Re: VBS Duhini - jak se dá odstranit ?
Napsal: 18 led 2015 21:55
V PC může být něco, co ty šmejdy tahá. Na to ale potřebuji vidět log ComboFix.
Dobře, Log sem dám v pátek
Něco asi je přitahovat musí
VIRY.CZ
Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/
VBS Duhini - jak se dá odstranit ?
Stránka 3 z 4
Re: VBS Duhini - jak se dá odstranit ?
Napsal: 18 led 2015 22:36
Re: VBS Duhini - jak se dá odstranit ?
Napsal: 19 led 2015 14:46
Mohu se ještě zeptat, co mi ten fixlog opravil za chyby ? Nebo jak mi odstranil toho vira ?
Re: VBS Duhini - jak se dá odstranit ?
Napsal: 19 led 2015 18:39
Pomocí fixlog byl odstraněn 1skriptový vir, 1troják a řada zbytečností.
Re: VBS Duhini - jak se dá odstranit ?
Napsal: 19 led 2015 20:30
A je možné aby tyto viry které jsem tam odstranil zůstaly v počítači o po naformátování disku a nainstalování nového systému ?
Re: VBS Duhini - jak se dá odstranit ?
Napsal: 19 led 2015 20:58
Tyto ne.
Re: VBS Duhini - jak se dá odstranit ?
Napsal: 19 led 2015 21:02
Tak to jsme docela rád.
A kdyby nějaký vir přežil naformátování disku, tak jak jinak se dá trvale odstranit ?
Šlo by ho třeba odstranit z nějakého linuxu ?
A kdyby nějaký vir přežil naformátování disku, tak jak jinak se dá trvale odstranit ?
Šlo by ho třeba odstranit z nějakého linuxu ?
Re: VBS Duhini - jak se dá odstranit ?
Napsal: 19 led 2015 21:14
Existují viry, které napadají bootsektor disku. Takového viru se zbavíte shozením dané diskové partition před jeho formátováním. Tyto viry ale nejsou ten případ.
Re: VBS Duhini - jak se dá odstranit ?
Napsal: 20 led 2015 05:58
Dobre, a jak by se dal shodit ten diskovy partition ? Neposkodi to ten disk ? Ptam se jen pro pripad kdybych to nekdy potreboval.
Re: VBS Duhini - jak se dá odstranit ?
Napsal: 20 led 2015 17:45
Při nové instalaci vám instalátor při úpravě disku nabídne buď formátování partition, nebo odstranění partition. Zvolíte druhou možnost. Poodstranění partiton znovu vytvoříte a následně zformátujete.
Re: VBS Duhini - jak se dá odstranit ?
Napsal: 20 led 2015 18:26
Děkuji, toto dělám většinou
Při instalaci Systemu odstraním všechny oddíly včetně toho skrytého oddílu který využívá system a znova vytvořím všechny oddíly které následně naformátuji.
a je nějak možné aby na takhle čistý operační system se z internetu natáhl nějaký vir... v mém případě ty dva viry co jsem tam měl ?
Při instalaci Systemu odstraním všechny oddíly včetně toho skrytého oddílu který využívá system a znova vytvořím všechny oddíly které následně naformátuji.
a je nějak možné aby na takhle čistý operační system se z internetu natáhl nějaký vir... v mém případě ty dva viry co jsem tam měl ?
Re: VBS Duhini - jak se dá odstranit ?
Napsal: 20 led 2015 19:29
Pokud máte aktuální a správně nakonfigurovaný AV a při surfování se chováte obezřetně, pak ne. Vaše původní otázky zněla, zda tam mohu zůstat i po formatu (nemohou).
Re: VBS Duhini - jak se dá odstranit ?
Napsal: 23 led 2015 15:30
Zdravím, udělal dávám jsem Log z Combofixu,
Log Jsem udělal na ntb kde mi norton pořád hlásí útoky z netu
a jináč změna routeru nepomohla...
ComboFix 15-01-22.02 - Black 23.01.2015 15:19:03.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8072.5780 [GMT 1:00]
Spuštěný z: c:\users\Black\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton 360 *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton 360 *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Black\AppData\Local\Temp\_MEI49762\_ctypes.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\_elementtree.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\_hashlib.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\_multiprocessing.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\_socket.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\_ssl.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\hashobjs_ext.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\pyexpat.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\pysqlite2._sqlite.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\python27.dll
c:\users\Black\AppData\Local\Temp\_MEI49762\pythoncom27.dll
c:\users\Black\AppData\Local\Temp\_MEI49762\PyWinTypes27.dll
c:\users\Black\AppData\Local\Temp\_MEI49762\select.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\unicodedata.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\win32api.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\win32com.shell.shell.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\win32crypt.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\win32event.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\win32file.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\win32gui.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\win32inet.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\win32pdh.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\win32pipe.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\win32process.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\win32profile.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\win32security.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\win32ts.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\windows._lib_cacheinvalidation.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\wx._animate.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\wx._controls_.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\wx._core_.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\wx._gdi_.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\wx._html2.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\wx._misc_.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\wx._windows_.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\wx._wizard.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\wxbase294u_net_vc90.dll
c:\users\Black\AppData\Local\Temp\_MEI49762\wxbase294u_vc90.dll
c:\users\Black\AppData\Local\Temp\_MEI49762\wxmsw294u_adv_vc90.dll
c:\users\Black\AppData\Local\Temp\_MEI49762\wxmsw294u_core_vc90.dll
c:\users\Black\AppData\Local\Temp\_MEI49762\wxmsw294u_html_vc90.dll
c:\users\Black\AppData\Local\Temp\_MEI49762\wxmsw294u_webview_vc90.dll
c:\users\Black\Documents\JulyWeather.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-12-23 do 2015-01-23 )))))))))))))))))))))))))))))))
.
.
2015-01-23 14:22 . 2015-01-23 14:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-01-17 16:01 . 2015-01-17 16:01 -------- d-----w- c:\users\Black\AppData\Roaming\MPC-HC
2015-01-17 16:00 . 2014-12-02 14:10 260184 ----a-w- c:\windows\system32\unrar64.dll
2015-01-17 16:00 . 2015-01-17 16:00 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2015-01-17 15:43 . 2015-01-17 15:43 -------- d-----w- c:\programdata\SMR430
2015-01-16 19:17 . 2015-01-16 19:17 359128 ----a-w- c:\windows\system32\drivers\RtsPStor.sys
2015-01-11 10:20 . 2015-01-10 11:45 149024 ----a-w- c:\users\Black\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\driver_booster_setup.vbs
2015-01-10 16:25 . 2015-01-10 16:25 10604648 ----a-w- c:\windows\SysWow64\driver_booster_setup.exe
2015-01-10 09:21 . 2015-01-10 09:21 -------- d-----w- c:\programdata\Raxco
2015-01-10 09:21 . 2015-01-10 09:21 -------- d-----w- c:\program files\Raxco
2015-01-10 09:21 . 2015-01-10 09:21 -------- d-----w- c:\program files\Common Files\Raxco
2015-01-10 09:20 . 2015-01-10 09:20 -------- d-----w- c:\program files (x86)\Raxco
2015-01-10 09:14 . 2015-01-10 09:14 -------- d-----w- c:\programdata\GlarySoft
2015-01-10 08:40 . 2015-01-10 08:40 20160 ----a-w- c:\windows\system32\drivers\GUBootStartup.sys
2015-01-10 08:40 . 2015-01-10 08:40 -------- d-----w- c:\users\Black\AppData\Roaming\GlarySoft
2015-01-10 08:40 . 2015-01-23 14:06 -------- d-----w- c:\program files (x86)\Glary Utilities 5
2015-01-10 08:30 . 2015-01-10 08:30 4044800 ----a-w- c:\windows\system32\drivers\athrx.sys
2015-01-02 18:03 . 2015-01-02 18:03 12288 ----a-w- c:\windows\SysWow64\sbunattend.exe
2015-01-02 17:52 . 2015-01-02 17:52 12288 ----a-w- c:\windows\system32\sbunattend.exe
2015-01-02 17:50 . 2015-01-02 17:50 63088 ----a-w- c:\windows\system32\vsocklib.dll
2015-01-02 17:50 . 2015-01-02 17:50 50800 ----a-w- c:\windows\system32\vmhgfs.dll
2015-01-02 17:50 . 2015-01-02 17:50 34416 ----a-w- c:\windows\system32\vmGuestLibJava.dll
2014-12-26 13:16 . 2015-01-18 13:47 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-12-25 13:53 . 2014-10-16 09:27 27424 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2014-12-25 12:34 . 2014-12-25 12:34 -------- d-----w- c:\users\Black\AppData\Local\SKIDROW
2014-12-25 11:56 . 2014-12-25 11:56 -------- d-----w- c:\program files (x86)\Microsoft ASP.NET
2014-12-25 11:55 . 2014-12-25 11:55 -------- d-----w- c:\users\Black\AppData\Local\NVIDIA Corporation
2014-12-25 11:54 . 2014-12-25 11:55 -------- d-----w- c:\users\Black\AppData\Local\NVIDIA
2014-12-25 11:53 . 2014-12-25 11:53 -------- d-----w- c:\windows\SysWow64\NV
2014-12-25 11:53 . 2014-12-25 11:53 -------- d-----w- c:\windows\system32\NV
2014-12-25 11:45 . 2014-12-13 10:08 994384 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-12-24 16:56 . 2014-12-24 16:56 53360 ----a-w- c:\windows\system32\vmGuestLib.dll
2014-12-24 16:26 . 2014-12-24 16:26 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2014-12-24 15:59 . 2014-12-24 15:59 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2014-12-24 15:59 . 2014-12-24 15:59 -------- d-----w- c:\program files\Common Files\Symantec Shared
2014-12-24 15:58 . 2014-12-24 16:21 -------- d-----w- c:\windows\system32\drivers\N360x64
2014-12-24 15:58 . 2014-12-24 15:58 -------- d-----w- c:\program files (x86)\Norton 360
2014-12-24 15:58 . 2014-12-24 15:59 -------- d-----w- c:\programdata\Norton
2014-12-24 15:58 . 2014-12-24 15:58 -------- d-----w- c:\program files (x86)\NortonInstaller
2014-12-24 15:50 . 2010-11-21 03:24 962048 ----a-w- c:\windows\system32\bootrs2.dll
2014-12-24 15:50 . 2010-11-21 03:24 2217856 ----a-w- c:\windows\system32\bootrs2~1.dll
2014-12-24 15:25 . 2014-12-24 15:25 -------- d-----w- c:\users\Black\AppData\Local\Stardock
2014-12-24 15:21 . 2014-12-24 15:21 -------- d-----w- c:\users\Black\AppData\Roaming\Rainmeter
2014-12-24 15:21 . 2014-12-24 15:21 -------- d-----w- c:\program files\Rainmeter
2014-12-24 15:13 . 2014-12-24 15:13 -------- d-----w- c:\users\Black\AppData\Local\Windows Live Writer
2014-12-24 15:13 . 2014-12-24 15:13 -------- d-----w- c:\users\Black\AppData\Roaming\Windows Live Writer
2014-12-24 15:10 . 2014-12-24 15:10 -------- d-----w- c:\windows\cs
2014-12-24 15:10 . 2014-12-24 15:10 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2014-12-24 15:10 . 2014-12-24 15:10 -------- d-----w- c:\program files\Windows Live
2014-12-24 15:10 . 2014-12-24 15:10 -------- d-----w- c:\program files (x86)\Windows Live
2014-12-24 15:09 . 2014-12-24 15:35 -------- d-----w- c:\users\Black\AppData\Local\Windows Live
2014-12-24 15:09 . 2014-12-24 15:09 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2014-12-24 14:48 . 2014-12-24 14:48 -------- d-----w- c:\users\Black\AppData\Local\Skype
2014-12-24 14:48 . 2015-01-23 14:14 -------- d-----w- c:\users\Black\AppData\Roaming\Skype
2014-12-24 14:48 . 2014-12-24 14:48 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-12-24 14:48 . 2014-12-24 14:50 -------- d-----r- c:\program files (x86)\Skype
2014-12-24 14:48 . 2014-12-24 14:50 -------- d-----w- c:\programdata\Skype
2014-12-24 14:44 . 2014-12-24 14:44 -------- d-----w- c:\programdata\APN
2014-12-24 14:44 . 2015-01-23 14:22 -------- d-----w- c:\users\Black\AppData\Roaming\uTorrent
2014-12-24 14:29 . 2015-01-16 18:44 -------- d-----w- c:\users\Black\AppData\Local\Adobe
2014-12-24 14:28 . 2014-12-24 14:28 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2014-12-24 14:27 . 2014-12-24 14:27 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-12-24 14:27 . 2014-12-24 14:27 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-12-24 14:27 . 2014-12-24 14:27 -------- d-----w- c:\programdata\Oracle
2014-12-24 14:27 . 2014-12-24 14:27 -------- d-----w- c:\program files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-16 18:58 . 2014-12-23 09:01 113365784 ----a-w- c:\windows\system32\MRT.exe
2015-01-16 18:44 . 2014-12-23 08:21 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-16 18:44 . 2014-12-23 08:21 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-25 13:25 . 2009-07-13 23:57 22112256 ----a-w- c:\windows\system32\imageres.dll
2014-12-24 15:10 . 2012-07-17 13:37 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-12-24 14:20 . 2014-12-24 14:20 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2014-12-24 14:20 . 2014-12-24 14:20 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2014-12-24 14:20 . 2014-12-24 14:20 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2014-12-24 14:20 . 2014-12-24 14:20 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2014-12-24 13:39 . 2014-12-24 14:06 22030336 ----a-w- c:\windows\system32\imageres.dll.backup
2014-12-24 13:39 . 2009-07-13 23:42 22111744 ----a-w- c:\windows\SysWow64\imageres.dll
2014-12-23 13:20 . 2014-12-23 13:20 925184 ----a-w- c:\windows\expstart.exe
2014-12-23 12:14 . 2014-12-23 12:14 606208 ----a-w- c:\windows\system32\mstime.dll
2014-12-23 12:14 . 2014-12-23 12:14 163840 ----a-w- c:\windows\system32\ieakui.dll
2014-12-23 12:13 . 2014-12-23 12:13 229376 ----a-w- c:\windows\system32\ieaksie.dll
2014-12-23 12:13 . 2014-12-23 12:13 126976 ----a-w- c:\windows\system32\ieakeng.dll
2014-12-23 12:13 . 2014-12-23 12:13 18432 ----a-w- c:\windows\system32\corpol.dll
2014-12-23 12:06 . 2014-12-23 12:06 73216 ----a-w- c:\windows\system32\admparse.dll
2014-12-23 12:06 . 2014-12-23 12:06 131584 ----a-w- c:\windows\system32\aaclient.dll
2014-12-23 11:55 . 2014-12-23 11:52 63088 ----a-w- c:\windows\SysWow64\vsocklib.dll
2014-12-23 11:55 . 2014-12-23 11:52 50800 ----a-w- c:\windows\SysWow64\vmhgfs.dll
2014-12-23 11:55 . 2014-12-23 11:52 34416 ----a-w- c:\windows\SysWow64\vmGuestLibJava.dll
2014-12-23 11:55 . 2014-12-23 11:52 53360 ----a-w- c:\windows\SysWow64\vmGuestLib.dll
2014-12-23 11:55 . 2014-12-23 11:55 219248 ----a-w- c:\windows\SysWow64\vm3dum.dll
2014-12-23 11:55 . 2014-12-23 11:55 3223152 ----a-w- c:\windows\SysWow64\vm3dgl.dll
2014-12-23 11:55 . 2014-12-23 11:55 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2014-12-23 11:55 . 2014-12-23 11:54 1047552 ----a-w- c:\windows\SysWow64\mfc71u.dll
2014-12-23 11:54 . 2014-12-23 11:54 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2014-12-23 11:54 . 2014-12-23 11:51 18432 ----a-w- c:\windows\SysWow64\corpol.dll
2014-12-23 11:54 . 2014-12-23 11:51 73216 ----a-w- c:\windows\SysWow64\admparse.dll
2014-12-23 11:54 . 2014-12-23 11:51 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2014-12-23 11:24 . 2014-12-23 11:24 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2014-12-23 11:19 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll
2014-12-23 11:19 . 2010-11-21 03:23 2851840 ----a-w- c:\windows\system32\themeui.dll
2014-12-23 11:19 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll
2014-12-23 11:18 . 2014-12-23 11:18 386680 ----a-w- c:\windows\system32\drivers\sptd.sys
2014-12-23 11:05 . 2014-12-23 11:05 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2014-12-23 11:05 . 2014-12-23 11:05 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-12-23 09:10 . 2014-12-23 09:10 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-12-23 09:10 . 2014-12-23 09:10 942592 ----a-w- c:\windows\system32\jsIntl.dll
2014-12-23 09:10 . 2014-12-23 09:10 92160 ----a-w- c:\windows\system32\mshtmled.dll
2014-12-23 09:10 . 2014-12-23 09:10 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-12-23 09:10 . 2014-12-23 09:10 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-12-23 09:10 . 2014-12-23 09:10 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-12-23 09:10 . 2014-12-23 09:10 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-12-23 09:10 . 2014-12-23 09:10 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2014-12-23 09:10 . 2014-12-23 09:10 81408 ----a-w- c:\windows\system32\icardie.dll
2014-12-23 09:10 . 2014-12-23 09:10 800768 ----a-w- c:\windows\system32\msfeeds.dll
2014-12-23 09:10 . 2014-12-23 09:10 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2014-12-23 09:10 . 2014-12-23 09:10 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-23 09:10 . 2014-12-23 09:10 774144 ----a-w- c:\windows\system32\jscript.dll
2014-12-23 09:10 . 2014-12-23 09:10 77312 ----a-w- c:\windows\system32\tdc.ocx
2014-12-23 09:10 . 2014-12-23 09:10 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-12-23 09:10 . 2014-12-23 09:10 718848 ----a-w- c:\windows\system32\ie4uinit.exe
2014-12-23 09:10 . 2014-12-23 09:10 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-12-23 09:10 . 2014-12-23 09:10 66560 ----a-w- c:\windows\system32\iesetup.dll
2014-12-23 09:10 . 2014-12-23 09:10 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2014-12-23 09:10 . 2014-12-23 09:10 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-12-23 09:10 . 2014-12-23 09:10 633856 ----a-w- c:\windows\system32\ieui.dll
2014-12-23 09:10 . 2014-12-23 09:10 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-12-23 09:10 . 2014-12-23 09:10 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-12-23 09:10 . 2014-12-23 09:10 62464 ----a-w- c:\windows\system32\pngfilt.dll
2014-12-23 09:10 . 2014-12-23 09:10 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-12-23 09:10 . 2014-12-23 09:10 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2014-12-23 09:10 . 2014-12-23 09:10 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-12-23 09:10 . 2014-12-23 09:10 6039552 ----a-w- c:\windows\system32\jscript9.dll
2014-12-23 09:10 . 2014-12-23 09:10 580096 ----a-w- c:\windows\system32\vbscript.dll
2014-12-23 09:10 . 2014-12-23 09:10 54784 ----a-w- c:\windows\system32\jsproxy.dll
2014-12-23 09:10 . 2014-12-23 09:10 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-12-23 09:10 . 2014-12-23 09:10 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-12-23 09:10 . 2014-12-23 09:10 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2014-12-23 09:10 . 2014-12-23 09:10 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-12-23 09:10 . 2014-12-23 09:10 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-12-23 09:10 . 2014-12-23 09:10 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-12-23 09:10 . 2014-12-23 09:10 48128 ----a-w- c:\windows\system32\imgutil.dll
2014-12-23 09:10 . 2014-12-23 09:10 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-12-23 09:10 . 2014-12-23 09:10 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-12-23 09:10 . 2014-12-23 09:10 413696 ----a-w- c:\windows\system32\html.iec
2014-12-23 09:10 . 2014-12-23 09:10 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-12-23 09:10 . 2014-12-23 09:10 389296 ----a-w- c:\windows\system32\iedkcs32.dll
2014-12-23 09:10 . 2014-12-23 09:10 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-12-23 09:10 . 2014-12-23 09:10 34304 ----a-w- c:\windows\system32\iernonce.dll
