale už bol nefunkčný tak hľadám možnú príčinu pak 12tich aktualizácii to nebol, polemizujem že som mal vložené usb tak či sa nestiahlo niečo s toho alebo z webu asus aktualizoval som ovládače. Excel bol už po nainšalovaní nefunkčný tak chcem odhaliť možné príčiny. To by to bolo aby to nebolo....

Re: Podozrenie an vír

Napsal: 24 dub 2015 18:10
od Rudy
Pokud byl tedy systém přeinstalován (a nainstalovány všechny ovladače hardwaru), neměl by být problém. Pokud je, pak vám pomůže jedině technická podpora MS. Nejsme odborníci na Office.
Všechny časy jsou v UTC+01:00
Stránka 2 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz