Ono v posteli to vzdycky topi, tam se spatne chladi. Idealni je mit tam podlozku
Tak kouknete do spravce uloh, ktery proces to zatezuje, at vim, na co se zamerit. Log totiz vypada v pohode.
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu, děkuji
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosím o kontrolu, děkuji
A proc vlastne tu baterku vytahujete? Ja ji nevytahnul od zakoupeni, coz je asi 4 roky
Ono v posteli to vzdycky topi, tam se spatne chladi. Idealni je mit tam podlozku
Tak kouknete do spravce uloh, ktery proces to zatezuje, at vim, na co se zamerit. Log totiz vypada v pohode.
Ono v posteli to vzdycky topi, tam se spatne chladi. Idealni je mit tam podlozku
Tak kouknete do spravce uloh, ktery proces to zatezuje, at vim, na co se zamerit. Log totiz vypada v pohode.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu, děkuji
Baterka na to podle mě nemá vubec žádný vliv. Dneska jsem spustil NTB v pokojové teplotě na stole. Nechal ho chvili naběhnout, udělal prntscrn bez zátěže, spustil malování na zpracování screenu, a začal hučet větrák, činnost procesoru na těch 25% cca, (spuštěné pouze Malování!!) v seznamu procesů právě nic nevyskočilo, co by mělo NTB nějak zatěžovat, nevím ejstli jsem fotil správně. Jako třetí fotku jsem spustil několik aplikací.
V raru posílám na leteckou poštu, mělo by být bez hesla.
http://leteckaposta.cz/344209505
V raru posílám na leteckou poštu, mělo by být bez hesla.
http://leteckaposta.cz/344209505
Re: Prosím o kontrolu, děkuji
Klikl jste na zobrazit procesy vsech uzivatelu, nebo jak to tam je?tomik258 píše:v seznamu procesů právě nic nevyskočilo
Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.) Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc! 
Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte
Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradkuPokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu, děkuji
Dobrý večer, combofix zde. Nedošlo k restartu, vadí?
ComboFix 16-09-14.01 - Tom 16.09.2016 20:24:09.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.6088.3873 [GMT 2:00]
Spuštěný z: c:\users\Tom\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 9.0.376.1 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET NOD32 Antivirus 9.0.376.1 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Tom\AppData\Local\assembly\tmp
c:\users\Tom\AppData\Local\Msgbox.exe
c:\windows\s.bat
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-08-16 do 2016-09-16 )))))))))))))))))))))))))))))))
.
.
2016-09-16 18:39 . 2016-09-16 18:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-09-14 18:37 . 2016-09-14 18:37 -------- d-----w- C:\rsit
2016-09-05 15:22 . 2016-09-05 15:22 -------- d-----w- c:\windows\SysWow64\NV
2016-09-05 15:22 . 2016-09-05 15:22 -------- d-----w- c:\windows\system32\NV
2016-09-05 15:22 . 2016-05-04 02:22 45344 ----a-w- c:\windows\system32\vulkaninfo.exe
2016-09-05 15:22 . 2016-05-04 02:22 130848 ----a-w- c:\windows\system32\vulkan-1.dll
2016-09-05 15:22 . 2016-05-04 02:22 40224 ----a-w- c:\windows\SysWow64\vulkaninfo.exe
2016-09-05 15:22 . 2016-05-04 02:23 129824 ----a-w- c:\windows\SysWow64\vulkan-1.dll
2016-08-23 12:55 . 2016-08-11 14:31 1922616 ----a-w- c:\windows\system32\nvdispco6437254.dll
2016-08-23 12:55 . 2016-08-11 14:31 1586744 ----a-w- c:\windows\system32\nvdispgenco6437254.dll
2016-08-23 12:47 . 2016-07-08 15:32 2048 ----a-w- c:\windows\system32\tzres.dll
2016-08-23 12:47 . 2016-07-08 15:16 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-08-25 23:28 . 2016-06-26 11:25 493608 ----a-w- c:\windows\system32\nvumdshimx.dll
2016-08-25 23:28 . 2016-06-26 11:25 408784 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2016-08-25 23:28 . 2016-06-26 11:25 181488 ----a-w- c:\windows\system32\nvinitx.dll
2016-08-25 23:28 . 2016-06-26 11:25 159352 ----a-w- c:\windows\SysWow64\nvinit.dll
2016-08-25 23:28 . 2016-06-26 11:25 3917512 ----a-w- c:\windows\system32\nvapi64.dll
2016-08-25 23:28 . 2016-06-26 11:25 3456888 ----a-w- c:\windows\SysWow64\nvapi.dll
2016-08-25 21:10 . 2016-06-26 11:34 6385720 ----a-w- c:\windows\system32\nvcpl.dll
2016-08-25 21:10 . 2016-06-26 11:34 2475064 ----a-w- c:\windows\system32\nvsvc64.dll
2016-08-25 21:10 . 2016-06-26 11:34 1764408 ----a-w- c:\windows\system32\nvsvcr.dll
2016-08-25 21:10 . 2016-06-26 11:34 1362368 ----a-w- c:\windows\system32\nvvsvc.exe
2016-08-25 21:10 . 2016-06-26 11:34 144832 ----a-w- c:\windows\SysWow64\oemdspif.dll
2016-08-25 21:10 . 2016-06-26 11:34 81856 ----a-w- c:\windows\system32\nv3dappshextr.dll
2016-08-25 21:10 . 2016-06-26 11:34 71224 ----a-w- c:\windows\system32\nvshext.dll
2016-08-25 21:10 . 2016-06-26 11:34 548408 ----a-w- c:\windows\system32\nv3dappshext.dll
2016-08-25 21:10 . 2016-06-26 11:34 393784 ----a-w- c:\windows\system32\nvmctray.dll
2016-08-22 15:18 . 2016-06-26 11:34 7320235 ----a-w- c:\windows\system32\nvcoproc.bin
2016-08-11 19:16 . 2012-08-29 09:51 147640136 -c--a-w- c:\windows\system32\MRT.exe
2016-08-02 14:54 . 2016-08-11 19:14 394440 ----a-w- c:\windows\system32\iedkcs32.dll
2016-08-02 06:54 . 2016-08-11 19:14 25808384 ----a-w- c:\windows\system32\mshtml.dll
2016-08-02 06:47 . 2016-08-11 19:14 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2016-08-02 06:47 . 2016-08-11 19:14 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2016-08-02 06:32 . 2016-08-11 19:14 66560 ----a-w- c:\windows\system32\iesetup.dll
2016-08-02 06:32 . 2016-08-11 19:14 2894336 ----a-w- c:\windows\system32\iertutil.dll
2016-08-02 06:31 . 2016-08-11 19:14 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2016-08-02 06:31 . 2016-08-11 19:14 417792 ----a-w- c:\windows\system32\html.iec
2016-08-02 06:31 . 2016-08-11 19:14 572416 ----a-w- c:\windows\system32\vbscript.dll
2016-08-02 06:31 . 2016-08-11 19:14 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2016-08-02 06:24 . 2016-08-11 19:14 54784 ----a-w- c:\windows\system32\jsproxy.dll
2016-08-02 06:23 . 2016-08-11 19:14 34304 ----a-w- c:\windows\system32\iernonce.dll
2016-08-02 06:20 . 2016-08-11 19:14 615936 ----a-w- c:\windows\system32\ieui.dll
2016-08-02 06:19 . 2016-08-11 19:14 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2016-08-02 06:19 . 2016-08-11 19:14 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2016-08-02 06:18 . 2016-08-11 19:14 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2016-08-02 06:18 . 2016-08-11 19:14 817664 ----a-w- c:\windows\system32\jscript.dll
2016-08-02 06:18 . 2016-08-11 19:14 6047744 ----a-w- c:\windows\system32\jscript9.dll
2016-08-02 06:11 . 2016-08-11 19:14 969216 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2016-08-02 06:08 . 2016-08-11 19:14 489984 ----a-w- c:\windows\system32\dxtmsft.dll
2016-08-02 06:03 . 2016-08-11 19:14 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2016-08-02 06:00 . 2016-08-11 19:14 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2016-08-02 05:59 . 2016-08-11 19:14 107520 ----a-w- c:\windows\system32\inseng.dll
2016-08-02 05:56 . 2016-08-11 19:14 199680 ----a-w- c:\windows\system32\msrating.dll
2016-08-02 05:55 . 2016-08-11 19:14 92160 ----a-w- c:\windows\system32\mshtmled.dll
2016-08-02 05:53 . 2016-08-11 19:14 315392 ----a-w- c:\windows\system32\dxtrans.dll
2016-08-02 05:51 . 2016-08-11 19:14 497664 ----a-w- c:\windows\SysWow64\vbscript.dll
2016-08-02 05:51 . 2016-08-11 19:14 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2016-08-02 05:51 . 2016-08-11 19:14 152064 ----a-w- c:\windows\system32\occache.dll
2016-08-02 05:51 . 2016-08-11 19:14 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2016-08-02 05:51 . 2016-08-11 19:14 341504 ----a-w- c:\windows\SysWow64\html.iec
2016-08-02 05:50 . 2016-08-11 19:14 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2016-08-02 05:41 . 2016-08-11 19:14 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2016-08-02 05:41 . 2016-08-11 19:14 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2016-08-02 05:40 . 2016-08-11 19:14 262144 ----a-w- c:\windows\system32\webcheck.dll
2016-08-02 05:38 . 2016-08-11 19:14 724992 ----a-w- c:\windows\system32\ie4uinit.exe
2016-08-02 05:38 . 2016-08-11 19:14 806400 ----a-w- c:\windows\system32\msfeeds.dll
2016-08-02 05:37 . 2016-08-11 19:14 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2016-08-02 05:36 . 2016-08-11 19:14 2131456 ----a-w- c:\windows\system32\inetcpl.cpl
2016-08-02 05:29 . 2016-08-11 19:14 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2016-08-02 05:28 . 2016-08-11 19:14 15412224 ----a-w- c:\windows\system32\ieframe.dll
2016-08-02 05:23 . 2016-08-11 19:14 2868224 ----a-w- c:\windows\system32\wininet.dll
2016-08-02 05:21 . 2016-08-11 19:14 4608000 ----a-w- c:\windows\SysWow64\jscript9.dll
2016-08-02 05:14 . 2016-08-11 19:14 2055680 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2016-08-02 05:14 . 2016-08-11 19:14 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2016-08-02 05:10 . 2016-08-11 19:14 1550848 ----a-w- c:\windows\system32\urlmon.dll
2016-08-02 04:59 . 2016-08-11 19:14 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2016-08-02 04:56 . 2016-08-11 19:14 2393088 ----a-w- c:\windows\SysWow64\wininet.dll
2016-07-11 02:13 . 2016-07-18 14:39 1939000 ----a-w- c:\windows\system32\nvdispco6436881.dll
2016-07-11 02:13 . 2016-07-18 14:39 1571776 ----a-w- c:\windows\system32\nvdispgenco6436881.dll
2016-07-08 15:37 . 2016-08-11 19:13 95464 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2016-07-08 15:37 . 2016-08-11 19:13 154856 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2016-07-08 15:32 . 2016-08-11 19:13 86528 ----a-w- c:\windows\system32\TSpkg.dll
2016-07-08 15:32 . 2016-08-11 19:13 210432 ----a-w- c:\windows\system32\wdigest.dll
2016-07-08 15:32 . 2016-08-11 19:13 28672 ----a-w- c:\windows\system32\sspisrv.dll
2016-07-08 15:32 . 2016-08-11 19:13 135680 ----a-w- c:\windows\system32\sspicli.dll
2016-07-08 15:32 . 2016-08-11 19:13 343552 ----a-w- c:\windows\system32\schannel.dll
2016-07-08 15:32 . 2016-08-11 19:13 1212928 ----a-w- c:\windows\system32\rpcrt4.dll
2016-07-08 15:32 . 2016-08-11 19:13 28160 ----a-w- c:\windows\system32\secur32.dll
2016-07-08 15:32 . 2016-08-11 19:13 190464 ----a-w- c:\windows\system32\rpchttp.dll
2016-07-08 15:32 . 2016-08-11 19:13 312320 ----a-w- c:\windows\system32\ncrypt.dll
2016-07-08 15:32 . 2016-08-11 19:13 316416 ----a-w- c:\windows\system32\msv1_0.dll
2016-07-08 15:32 . 2016-08-11 19:13 60416 ----a-w- c:\windows\system32\msobjs.dll
2016-07-08 15:32 . 2016-08-11 19:13 146432 ----a-w- c:\windows\system32\msaudite.dll
2016-07-08 15:32 . 2016-08-11 19:13 1464320 ----a-w- c:\windows\system32\lsasrv.dll
2016-07-08 15:32 . 2016-08-11 19:13 730624 ----a-w- c:\windows\system32\kerberos.dll
2016-07-08 15:32 . 2016-08-11 19:13 43520 ----a-w- c:\windows\system32\cryptbase.dll
2016-07-08 15:32 . 2016-08-11 19:13 22016 ----a-w- c:\windows\system32\credssp.dll
2016-07-08 15:32 . 2016-08-11 19:13 463872 ----a-w- c:\windows\system32\certcli.dll
2016-07-08 15:32 . 2016-08-11 19:13 690688 ----a-w- c:\windows\system32\adtschema.dll
2016-07-08 15:17 . 2016-08-11 19:13 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2016-07-08 15:17 . 2016-08-11 19:13 666112 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2016-07-08 15:16 . 2016-08-11 19:13 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2016-07-08 15:16 . 2016-08-11 19:13 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2016-07-08 15:16 . 2016-08-11 19:13 251392 ----a-w- c:\windows\SysWow64\schannel.dll
2016-07-08 15:16 . 2016-08-11 19:13 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2016-07-08 15:16 . 2016-08-11 19:13 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2016-07-08 15:16 . 2016-08-11 19:13 223232 ----a-w- c:\windows\SysWow64\ncrypt.dll
2016-07-08 15:16 . 2016-08-11 19:13 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2016-07-08 15:16 . 2016-08-11 19:13 260608 ----a-w- c:\windows\SysWow64\msv1_0.dll
2016-07-08 15:16 . 2016-08-11 19:13 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2016-07-08 15:16 . 2016-08-11 19:13 553472 ----a-w- c:\windows\SysWow64\kerberos.dll
2016-07-08 15:16 . 2016-08-11 19:13 17408 ----a-w- c:\windows\SysWow64\credssp.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-03-20 15:36 222920 ----a-w- c:\users\Tom\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-03-20 15:36 222920 ----a-w- c:\users\Tom\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-03-20 15:36 222920 ----a-w- c:\users\Tom\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-28 228448]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2011-5-12 1211168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Origin Client Service;Origin Client Service;e:\games\Origin\OriginClientService.exe;e:\games\Origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R3 XSplit_Dummy;XSplit Stream Audio Renderer;c:\windows\system32\drivers\xspltspk.sys;c:\windows\SYSNATIVE\drivers\xspltspk.sys [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 winioex;winioex;c:\windows\system32\drivers\winioex.sys;c:\windows\SYSNATIVE\drivers\winioex.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 ALSysIO;ALSysIO;c:\users\Tom\AppData\Local\Temp\ALSysIO64.sys;c:\users\Tom\AppData\Local\Temp\ALSysIO64.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 DelayMan;ACPI DelayMan Filter Service;c:\windows\system32\DRIVERS\delayman.sys;c:\windows\SYSNATIVE\DRIVERS\delayman.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtpt64.sys [x]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtbs64.sys [x]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvmdm64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\usbvideo.sys;c:\windows\SYSNATIVE\Drivers\usbvideo.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-09-15 13:42 1267528 ----a-w- c:\program files (x86)\Google\Chrome\Application\53.0.2785.116\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-03-20 15:36 261832 ----a-w- c:\users\Tom\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-03-20 15:36 261832 ----a-w- c:\users\Tom\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-03-20 15:36 261832 ----a-w- c:\users\Tom\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2012-05-19 11:29 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-12-11 13776088]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2012-05-19 789920]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2012-05-19 206176]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-05-19 9753024]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-05-19 5908928]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2016-06-14 2397120]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-11-07 171992]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-11-07 399832]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-11-07 442328]
"RtHDVBg_LENOVO_DOLBYDRAGON"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2014-12-11 1391472]
"RtHDVBg_LENOVO_MICPKEY"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2014-12-11 1391472]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2016-06-14 1767944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 192.168.2.2:3128
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 192.168.0.254 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1506385281-2691020431-3212168025-1001\Software\SecuROM\License information*]
"datasecu"=hex:4c,6c,01,51,11,2e,3a,1c,59,4b,da,c3,e1,8d,94,c2,b7,0e,7a,cc,b0,
51,7a,1c,74,ac,09,d0,01,54,dd,27,af,8c,c5,e7,6a,01,4f,e8,c9,a5,17,cf,6e,02,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.5.0]
@DACL=(02 0000)
"Path"="c:\\windows\\SysWOW64\\npDeployJava1.dll"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2]
@DACL=(02 0000)
"Description"="Oracle® Next Generation Java™ Plug-In"
"GeckoVersion"="1.9"
"Path"="c:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2\\npjp2.dll"
"ProductName"="Oracle® Java™ Plug-In"
"Vendor"="Oracle Corp."
"Version"="10.67.2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
@DACL=(02 0000)
"Description"="Ag Player Plugin"
"GeckoVersion"="1.7.5"
"Path"="c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.30514.0\\npctrl.dll"
"ProductName"="Ag Player"
"Vendor"="Microsoft"
"Version"="5.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
@DACL=(02 0000)
"Path"="c:\\Program Files (x86)\\Windows Live\\Photo Gallery\\NPWLPG.dll"
"Description"="WLPG Install MIME type"
"GeckoVersion"="1.0"
"ProductName"="Windows Live Photo Gallery"
"Version"="15.4.3502.0922"
"Vendor"="Microsoft"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3522.0110]
@DACL=(02 0000)
"Path"="c:\\Program Files (x86)\\Windows Live\\Photo Gallery\\NPWLPG.dll"
"Description"="WLPG Install MIME type"
"GeckoVersion"="1.0"
"ProductName"="Windows Live Photo Gallery"
"Version"="16.4.3522.0110"
"Vendor"="Microsoft"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
@DACL=(02 0000)
"Path"="c:\\Program Files (x86)\\Google\\Update\\1.3.25.5\\npGoogleUpdate3.dll"
"Description"="Google Update"
"ProductName"="Google Update"
"Vendor"="Google Inc."
"Version"="3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
@DACL=(02 0000)
"Path"="c:\\Program Files (x86)\\Google\\Update\\1.3.25.5\\npGoogleUpdate3.dll"
"Description"="Google Update"
"ProductName"="Google Update"
"Vendor"="Google Inc."
"Version"="9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
@DACL=(02 0000)
"Path"="c:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.dll"
"Version"="10.1.12"
"Vendor"="Adobe Systems Incorporated. Copyright 1994-2010 All Rights Reserved"
"ProductName"="Adobe Reader Plugin for Firefox"
"Description"="Handles PDFs in-place in Firefox"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2016-09-16 21:05:30
ComboFix-quarantined-files.txt 2016-09-16 19:05
.
Před spuštěním: Volných bajtů: 194 316 374 016
Po spuštění: Volných bajtů: 193 762 516 992
.
- - End Of File - - FB3F3322F56373539B3D4939CACE2C23
ComboFix 16-09-14.01 - Tom 16.09.2016 20:24:09.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.6088.3873 [GMT 2:00]
Spuštěný z: c:\users\Tom\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 9.0.376.1 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET NOD32 Antivirus 9.0.376.1 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Tom\AppData\Local\assembly\tmp
c:\users\Tom\AppData\Local\Msgbox.exe
c:\windows\s.bat
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-08-16 do 2016-09-16 )))))))))))))))))))))))))))))))
.
.
2016-09-16 18:39 . 2016-09-16 18:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-09-14 18:37 . 2016-09-14 18:37 -------- d-----w- C:\rsit
2016-09-05 15:22 . 2016-09-05 15:22 -------- d-----w- c:\windows\SysWow64\NV
2016-09-05 15:22 . 2016-09-05 15:22 -------- d-----w- c:\windows\system32\NV
2016-09-05 15:22 . 2016-05-04 02:22 45344 ----a-w- c:\windows\system32\vulkaninfo.exe
2016-09-05 15:22 . 2016-05-04 02:22 130848 ----a-w- c:\windows\system32\vulkan-1.dll
2016-09-05 15:22 . 2016-05-04 02:22 40224 ----a-w- c:\windows\SysWow64\vulkaninfo.exe
2016-09-05 15:22 . 2016-05-04 02:23 129824 ----a-w- c:\windows\SysWow64\vulkan-1.dll
2016-08-23 12:55 . 2016-08-11 14:31 1922616 ----a-w- c:\windows\system32\nvdispco6437254.dll
2016-08-23 12:55 . 2016-08-11 14:31 1586744 ----a-w- c:\windows\system32\nvdispgenco6437254.dll
2016-08-23 12:47 . 2016-07-08 15:32 2048 ----a-w- c:\windows\system32\tzres.dll
2016-08-23 12:47 . 2016-07-08 15:16 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-08-25 23:28 . 2016-06-26 11:25 493608 ----a-w- c:\windows\system32\nvumdshimx.dll
2016-08-25 23:28 . 2016-06-26 11:25 408784 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2016-08-25 23:28 . 2016-06-26 11:25 181488 ----a-w- c:\windows\system32\nvinitx.dll
2016-08-25 23:28 . 2016-06-26 11:25 159352 ----a-w- c:\windows\SysWow64\nvinit.dll
2016-08-25 23:28 . 2016-06-26 11:25 3917512 ----a-w- c:\windows\system32\nvapi64.dll
2016-08-25 23:28 . 2016-06-26 11:25 3456888 ----a-w- c:\windows\SysWow64\nvapi.dll
2016-08-25 21:10 . 2016-06-26 11:34 6385720 ----a-w- c:\windows\system32\nvcpl.dll
2016-08-25 21:10 . 2016-06-26 11:34 2475064 ----a-w- c:\windows\system32\nvsvc64.dll
2016-08-25 21:10 . 2016-06-26 11:34 1764408 ----a-w- c:\windows\system32\nvsvcr.dll
2016-08-25 21:10 . 2016-06-26 11:34 1362368 ----a-w- c:\windows\system32\nvvsvc.exe
2016-08-25 21:10 . 2016-06-26 11:34 144832 ----a-w- c:\windows\SysWow64\oemdspif.dll
2016-08-25 21:10 . 2016-06-26 11:34 81856 ----a-w- c:\windows\system32\nv3dappshextr.dll
2016-08-25 21:10 . 2016-06-26 11:34 71224 ----a-w- c:\windows\system32\nvshext.dll
2016-08-25 21:10 . 2016-06-26 11:34 548408 ----a-w- c:\windows\system32\nv3dappshext.dll
2016-08-25 21:10 . 2016-06-26 11:34 393784 ----a-w- c:\windows\system32\nvmctray.dll
2016-08-22 15:18 . 2016-06-26 11:34 7320235 ----a-w- c:\windows\system32\nvcoproc.bin
2016-08-11 19:16 . 2012-08-29 09:51 147640136 -c--a-w- c:\windows\system32\MRT.exe
2016-08-02 14:54 . 2016-08-11 19:14 394440 ----a-w- c:\windows\system32\iedkcs32.dll
2016-08-02 06:54 . 2016-08-11 19:14 25808384 ----a-w- c:\windows\system32\mshtml.dll
2016-08-02 06:47 . 2016-08-11 19:14 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2016-08-02 06:47 . 2016-08-11 19:14 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2016-08-02 06:32 . 2016-08-11 19:14 66560 ----a-w- c:\windows\system32\iesetup.dll
2016-08-02 06:32 . 2016-08-11 19:14 2894336 ----a-w- c:\windows\system32\iertutil.dll
2016-08-02 06:31 . 2016-08-11 19:14 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2016-08-02 06:31 . 2016-08-11 19:14 417792 ----a-w- c:\windows\system32\html.iec
2016-08-02 06:31 . 2016-08-11 19:14 572416 ----a-w- c:\windows\system32\vbscript.dll
2016-08-02 06:31 . 2016-08-11 19:14 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2016-08-02 06:24 . 2016-08-11 19:14 54784 ----a-w- c:\windows\system32\jsproxy.dll
2016-08-02 06:23 . 2016-08-11 19:14 34304 ----a-w- c:\windows\system32\iernonce.dll
2016-08-02 06:20 . 2016-08-11 19:14 615936 ----a-w- c:\windows\system32\ieui.dll
2016-08-02 06:19 . 2016-08-11 19:14 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2016-08-02 06:19 . 2016-08-11 19:14 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2016-08-02 06:18 . 2016-08-11 19:14 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2016-08-02 06:18 . 2016-08-11 19:14 817664 ----a-w- c:\windows\system32\jscript.dll
2016-08-02 06:18 . 2016-08-11 19:14 6047744 ----a-w- c:\windows\system32\jscript9.dll
2016-08-02 06:11 . 2016-08-11 19:14 969216 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2016-08-02 06:08 . 2016-08-11 19:14 489984 ----a-w- c:\windows\system32\dxtmsft.dll
2016-08-02 06:03 . 2016-08-11 19:14 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2016-08-02 06:00 . 2016-08-11 19:14 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2016-08-02 05:59 . 2016-08-11 19:14 107520 ----a-w- c:\windows\system32\inseng.dll
2016-08-02 05:56 . 2016-08-11 19:14 199680 ----a-w- c:\windows\system32\msrating.dll
2016-08-02 05:55 . 2016-08-11 19:14 92160 ----a-w- c:\windows\system32\mshtmled.dll
2016-08-02 05:53 . 2016-08-11 19:14 315392 ----a-w- c:\windows\system32\dxtrans.dll
2016-08-02 05:51 . 2016-08-11 19:14 497664 ----a-w- c:\windows\SysWow64\vbscript.dll
2016-08-02 05:51 . 2016-08-11 19:14 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2016-08-02 05:51 . 2016-08-11 19:14 152064 ----a-w- c:\windows\system32\occache.dll
2016-08-02 05:51 . 2016-08-11 19:14 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2016-08-02 05:51 . 2016-08-11 19:14 341504 ----a-w- c:\windows\SysWow64\html.iec
2016-08-02 05:50 . 2016-08-11 19:14 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2016-08-02 05:41 . 2016-08-11 19:14 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2016-08-02 05:41 . 2016-08-11 19:14 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2016-08-02 05:40 . 2016-08-11 19:14 262144 ----a-w- c:\windows\system32\webcheck.dll
2016-08-02 05:38 . 2016-08-11 19:14 724992 ----a-w- c:\windows\system32\ie4uinit.exe
2016-08-02 05:38 . 2016-08-11 19:14 806400 ----a-w- c:\windows\system32\msfeeds.dll
2016-08-02 05:37 . 2016-08-11 19:14 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2016-08-02 05:36 . 2016-08-11 19:14 2131456 ----a-w- c:\windows\system32\inetcpl.cpl
2016-08-02 05:29 . 2016-08-11 19:14 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2016-08-02 05:28 . 2016-08-11 19:14 15412224 ----a-w- c:\windows\system32\ieframe.dll
2016-08-02 05:23 . 2016-08-11 19:14 2868224 ----a-w- c:\windows\system32\wininet.dll
2016-08-02 05:21 . 2016-08-11 19:14 4608000 ----a-w- c:\windows\SysWow64\jscript9.dll
2016-08-02 05:14 . 2016-08-11 19:14 2055680 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2016-08-02 05:14 . 2016-08-11 19:14 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2016-08-02 05:10 . 2016-08-11 19:14 1550848 ----a-w- c:\windows\system32\urlmon.dll
2016-08-02 04:59 . 2016-08-11 19:14 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2016-08-02 04:56 . 2016-08-11 19:14 2393088 ----a-w- c:\windows\SysWow64\wininet.dll
2016-07-11 02:13 . 2016-07-18 14:39 1939000 ----a-w- c:\windows\system32\nvdispco6436881.dll
2016-07-11 02:13 . 2016-07-18 14:39 1571776 ----a-w- c:\windows\system32\nvdispgenco6436881.dll
2016-07-08 15:37 . 2016-08-11 19:13 95464 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2016-07-08 15:37 . 2016-08-11 19:13 154856 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2016-07-08 15:32 . 2016-08-11 19:13 86528 ----a-w- c:\windows\system32\TSpkg.dll
2016-07-08 15:32 . 2016-08-11 19:13 210432 ----a-w- c:\windows\system32\wdigest.dll
2016-07-08 15:32 . 2016-08-11 19:13 28672 ----a-w- c:\windows\system32\sspisrv.dll
2016-07-08 15:32 . 2016-08-11 19:13 135680 ----a-w- c:\windows\system32\sspicli.dll
2016-07-08 15:32 . 2016-08-11 19:13 343552 ----a-w- c:\windows\system32\schannel.dll
2016-07-08 15:32 . 2016-08-11 19:13 1212928 ----a-w- c:\windows\system32\rpcrt4.dll
2016-07-08 15:32 . 2016-08-11 19:13 28160 ----a-w- c:\windows\system32\secur32.dll
2016-07-08 15:32 . 2016-08-11 19:13 190464 ----a-w- c:\windows\system32\rpchttp.dll
2016-07-08 15:32 . 2016-08-11 19:13 312320 ----a-w- c:\windows\system32\ncrypt.dll
2016-07-08 15:32 . 2016-08-11 19:13 316416 ----a-w- c:\windows\system32\msv1_0.dll
2016-07-08 15:32 . 2016-08-11 19:13 60416 ----a-w- c:\windows\system32\msobjs.dll
2016-07-08 15:32 . 2016-08-11 19:13 146432 ----a-w- c:\windows\system32\msaudite.dll
2016-07-08 15:32 . 2016-08-11 19:13 1464320 ----a-w- c:\windows\system32\lsasrv.dll
2016-07-08 15:32 . 2016-08-11 19:13 730624 ----a-w- c:\windows\system32\kerberos.dll
2016-07-08 15:32 . 2016-08-11 19:13 43520 ----a-w- c:\windows\system32\cryptbase.dll
2016-07-08 15:32 . 2016-08-11 19:13 22016 ----a-w- c:\windows\system32\credssp.dll
2016-07-08 15:32 . 2016-08-11 19:13 463872 ----a-w- c:\windows\system32\certcli.dll
2016-07-08 15:32 . 2016-08-11 19:13 690688 ----a-w- c:\windows\system32\adtschema.dll
2016-07-08 15:17 . 2016-08-11 19:13 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2016-07-08 15:17 . 2016-08-11 19:13 666112 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2016-07-08 15:16 . 2016-08-11 19:13 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2016-07-08 15:16 . 2016-08-11 19:13 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2016-07-08 15:16 . 2016-08-11 19:13 251392 ----a-w- c:\windows\SysWow64\schannel.dll
2016-07-08 15:16 . 2016-08-11 19:13 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2016-07-08 15:16 . 2016-08-11 19:13 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2016-07-08 15:16 . 2016-08-11 19:13 223232 ----a-w- c:\windows\SysWow64\ncrypt.dll
2016-07-08 15:16 . 2016-08-11 19:13 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2016-07-08 15:16 . 2016-08-11 19:13 260608 ----a-w- c:\windows\SysWow64\msv1_0.dll
2016-07-08 15:16 . 2016-08-11 19:13 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2016-07-08 15:16 . 2016-08-11 19:13 553472 ----a-w- c:\windows\SysWow64\kerberos.dll
2016-07-08 15:16 . 2016-08-11 19:13 17408 ----a-w- c:\windows\SysWow64\credssp.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-03-20 15:36 222920 ----a-w- c:\users\Tom\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-03-20 15:36 222920 ----a-w- c:\users\Tom\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-03-20 15:36 222920 ----a-w- c:\users\Tom\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-28 228448]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2011-5-12 1211168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Origin Client Service;Origin Client Service;e:\games\Origin\OriginClientService.exe;e:\games\Origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R3 XSplit_Dummy;XSplit Stream Audio Renderer;c:\windows\system32\drivers\xspltspk.sys;c:\windows\SYSNATIVE\drivers\xspltspk.sys [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 winioex;winioex;c:\windows\system32\drivers\winioex.sys;c:\windows\SYSNATIVE\drivers\winioex.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 ALSysIO;ALSysIO;c:\users\Tom\AppData\Local\Temp\ALSysIO64.sys;c:\users\Tom\AppData\Local\Temp\ALSysIO64.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 DelayMan;ACPI DelayMan Filter Service;c:\windows\system32\DRIVERS\delayman.sys;c:\windows\SYSNATIVE\DRIVERS\delayman.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtpt64.sys [x]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtbs64.sys [x]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvmdm64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\usbvideo.sys;c:\windows\SYSNATIVE\Drivers\usbvideo.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-09-15 13:42 1267528 ----a-w- c:\program files (x86)\Google\Chrome\Application\53.0.2785.116\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-03-20 15:36 261832 ----a-w- c:\users\Tom\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-03-20 15:36 261832 ----a-w- c:\users\Tom\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-03-20 15:36 261832 ----a-w- c:\users\Tom\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2012-05-19 11:29 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-12-11 13776088]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2012-05-19 789920]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2012-05-19 206176]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-05-19 9753024]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-05-19 5908928]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2016-06-14 2397120]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-11-07 171992]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-11-07 399832]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-11-07 442328]
"RtHDVBg_LENOVO_DOLBYDRAGON"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2014-12-11 1391472]
"RtHDVBg_LENOVO_MICPKEY"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2014-12-11 1391472]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2016-06-14 1767944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 192.168.2.2:3128
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 192.168.0.254 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1506385281-2691020431-3212168025-1001\Software\SecuROM\License information*]
"datasecu"=hex:4c,6c,01,51,11,2e,3a,1c,59,4b,da,c3,e1,8d,94,c2,b7,0e,7a,cc,b0,
51,7a,1c,74,ac,09,d0,01,54,dd,27,af,8c,c5,e7,6a,01,4f,e8,c9,a5,17,cf,6e,02,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.5.0]
@DACL=(02 0000)
"Path"="c:\\windows\\SysWOW64\\npDeployJava1.dll"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2]
@DACL=(02 0000)
"Description"="Oracle® Next Generation Java™ Plug-In"
"GeckoVersion"="1.9"
"Path"="c:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2\\npjp2.dll"
"ProductName"="Oracle® Java™ Plug-In"
"Vendor"="Oracle Corp."
"Version"="10.67.2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
@DACL=(02 0000)
"Description"="Ag Player Plugin"
"GeckoVersion"="1.7.5"
"Path"="c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.30514.0\\npctrl.dll"
"ProductName"="Ag Player"
"Vendor"="Microsoft"
"Version"="5.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
@DACL=(02 0000)
"Path"="c:\\Program Files (x86)\\Windows Live\\Photo Gallery\\NPWLPG.dll"
"Description"="WLPG Install MIME type"
"GeckoVersion"="1.0"
"ProductName"="Windows Live Photo Gallery"
"Version"="15.4.3502.0922"
"Vendor"="Microsoft"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3522.0110]
@DACL=(02 0000)
"Path"="c:\\Program Files (x86)\\Windows Live\\Photo Gallery\\NPWLPG.dll"
"Description"="WLPG Install MIME type"
"GeckoVersion"="1.0"
"ProductName"="Windows Live Photo Gallery"
"Version"="16.4.3522.0110"
"Vendor"="Microsoft"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
@DACL=(02 0000)
"Path"="c:\\Program Files (x86)\\Google\\Update\\1.3.25.5\\npGoogleUpdate3.dll"
"Description"="Google Update"
"ProductName"="Google Update"
"Vendor"="Google Inc."
"Version"="3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
@DACL=(02 0000)
"Path"="c:\\Program Files (x86)\\Google\\Update\\1.3.25.5\\npGoogleUpdate3.dll"
"Description"="Google Update"
"ProductName"="Google Update"
"Vendor"="Google Inc."
"Version"="9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
@DACL=(02 0000)
"Path"="c:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.dll"
"Version"="10.1.12"
"Vendor"="Adobe Systems Incorporated. Copyright 1994-2010 All Rights Reserved"
"ProductName"="Adobe Reader Plugin for Firefox"
"Description"="Handles PDFs in-place in Firefox"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2016-09-16 21:05:30
ComboFix-quarantined-files.txt 2016-09-16 19:05
.
Před spuštěním: Volných bajtů: 194 316 374 016
Po spuštění: Volných bajtů: 193 762 516 992
.
- - End Of File - - FB3F3322F56373539B3D4939CACE2C23
Re: Prosím o kontrolu, děkuji
Otevrete si poznamkovy blok a zkopirujte do nej tento skript
Kód: Vybrat vše
KillAll::
Regnull::
[HKEY_USERS\S-1-5-21-1506385281-2691020431-3212168025-1001\Software\SecuROM\License information*]
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.5.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3522.0110]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
Reboot::Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.
Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradkuPokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu, děkuji
ComboFix 16-09-14.01 - Tom 18.09.2016 23:25:25.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.6088.4035 [GMT 2:00]
Spuštěný z: c:\users\Tom\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Tom\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 9.0.376.1 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET NOD32 Antivirus 9.0.376.1 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-08-18 do 2016-09-18 )))))))))))))))))))))))))))))))
.
.
2016-09-14 18:37 . 2016-09-14 18:37 -------- d-----w- C:\rsit
2016-09-05 15:22 . 2016-09-18 21:08 -------- d-----w- c:\windows\SysWow64\NV
2016-09-05 15:22 . 2016-09-18 21:08 -------- d-----w- c:\windows\system32\NV
2016-09-05 15:22 . 2016-05-04 02:22 45344 ----a-w- c:\windows\system32\vulkaninfo.exe
2016-09-05 15:22 . 2016-05-04 02:22 130848 ----a-w- c:\windows\system32\vulkan-1.dll
2016-09-05 15:22 . 2016-05-04 02:22 40224 ----a-w- c:\windows\SysWow64\vulkaninfo.exe
2016-09-05 15:22 . 2016-05-04 02:23 129824 ----a-w- c:\windows\SysWow64\vulkan-1.dll
2016-08-23 12:55 . 2016-08-11 14:31 1922616 ----a-w- c:\windows\system32\nvdispco6437254.dll
2016-08-23 12:55 . 2016-08-11 14:31 1586744 ----a-w- c:\windows\system32\nvdispgenco6437254.dll
2016-08-23 12:47 . 2016-07-08 15:32 2048 ----a-w- c:\windows\system32\tzres.dll
2016-08-23 12:47 . 2016-07-08 15:16 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-08-25 23:28 . 2016-06-26 11:25 493608 ----a-w- c:\windows\system32\nvumdshimx.dll
2016-08-25 23:28 . 2016-06-26 11:25 408784 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2016-08-25 23:28 . 2016-06-26 11:25 181488 ----a-w- c:\windows\system32\nvinitx.dll
2016-08-25 23:28 . 2016-06-26 11:25 159352 ----a-w- c:\windows\SysWow64\nvinit.dll
2016-08-25 23:28 . 2016-06-26 11:25 3917512 ----a-w- c:\windows\system32\nvapi64.dll
2016-08-25 23:28 . 2016-06-26 11:25 3456888 ----a-w- c:\windows\SysWow64\nvapi.dll
2016-08-25 21:10 . 2016-06-26 11:34 6385720 ----a-w- c:\windows\system32\nvcpl.dll
2016-08-25 21:10 . 2016-06-26 11:34 2475064 ----a-w- c:\windows\system32\nvsvc64.dll
2016-08-25 21:10 . 2016-06-26 11:34 1764408 ----a-w- c:\windows\system32\nvsvcr.dll
2016-08-25 21:10 . 2016-06-26 11:34 1362368 ----a-w- c:\windows\system32\nvvsvc.exe
2016-08-25 21:10 . 2016-06-26 11:34 144832 ----a-w- c:\windows\SysWow64\oemdspif.dll
2016-08-25 21:10 . 2016-06-26 11:34 81856 ----a-w- c:\windows\system32\nv3dappshextr.dll
2016-08-25 21:10 . 2016-06-26 11:34 71224 ----a-w- c:\windows\system32\nvshext.dll
2016-08-25 21:10 . 2016-06-26 11:34 548408 ----a-w- c:\windows\system32\nv3dappshext.dll
2016-08-25 21:10 . 2016-06-26 11:34 393784 ----a-w- c:\windows\system32\nvmctray.dll
2016-08-22 15:18 . 2016-06-26 11:34 7320235 ----a-w- c:\windows\system32\nvcoproc.bin
2016-08-11 19:16 . 2012-08-29 09:51 147640136 -c--a-w- c:\windows\system32\MRT.exe
2016-08-02 14:54 . 2016-08-11 19:14 394440 ----a-w- c:\windows\system32\iedkcs32.dll
2016-08-02 06:54 . 2016-08-11 19:14 25808384 ----a-w- c:\windows\system32\mshtml.dll
2016-08-02 06:47 . 2016-08-11 19:14 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2016-08-02 06:47 . 2016-08-11 19:14 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2016-08-02 06:32 . 2016-08-11 19:14 66560 ----a-w- c:\windows\system32\iesetup.dll
2016-08-02 06:32 . 2016-08-11 19:14 2894336 ----a-w- c:\windows\system32\iertutil.dll
2016-08-02 06:31 . 2016-08-11 19:14 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2016-08-02 06:31 . 2016-08-11 19:14 417792 ----a-w- c:\windows\system32\html.iec
2016-08-02 06:31 . 2016-08-11 19:14 572416 ----a-w- c:\windows\system32\vbscript.dll
2016-08-02 06:31 . 2016-08-11 19:14 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2016-08-02 06:24 . 2016-08-11 19:14 54784 ----a-w- c:\windows\system32\jsproxy.dll
2016-08-02 06:23 . 2016-08-11 19:14 34304 ----a-w- c:\windows\system32\iernonce.dll
2016-08-02 06:20 . 2016-08-11 19:14 615936 ----a-w- c:\windows\system32\ieui.dll
2016-08-02 06:19 . 2016-08-11 19:14 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2016-08-02 06:19 . 2016-08-11 19:14 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2016-08-02 06:18 . 2016-08-11 19:14 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2016-08-02 06:18 . 2016-08-11 19:14 817664 ----a-w- c:\windows\system32\jscript.dll
2016-08-02 06:18 . 2016-08-11 19:14 6047744 ----a-w- c:\windows\system32\jscript9.dll
2016-08-02 06:11 . 2016-08-11 19:14 969216 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2016-08-02 06:08 . 2016-08-11 19:14 489984 ----a-w- c:\windows\system32\dxtmsft.dll
2016-08-02 06:03 . 2016-08-11 19:14 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2016-08-02 06:00 . 2016-08-11 19:14 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2016-08-02 05:59 . 2016-08-11 19:14 107520 ----a-w- c:\windows\system32\inseng.dll
2016-08-02 05:56 . 2016-08-11 19:14 199680 ----a-w- c:\windows\system32\msrating.dll
2016-08-02 05:55 . 2016-08-11 19:14 92160 ----a-w- c:\windows\system32\mshtmled.dll
2016-08-02 05:53 . 2016-08-11 19:14 315392 ----a-w- c:\windows\system32\dxtrans.dll
2016-08-02 05:51 . 2016-08-11 19:14 497664 ----a-w- c:\windows\SysWow64\vbscript.dll
2016-08-02 05:51 . 2016-08-11 19:14 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2016-08-02 05:51 . 2016-08-11 19:14 152064 ----a-w- c:\windows\system32\occache.dll
2016-08-02 05:51 . 2016-08-11 19:14 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2016-08-02 05:51 . 2016-08-11 19:14 341504 ----a-w- c:\windows\SysWow64\html.iec
2016-08-02 05:50 . 2016-08-11 19:14 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2016-08-02 05:41 . 2016-08-11 19:14 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2016-08-02 05:41 . 2016-08-11 19:14 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2016-08-02 05:40 . 2016-08-11 19:14 262144 ----a-w- c:\windows\system32\webcheck.dll
2016-08-02 05:38 . 2016-08-11 19:14 724992 ----a-w- c:\windows\system32\ie4uinit.exe
2016-08-02 05:38 . 2016-08-11 19:14 806400 ----a-w- c:\windows\system32\msfeeds.dll
2016-08-02 05:37 . 2016-08-11 19:14 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2016-08-02 05:36 . 2016-08-11 19:14 2131456 ----a-w- c:\windows\system32\inetcpl.cpl
2016-08-02 05:29 . 2016-08-11 19:14 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2016-08-02 05:28 . 2016-08-11 19:14 15412224 ----a-w- c:\windows\system32\ieframe.dll
2016-08-02 05:23 . 2016-08-11 19:14 2868224 ----a-w- c:\windows\system32\wininet.dll
2016-08-02 05:21 . 2016-08-11 19:14 4608000 ----a-w- c:\windows\SysWow64\jscript9.dll
2016-08-02 05:14 . 2016-08-11 19:14 2055680 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2016-08-02 05:14 . 2016-08-11 19:14 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2016-08-02 05:10 . 2016-08-11 19:14 1550848 ----a-w- c:\windows\system32\urlmon.dll
2016-08-02 04:59 . 2016-08-11 19:14 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2016-08-02 04:56 . 2016-08-11 19:14 2393088 ----a-w- c:\windows\SysWow64\wininet.dll
2016-07-11 02:13 . 2016-07-18 14:39 1939000 ----a-w- c:\windows\system32\nvdispco6436881.dll
2016-07-11 02:13 . 2016-07-18 14:39 1571776 ----a-w- c:\windows\system32\nvdispgenco6436881.dll
2016-07-08 15:37 . 2016-08-11 19:13 95464 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2016-07-08 15:37 . 2016-08-11 19:13 154856 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2016-07-08 15:32 . 2016-08-11 19:13 86528 ----a-w- c:\windows\system32\TSpkg.dll
2016-07-08 15:32 . 2016-08-11 19:13 210432 ----a-w- c:\windows\system32\wdigest.dll
2016-07-08 15:32 . 2016-08-11 19:13 28672 ----a-w- c:\windows\system32\sspisrv.dll
2016-07-08 15:32 . 2016-08-11 19:13 135680 ----a-w- c:\windows\system32\sspicli.dll
2016-07-08 15:32 . 2016-08-11 19:13 343552 ----a-w- c:\windows\system32\schannel.dll
2016-07-08 15:32 . 2016-08-11 19:13 1212928 ----a-w- c:\windows\system32\rpcrt4.dll
2016-07-08 15:32 . 2016-08-11 19:13 28160 ----a-w- c:\windows\system32\secur32.dll
2016-07-08 15:32 . 2016-08-11 19:13 190464 ----a-w- c:\windows\system32\rpchttp.dll
2016-07-08 15:32 . 2016-08-11 19:13 312320 ----a-w- c:\windows\system32\ncrypt.dll
2016-07-08 15:32 . 2016-08-11 19:13 316416 ----a-w- c:\windows\system32\msv1_0.dll
2016-07-08 15:32 . 2016-08-11 19:13 60416 ----a-w- c:\windows\system32\msobjs.dll
2016-07-08 15:32 . 2016-08-11 19:13 146432 ----a-w- c:\windows\system32\msaudite.dll
2016-07-08 15:32 . 2016-08-11 19:13 1464320 ----a-w- c:\windows\system32\lsasrv.dll
2016-07-08 15:32 . 2016-08-11 19:13 730624 ----a-w- c:\windows\system32\kerberos.dll
2016-07-08 15:32 . 2016-08-11 19:13 43520 ----a-w- c:\windows\system32\cryptbase.dll
2016-07-08 15:32 . 2016-08-11 19:13 22016 ----a-w- c:\windows\system32\credssp.dll
2016-07-08 15:32 . 2016-08-11 19:13 463872 ----a-w- c:\windows\system32\certcli.dll
2016-07-08 15:32 . 2016-08-11 19:13 690688 ----a-w- c:\windows\system32\adtschema.dll
2016-07-08 15:17 . 2016-08-11 19:13 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2016-07-08 15:17 . 2016-08-11 19:13 666112 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2016-07-08 15:16 . 2016-08-11 19:13 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2016-07-08 15:16 . 2016-08-11 19:13 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2016-07-08 15:16 . 2016-08-11 19:13 251392 ----a-w- c:\windows\SysWow64\schannel.dll
2016-07-08 15:16 . 2016-08-11 19:13 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2016-07-08 15:16 . 2016-08-11 19:13 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2016-07-08 15:16 . 2016-08-11 19:13 223232 ----a-w- c:\windows\SysWow64\ncrypt.dll
2016-07-08 15:16 . 2016-08-11 19:13 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2016-07-08 15:16 . 2016-08-11 19:13 260608 ----a-w- c:\windows\SysWow64\msv1_0.dll
2016-07-08 15:16 . 2016-08-11 19:13 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2016-07-08 15:16 . 2016-08-11 19:13 553472 ----a-w- c:\windows\SysWow64\kerberos.dll
2016-07-08 15:16 . 2016-08-11 19:13 17408 ----a-w- c:\windows\SysWow64\credssp.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-03-20 15:36 222920 ----a-w- c:\users\Tom\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-03-20 15:36 222920 ----a-w- c:\users\Tom\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-03-20 15:36 222920 ----a-w- c:\users\Tom\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-28 228448]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2011-5-12 1211168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\windows\SysWOW64\nvinit.dll c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Origin Client Service;Origin Client Service;e:\games\Origin\OriginClientService.exe;e:\games\Origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R3 XSplit_Dummy;XSplit Stream Audio Renderer;c:\windows\system32\drivers\xspltspk.sys;c:\windows\SYSNATIVE\drivers\xspltspk.sys [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 winioex;winioex;c:\windows\system32\drivers\winioex.sys;c:\windows\SYSNATIVE\drivers\winioex.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 ALSysIO;ALSysIO;c:\users\Tom\AppData\Local\Temp\ALSysIO64.sys;c:\users\Tom\AppData\Local\Temp\ALSysIO64.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 DelayMan;ACPI DelayMan Filter Service;c:\windows\system32\DRIVERS\delayman.sys;c:\windows\SYSNATIVE\DRIVERS\delayman.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtpt64.sys [x]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtbs64.sys [x]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvmdm64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\usbvideo.sys;c:\windows\SYSNATIVE\Drivers\usbvideo.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-09-15 13:42 1267528 ----a-w- c:\program files (x86)\Google\Chrome\Application\53.0.2785.116\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-03-20 15:36 261832 ----a-w- c:\users\Tom\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-03-20 15:36 261832 ----a-w- c:\users\Tom\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-03-20 15:36 261832 ----a-w- c:\users\Tom\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2012-05-19 11:29 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-12-11 13776088]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2012-05-19 789920]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2012-05-19 206176]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-05-19 9753024]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-05-19 5908928]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2016-06-14 2397120]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-11-07 171992]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-11-07 399832]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-11-07 442328]
"RtHDVBg_LENOVO_DOLBYDRAGON"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2014-12-11 1391472]
"RtHDVBg_LENOVO_MICPKEY"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2014-12-11 1391472]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2016-06-14 1767944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 192.168.2.2:3128
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 192.168.0.254 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2\MimeTypes\application/x-java-applet]
@DACL=(02 0000)
"Description"="Java™ Applet"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2\MimeTypes\application/x-java-applet;jpi-version=10.67.2]
@DACL=(02 0000)
"Description"="Java™ Applet"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2\MimeTypes\application/x-java-applet;version=1.1]
@DACL=(02 0000)
"Description"="Java™ Applet"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2\MimeTypes\application/x-java-applet;version=1.1.1]
@DACL=(02 0000)
"Description"="Java™ Applet"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2\MimeTypes\application/x-java-applet;version=1.1.2]
@DACL=(02 0000)
"Description"="Java™ Applet"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2\MimeTypes\application/x-java-applet;version=1.1.3]
@DACL=(02 0000)
"Description"="Java™ Applet"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2\MimeTypes\application/x-java-applet;version=1.2]
@DACL=(02 0000)
"Description"="Java™ Applet"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2\MimeTypes\application/x-java-applet;version=1.2.1]
@DACL=(02 0000)
"Description"="Java™ Applet"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2\MimeTypes\application/x-java-applet;version=1.3]
@DACL=(02 0000)
"Description"="Java™ Applet"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2\MimeTypes\application/x-java-applet;version=1.3.1]
@DACL=(02 0000)
"Description"="Java™ Applet"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2\MimeTypes\application/x-java-applet;version=1.4]
@DACL=(02 0000)
"Description"="Java™ Applet"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2\MimeTypes\application/x-java-applet;version=1.4.1]
@DACL=(02 0000)
"Description"="Java™ Applet"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2\MimeTypes\application/x-java-applet;version=1.4.2]
@DACL=(02 0000)
"Description"="Java™ Applet"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2\MimeTypes\application/x-java-applet;version=1.5]
@DACL=(02 0000)
"Description"="Java™ Applet"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2\MimeTypes\application/x-java-applet;version=1.6]
@DACL=(02 0000)
"Description"="Java™ Applet"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2\MimeTypes\application/x-java-applet;version=1.7]
@DACL=(02 0000)
"Description"="Java™ Applet"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2\MimeTypes\application/x-java-vm]
@DACL=(02 0000)
"Description"="Java™ Virtual Machine"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2\MimeTypes\application/x-java-vm-npruntime]
@DACL=(02 0000)
"Description"="Java™ Applet"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0\MimeTypes\application/x-silverlight]
@DACL=(02 0000)
"Description"="Ag Player Plugin(*.ag)"
"Suffixes"="ag"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0\MimeTypes\application/x-silverlight-2]
@DACL=(02 0000)
"Description"="Ag Player Plugin(*.ag)"
"Suffixes"="ag"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922\MimeTypes\application/x-wlpg-detect]
@DACL=(02 0000)
"Description"="WLPG Detect"
"Suffixes"="wlpg"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922\MimeTypes\application/x-wlpg3-detect]
@DACL=(02 0000)
"Description"="WLPG Detect"
"Suffixes"="wlpg"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3522.0110\MimeTypes\application/x-wlpg-detect]
@DACL=(02 0000)
"Description"="WLPG Detect"
"Suffixes"="wlpg"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3522.0110\MimeTypes\application/x-wlpg3-detect]
@DACL=(02 0000)
"Description"="WLPG Detect"
"Suffixes"="wlpg"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3\MimeTypes\application/x-vnd.google.update3webcontrol.3]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9\MimeTypes\application/x-vnd.google.oneclickctrl.9]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader\MimeTypes\application/pdf]
@DACL=(02 0000)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader\MimeTypes\application/vnd.adobe.xdp+xml]
@DACL=(02 0000)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader\MimeTypes\application/vnd.adobe.xfd+xml]
@DACL=(02 0000)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader\MimeTypes\application/vnd.adobe.xfdf]
@DACL=(02 0000)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader\MimeTypes\application/vnd.fdf]
@DACL=(02 0000)
@=""
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
**************************************************************************
.
Celkový čas: 2016-09-19 00:09:05 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-09-18 22:08
ComboFix2.txt 2016-09-16 19:05
.
Před spuštěním: Volných bajtů: 193 104 146 432
Po spuštění: Volných bajtů: 192 652 394 496
.
- - End Of File - - DA248B25F15D1A18C2BFC91AE5A81EE5
i po restartu stále na poloviční výkon bezdůvodně...
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.6088.4035 [GMT 2:00]
Spuštěný z: c:\users\Tom\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Tom\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 9.0.376.1 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET NOD32 Antivirus 9.0.376.1 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-08-18 do 2016-09-18 )))))))))))))))))))))))))))))))
.
.
2016-09-14 18:37 . 2016-09-14 18:37 -------- d-----w- C:\rsit
2016-09-05 15:22 . 2016-09-18 21:08 -------- d-----w- c:\windows\SysWow64\NV
2016-09-05 15:22 . 2016-09-18 21:08 -------- d-----w- c:\windows\system32\NV
2016-09-05 15:22 . 2016-05-04 02:22 45344 ----a-w- c:\windows\system32\vulkaninfo.exe
2016-09-05 15:22 . 2016-05-04 02:22 130848 ----a-w- c:\windows\system32\vulkan-1.dll
2016-09-05 15:22 . 2016-05-04 02:22 40224 ----a-w- c:\windows\SysWow64\vulkaninfo.exe
2016-09-05 15:22 . 2016-05-04 02:23 129824 ----a-w- c:\windows\SysWow64\vulkan-1.dll
2016-08-23 12:55 . 2016-08-11 14:31 1922616 ----a-w- c:\windows\system32\nvdispco6437254.dll
2016-08-23 12:55 . 2016-08-11 14:31 1586744 ----a-w- c:\windows\system32\nvdispgenco6437254.dll
2016-08-23 12:47 . 2016-07-08 15:32 2048 ----a-w- c:\windows\system32\tzres.dll
2016-08-23 12:47 . 2016-07-08 15:16 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-08-25 23:28 . 2016-06-26 11:25 493608 ----a-w- c:\windows\system32\nvumdshimx.dll
2016-08-25 23:28 . 2016-06-26 11:25 408784 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2016-08-25 23:28 . 2016-06-26 11:25 181488 ----a-w- c:\windows\system32\nvinitx.dll
2016-08-25 23:28 . 2016-06-26 11:25 159352 ----a-w- c:\windows\SysWow64\nvinit.dll
2016-08-25 23:28 . 2016-06-26 11:25 3917512 ----a-w- c:\windows\system32\nvapi64.dll
2016-08-25 23:28 . 2016-06-26 11:25 3456888 ----a-w- c:\windows\SysWow64\nvapi.dll
2016-08-25 21:10 . 2016-06-26 11:34 6385720 ----a-w- c:\windows\system32\nvcpl.dll
2016-08-25 21:10 . 2016-06-26 11:34 2475064 ----a-w- c:\windows\system32\nvsvc64.dll
2016-08-25 21:10 . 2016-06-26 11:34 1764408 ----a-w- c:\windows\system32\nvsvcr.dll
2016-08-25 21:10 . 2016-06-26 11:34 1362368 ----a-w- c:\windows\system32\nvvsvc.exe
2016-08-25 21:10 . 2016-06-26 11:34 144832 ----a-w- c:\windows\SysWow64\oemdspif.dll
2016-08-25 21:10 . 2016-06-26 11:34 81856 ----a-w- c:\windows\system32\nv3dappshextr.dll
2016-08-25 21:10 . 2016-06-26 11:34 71224 ----a-w- c:\windows\system32\nvshext.dll
2016-08-25 21:10 . 2016-06-26 11:34 548408 ----a-w- c:\windows\system32\nv3dappshext.dll
2016-08-25 21:10 . 2016-06-26 11:34 393784 ----a-w- c:\windows\system32\nvmctray.dll
2016-08-22 15:18 . 2016-06-26 11:34 7320235 ----a-w- c:\windows\system32\nvcoproc.bin
2016-08-11 19:16 . 2012-08-29 09:51 147640136 -c--a-w- c:\windows\system32\MRT.exe
2016-08-02 14:54 . 2016-08-11 19:14 394440 ----a-w- c:\windows\system32\iedkcs32.dll
2016-08-02 06:54 . 2016-08-11 19:14 25808384 ----a-w- c:\windows\system32\mshtml.dll
2016-08-02 06:47 . 2016-08-11 19:14 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2016-08-02 06:47 . 2016-08-11 19:14 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2016-08-02 06:32 . 2016-08-11 19:14 66560 ----a-w- c:\windows\system32\iesetup.dll
2016-08-02 06:32 . 2016-08-11 19:14 2894336 ----a-w- c:\windows\system32\iertutil.dll
2016-08-02 06:31 . 2016-08-11 19:14 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2016-08-02 06:31 . 2016-08-11 19:14 417792 ----a-w- c:\windows\system32\html.iec
2016-08-02 06:31 . 2016-08-11 19:14 572416 ----a-w- c:\windows\system32\vbscript.dll
2016-08-02 06:31 . 2016-08-11 19:14 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2016-08-02 06:24 . 2016-08-11 19:14 54784 ----a-w- c:\windows\system32\jsproxy.dll
2016-08-02 06:23 . 2016-08-11 19:14 34304 ----a-w- c:\windows\system32\iernonce.dll
2016-08-02 06:20 . 2016-08-11 19:14 615936 ----a-w- c:\windows\system32\ieui.dll
2016-08-02 06:19 . 2016-08-11 19:14 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2016-08-02 06:19 . 2016-08-11 19:14 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2016-08-02 06:18 . 2016-08-11 19:14 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2016-08-02 06:18 . 2016-08-11 19:14 817664 ----a-w- c:\windows\system32\jscript.dll
2016-08-02 06:18 . 2016-08-11 19:14 6047744 ----a-w- c:\windows\system32\jscript9.dll
2016-08-02 06:11 . 2016-08-11 19:14 969216 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2016-08-02 06:08 . 2016-08-11 19:14 489984 ----a-w- c:\windows\system32\dxtmsft.dll
2016-08-02 06:03 . 2016-08-11 19:14 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2016-08-02 06:00 . 2016-08-11 19:14 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2016-08-02 05:59 . 2016-08-11 19:14 107520 ----a-w- c:\windows\system32\inseng.dll
2016-08-02 05:56 . 2016-08-11 19:14 199680 ----a-w- c:\windows\system32\msrating.dll
2016-08-02 05:55 . 2016-08-11 19:14 92160 ----a-w- c:\windows\system32\mshtmled.dll
2016-08-02 05:53 . 2016-08-11 19:14 315392 ----a-w- c:\windows\system32\dxtrans.dll
2016-08-02 05:51 . 2016-08-11 19:14 497664 ----a-w- c:\windows\SysWow64\vbscript.dll
2016-08-02 05:51 . 2016-08-11 19:14 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2016-08-02 05:51 . 2016-08-11 19:14 152064 ----a-w- c:\windows\system32\occache.dll
2016-08-02 05:51 . 2016-08-11 19:14 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2016-08-02 05:51 . 2016-08-11 19:14 341504 ----a-w- c:\windows\SysWow64\html.iec
2016-08-02 05:50 . 2016-08-11 19:14 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2016-08-02 05:41 . 2016-08-11 19:14 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2016-08-02 05:41 . 2016-08-11 19:14 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2016-08-02 05:40 . 2016-08-11 19:14 262144 ----a-w- c:\windows\system32\webcheck.dll
2016-08-02 05:38 . 2016-08-11 19:14 724992 ----a-w- c:\windows\system32\ie4uinit.exe
2016-08-02 05:38 . 2016-08-11 19:14 806400 ----a-w- c:\windows\system32\msfeeds.dll
2016-08-02 05:37 . 2016-08-11 19:14 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2016-08-02 05:36 . 2016-08-11 19:14 2131456 ----a-w- c:\windows\system32\inetcpl.cpl
2016-08-02 05:29 . 2016-08-11 19:14 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2016-08-02 05:28 . 2016-08-11 19:14 15412224 ----a-w- c:\windows\system32\ieframe.dll
2016-08-02 05:23 . 2016-08-11 19:14 2868224 ----a-w- c:\windows\system32\wininet.dll
2016-08-02 05:21 . 2016-08-11 19:14 4608000 ----a-w- c:\windows\SysWow64\jscript9.dll
2016-08-02 05:14 . 2016-08-11 19:14 2055680 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2016-08-02 05:14 . 2016-08-11 19:14 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2016-08-02 05:10 . 2016-08-11 19:14 1550848 ----a-w- c:\windows\system32\urlmon.dll
2016-08-02 04:59 . 2016-08-11 19:14 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2016-08-02 04:56 . 2016-08-11 19:14 2393088 ----a-w- c:\windows\SysWow64\wininet.dll
2016-07-11 02:13 . 2016-07-18 14:39 1939000 ----a-w- c:\windows\system32\nvdispco6436881.dll
2016-07-11 02:13 . 2016-07-18 14:39 1571776 ----a-w- c:\windows\system32\nvdispgenco6436881.dll
2016-07-08 15:37 . 2016-08-11 19:13 95464 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2016-07-08 15:37 . 2016-08-11 19:13 154856 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2016-07-08 15:32 . 2016-08-11 19:13 86528 ----a-w- c:\windows\system32\TSpkg.dll
2016-07-08 15:32 . 2016-08-11 19:13 210432 ----a-w- c:\windows\system32\wdigest.dll
2016-07-08 15:32 . 2016-08-11 19:13 28672 ----a-w- c:\windows\system32\sspisrv.dll
2016-07-08 15:32 . 2016-08-11 19:13 135680 ----a-w- c:\windows\system32\sspicli.dll
2016-07-08 15:32 . 2016-08-11 19:13 343552 ----a-w- c:\windows\system32\schannel.dll
2016-07-08 15:32 . 2016-08-11 19:13 1212928 ----a-w- c:\windows\system32\rpcrt4.dll
2016-07-08 15:32 . 2016-08-11 19:13 28160 ----a-w- c:\windows\system32\secur32.dll
2016-07-08 15:32 . 2016-08-11 19:13 190464 ----a-w- c:\windows\system32\rpchttp.dll
2016-07-08 15:32 . 2016-08-11 19:13 312320 ----a-w- c:\windows\system32\ncrypt.dll
2016-07-08 15:32 . 2016-08-11 19:13 316416 ----a-w- c:\windows\system32\msv1_0.dll
2016-07-08 15:32 . 2016-08-11 19:13 60416 ----a-w- c:\windows\system32\msobjs.dll
2016-07-08 15:32 . 2016-08-11 19:13 146432 ----a-w- c:\windows\system32\msaudite.dll
2016-07-08 15:32 . 2016-08-11 19:13 1464320 ----a-w- c:\windows\system32\lsasrv.dll
2016-07-08 15:32 . 2016-08-11 19:13 730624 ----a-w- c:\windows\system32\kerberos.dll
2016-07-08 15:32 . 2016-08-11 19:13 43520 ----a-w- c:\windows\system32\cryptbase.dll
2016-07-08 15:32 . 2016-08-11 19:13 22016 ----a-w- c:\windows\system32\credssp.dll
2016-07-08 15:32 . 2016-08-11 19:13 463872 ----a-w- c:\windows\system32\certcli.dll
2016-07-08 15:32 . 2016-08-11 19:13 690688 ----a-w- c:\windows\system32\adtschema.dll
2016-07-08 15:17 . 2016-08-11 19:13 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2016-07-08 15:17 . 2016-08-11 19:13 666112 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2016-07-08 15:16 . 2016-08-11 19:13 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2016-07-08 15:16 . 2016-08-11 19:13 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2016-07-08 15:16 . 2016-08-11 19:13 251392 ----a-w- c:\windows\SysWow64\schannel.dll
2016-07-08 15:16 . 2016-08-11 19:13 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2016-07-08 15:16 . 2016-08-11 19:13 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2016-07-08 15:16 . 2016-08-11 19:13 223232 ----a-w- c:\windows\SysWow64\ncrypt.dll
2016-07-08 15:16 . 2016-08-11 19:13 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2016-07-08 15:16 . 2016-08-11 19:13 260608 ----a-w- c:\windows\SysWow64\msv1_0.dll
2016-07-08 15:16 . 2016-08-11 19:13 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2016-07-08 15:16 . 2016-08-11 19:13 553472 ----a-w- c:\windows\SysWow64\kerberos.dll
2016-07-08 15:16 . 2016-08-11 19:13 17408 ----a-w- c:\windows\SysWow64\credssp.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-03-20 15:36 222920 ----a-w- c:\users\Tom\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-03-20 15:36 222920 ----a-w- c:\users\Tom\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-03-20 15:36 222920 ----a-w- c:\users\Tom\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-28 228448]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2011-5-12 1211168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\windows\SysWOW64\nvinit.dll c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Origin Client Service;Origin Client Service;e:\games\Origin\OriginClientService.exe;e:\games\Origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R3 XSplit_Dummy;XSplit Stream Audio Renderer;c:\windows\system32\drivers\xspltspk.sys;c:\windows\SYSNATIVE\drivers\xspltspk.sys [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 winioex;winioex;c:\windows\system32\drivers\winioex.sys;c:\windows\SYSNATIVE\drivers\winioex.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 ALSysIO;ALSysIO;c:\users\Tom\AppData\Local\Temp\ALSysIO64.sys;c:\users\Tom\AppData\Local\Temp\ALSysIO64.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 DelayMan;ACPI DelayMan Filter Service;c:\windows\system32\DRIVERS\delayman.sys;c:\windows\SYSNATIVE\DRIVERS\delayman.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtpt64.sys [x]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtbs64.sys [x]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvmdm64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\usbvideo.sys;c:\windows\SYSNATIVE\Drivers\usbvideo.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-09-15 13:42 1267528 ----a-w- c:\program files (x86)\Google\Chrome\Application\53.0.2785.116\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-03-20 15:36 261832 ----a-w- c:\users\Tom\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-03-20 15:36 261832 ----a-w- c:\users\Tom\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-03-20 15:36 261832 ----a-w- c:\users\Tom\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2012-05-19 11:29 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-12-11 13776088]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2012-05-19 789920]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2012-05-19 206176]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-05-19 9753024]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-05-19 5908928]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2016-06-14 2397120]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-11-07 171992]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-11-07 399832]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-11-07 442328]
"RtHDVBg_LENOVO_DOLBYDRAGON"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2014-12-11 1391472]
"RtHDVBg_LENOVO_MICPKEY"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2014-12-11 1391472]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2016-06-14 1767944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 192.168.2.2:3128
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 192.168.0.254 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2\MimeTypes\application/x-java-applet]
@DACL=(02 0000)
"Description"="Java™ Applet"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2\MimeTypes\application/x-java-applet;jpi-version=10.67.2]
@DACL=(02 0000)
"Description"="Java™ Applet"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2\MimeTypes\application/x-java-applet;version=1.1]
@DACL=(02 0000)
"Description"="Java™ Applet"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2\MimeTypes\application/x-java-applet;version=1.1.1]
@DACL=(02 0000)
"Description"="Java™ Applet"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2\MimeTypes\application/x-java-applet;version=1.1.2]
@DACL=(02 0000)
"Description"="Java™ Applet"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2\MimeTypes\application/x-java-applet;version=1.1.3]
@DACL=(02 0000)
"Description"="Java™ Applet"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2\MimeTypes\application/x-java-applet;version=1.2]
@DACL=(02 0000)
"Description"="Java™ Applet"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2\MimeTypes\application/x-java-applet;version=1.2.1]
@DACL=(02 0000)
"Description"="Java™ Applet"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2\MimeTypes\application/x-java-applet;version=1.3]
@DACL=(02 0000)
"Description"="Java™ Applet"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2\MimeTypes\application/x-java-applet;version=1.3.1]
@DACL=(02 0000)
"Description"="Java™ Applet"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2\MimeTypes\application/x-java-applet;version=1.4]
@DACL=(02 0000)
"Description"="Java™ Applet"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2\MimeTypes\application/x-java-applet;version=1.4.1]
@DACL=(02 0000)
"Description"="Java™ Applet"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2\MimeTypes\application/x-java-applet;version=1.4.2]
@DACL=(02 0000)
"Description"="Java™ Applet"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2\MimeTypes\application/x-java-applet;version=1.5]
@DACL=(02 0000)
"Description"="Java™ Applet"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2\MimeTypes\application/x-java-applet;version=1.6]
@DACL=(02 0000)
"Description"="Java™ Applet"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2\MimeTypes\application/x-java-applet;version=1.7]
@DACL=(02 0000)
"Description"="Java™ Applet"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2\MimeTypes\application/x-java-vm]
@DACL=(02 0000)
"Description"="Java™ Virtual Machine"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2\MimeTypes\application/x-java-vm-npruntime]
@DACL=(02 0000)
"Description"="Java™ Applet"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0\MimeTypes\application/x-silverlight]
@DACL=(02 0000)
"Description"="Ag Player Plugin(*.ag)"
"Suffixes"="ag"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0\MimeTypes\application/x-silverlight-2]
@DACL=(02 0000)
"Description"="Ag Player Plugin(*.ag)"
"Suffixes"="ag"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922\MimeTypes\application/x-wlpg-detect]
@DACL=(02 0000)
"Description"="WLPG Detect"
"Suffixes"="wlpg"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922\MimeTypes\application/x-wlpg3-detect]
@DACL=(02 0000)
"Description"="WLPG Detect"
"Suffixes"="wlpg"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3522.0110\MimeTypes\application/x-wlpg-detect]
@DACL=(02 0000)
"Description"="WLPG Detect"
"Suffixes"="wlpg"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3522.0110\MimeTypes\application/x-wlpg3-detect]
@DACL=(02 0000)
"Description"="WLPG Detect"
"Suffixes"="wlpg"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3\MimeTypes\application/x-vnd.google.update3webcontrol.3]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9\MimeTypes\application/x-vnd.google.oneclickctrl.9]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader\MimeTypes\application/pdf]
@DACL=(02 0000)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader\MimeTypes\application/vnd.adobe.xdp+xml]
@DACL=(02 0000)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader\MimeTypes\application/vnd.adobe.xfd+xml]
@DACL=(02 0000)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader\MimeTypes\application/vnd.adobe.xfdf]
@DACL=(02 0000)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader\MimeTypes\application/vnd.fdf]
@DACL=(02 0000)
@=""
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
**************************************************************************
.
Celkový čas: 2016-09-19 00:09:05 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-09-18 22:08
ComboFix2.txt 2016-09-16 19:05
.
Před spuštěním: Volných bajtů: 193 104 146 432
Po spuštění: Volných bajtů: 192 652 394 496
.
- - End Of File - - DA248B25F15D1A18C2BFC91AE5A81EE5
i po restartu stále na poloviční výkon bezdůvodně...
Re: Prosím o kontrolu, děkuji
Co presne to znamena? Jak polovicni vykon? Cim podrobneji to popisete, tim lepe.tomik258 píše:i po restartu stále na poloviční výkon bezdůvodně...
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu, děkuji
Už bylo hodně pozdě večer, moje formulace stojí za prd uznávám. Více méně je to stále stejné, jak jsem popisoval výše. Při standartním zatížení mi hučí větrák jako bych měl zapnutou náročnou aplikaci nebo hru. Jediné co jsem zpozoroval "navíc" je skutečnost, že mi asi 2x nebo 3x za tu dobu vyskočil exproler.exe, zmizela mi spodní lišta, probliky ikonky na ploše (poté co jsem zminimalizoval chrome) po okamžiku se zase sám spustil. 
Jinak teda zátež okolo 30% na procesoru.
Jinak mám subjektivní pocit, že celkové reakce počíteče jsou o něco pomalejší, ale opravdu jen o kousek, pozoruji jenom v programu chrome, nic jiného v podstatě momentálně nepoužívám. Můžu zkusit pustit nějakou náročnější hru, jak budu mít chvíli čas. Říkal jsem si jestli na to nemá vliv jen a pouze chrome, ale "zátež" se v podstatě spustí nějakým způsobem sama. Zkoušel jsem zapnout NTB, nechat ležet tak jak byl, a prostě se to samo rozjede... přitom v procesech není vůbec vůbec nic co by ukazovalo na nějaké větši zatížení. S bližším popisem problému už asi nepomužu, ale cokoliv chcete vyscreenuju...
Jinak teda zátež okolo 30% na procesoru. Jinak mám subjektivní pocit, že celkové reakce počíteče jsou o něco pomalejší, ale opravdu jen o kousek, pozoruji jenom v programu chrome, nic jiného v podstatě momentálně nepoužívám. Můžu zkusit pustit nějakou náročnější hru, jak budu mít chvíli čas. Říkal jsem si jestli na to nemá vliv jen a pouze chrome, ale "zátež" se v podstatě spustí nějakým způsobem sama. Zkoušel jsem zapnout NTB, nechat ležet tak jak byl, a prostě se to samo rozjede... přitom v procesech není vůbec vůbec nic co by ukazovalo na nějaké větši zatížení. S bližším popisem problému už asi nepomužu, ale cokoliv chcete vyscreenuju...
Re: Prosím o kontrolu, děkuji
Zkuste chvili pouzivat jiny prohlizec a vyzkousejte, jestli se ta zatez projevi i v nouzovem rezimu.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu, děkuji
Ta "zátež" se na procesoru objeví bez jakýkoliv vlivů do 3-5ti minut po zamnutí počítače. Zcela nezávisle na tom, zda se nějaký program cíleně spustí (programy s automatickým startem nepočítám). Provoz v nouzáku zkusím.
Vyskakuje mi už nějakou dobu (cca 4 měsíce, možná dýl) aktualizace Adobe Readeru, která vždy při instalaci "selže" díky chybnému klíči. Nevím zda to může mít vliv, vzhledem k tomu, že tyhle problémy začaly nedávno, nevidím spojitost. Ale pro jistotu jsem uvedl, člověk neví jaká blbost může pomoct. Přidávám i screenshot chyby.
Vyskakuje mi už nějakou dobu (cca 4 měsíce, možná dýl) aktualizace Adobe Readeru, která vždy při instalaci "selže" díky chybnému klíči. Nevím zda to může mít vliv, vzhledem k tomu, že tyhle problémy začaly nedávno, nevidím spojitost. Ale pro jistotu jsem uvedl, člověk neví jaká blbost může pomoct. Přidávám i screenshot chyby.
- adobe_update.jpg (46.28 KiB) Zobrazeno 2605 x
Re: Prosím o kontrolu, děkuji
Ahoj, teď jedu už asi 30 minut v nouzovém režimu se sítí, mám spuštěný skype + chrome s několika záložkama, zátež procesoru se pohybuje mezi 4-11%, někdy vyskočí na cca 15%. Vetrák tichý, teplotu nevím jak odsledovat, používám program, který se v nouzáku nespustí, je zakázaný ovladač.
EDIT: Hodina a PC v naprostém klidu...
EDIT: Hodina a PC v naprostém klidu...
- zatez_1.png (45.48 KiB) Zobrazeno 2600 x
Re: Prosím o kontrolu, děkuji
Co se toho Adobe tyka, kompletne ho odinstalujte, treba pomoci CCleaneru, pripadne Revo Uninstalleru, pak procistete CCleanerem registry, restartujte pc a zkuste znovu nainstalovat.
No a tu zatez muze zpusobovat i nejaka legitimni aplikace, ktera v nouzaku nejede, jelikoz havet v zadnem logu videt neni. Ovsem tezko rict ktera. Je to stale stejne? Nekdy po najeti do nouzaku nektery problem sam zmizi
No a tu zatez muze zpusobovat i nejaka legitimni aplikace, ktera v nouzaku nejede, jelikoz havet v zadnem logu videt neni. Ovsem tezko rict ktera. Je to stale stejne? Nekdy po najeti do nouzaku nektery problem sam zmizi
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu, děkuji
Zátěž je stále, po nouzáku není změna... 
Je to už docela otravné... snad si nechám zpátky nacpat nějakou tu havěť... Ani kolegové by si nevěděli rady? Problém přece vznikl při "čištění", předtím se neobjevoval.... :-/
A Adobe je jako bláznivá expřítelkyně, nechce zmizet z mého života....
Je to už docela otravné... snad si nechám zpátky nacpat nějakou tu havěť... Ani kolegové by si nevěděli rady? Problém přece vznikl při "čištění", předtím se neobjevoval.... :-/A Adobe je jako bláznivá expřítelkyně, nechce zmizet z mého života....
- adobe_reader.png (82.27 KiB) Zobrazeno 2595 x
Re: Prosím o kontrolu, děkuji
Tak pouzijte bod obnovy k datu, kdy to nedelalo, tedy pred cistenim.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu, děkuji
Nejstarší bod obnovy byl 11.9., kdy jsem dělal FRST log. Obnovil jsem tedy do tohoto datumu, problém přetrvává. Tak jsem to hodil zpátky do 23.9. a chvíli to vypadalo, že se to zlepšilo, nicméně jsem zase na 36% zatížení. Už jsem zoufalý....
Přispějete na provoz fóra?