2014-12-23 09:10 . 2014-12-23 09:10 337408 ----a-w- c:\windows\SysWow64\html.iec
2014-12-23 09:10 . 2014-12-23 09:10 316928 ----a-w- c:\windows\system32\dxtrans.dll
2014-12-23 09:10 . 2014-12-23 09:10 30208 ----a-w- c:\windows\system32\licmgr10.dll
2014-12-23 09:10 . 2014-12-23 09:10 2885120 ----a-w- c:\windows\system32\iertutil.dll
2014-12-23 09:10 . 2014-12-23 09:10 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-12-23 09:10 . 2014-12-23 09:10 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-12-23 09:10 . 2014-12-23 09:10 25059840 ----a-w- c:\windows\system32\mshtml.dll
2014-12-23 09:10 . 2014-12-23 09:10 247808 ----a-w- c:\windows\system32\msls31.dll
2014-12-23 09:10 . 2014-12-23 09:10 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-12-23 09:10 . 2014-12-23 09:10 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-12-23 09:10 . 2014-12-23 09:10 2358272 ----a-w- c:\windows\system32\wininet.dll
2014-12-23 09:10 . 2014-12-23 09:10 235520 ----a-w- c:\windows\system32\url.dll
2014-12-23 09:10 . 2014-12-23 09:10 235008 ----a-w- c:\windows\system32\elshyph.dll
2014-12-23 09:10 . 2014-12-23 09:10 2125312 ----a-w- c:\windows\system32\inetcpl.cpl
2014-12-23 09:10 . 2014-12-23 09:10 208384 ----a-w- c:\windows\SysWow64\webcheck.dll
2014-12-23 09:10 . 2014-12-23 09:10 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-12-23 09:10 . 2014-12-23 09:10 199680 ----a-w- c:\windows\system32\msrating.dll
2014-12-23 09:10 . 2014-12-23 09:10 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2013-10-21 . A4F64C7ABD1A393693D458E97F0DD4E2 . 2792960 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[7] 2013-10-21 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[7] 2013-10-21 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[7] 2010-11-21 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-12-12 7394584]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-12-22 23308616]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"Advanced SystemCare 8"="c:\program files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" [2014-11-07 2425632]
"uTorrent"="c:\users\Black\AppData\Roaming\uTorrent\uTorrent.exe" [2015-01-16 1374032]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-12-11 30877280]
"Zoner Photo Studio Autoupdate"="c:\program files\ZONER\PHOTO STUDIO 17\Program32\ZPSTRAY.EXE" [2014-12-19 458456]
"GUDelayStartup"="c:\program files (x86)\Glary Utilities 5\StartupManager.exe" [2015-01-05 37152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-12-21 292848]
"Dolby Home Theater v4"="c:\dolby pcee4\pcee4.exe" [2012-08-31 508656]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"driver_booster_setup"="wscript.exe" [2013-10-12 141824]
.
c:\users\Black\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
driver_booster_setup.vbs [2015-1-10 149024]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2014-5-25 36536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{F791A188-699D-4FD4-955A-EB59E89B1907}"= "c:\program files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll" [2010-01-28 104448]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R3 cpuz137;cpuz137; [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1506000.020\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx64.sys;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\ccSetx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys;c:\windows\SYSNATIVE\drivers\GUBootStartup.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20150116.001\IDSvia64.sys;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20150116.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1506000.020\SYMNETS.SYS [x]
S2 AdvancedSystemCareService8;Advanced SystemCare Service 8;c:\program files (x86)\IObit\Advanced SystemCare 8\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 HyperDeskCustomThemeEnabler;HyperDesk's Custom Theme Enabler;c:\windows\Installer\MSIC565.tmp;c:\windows\Installer\MSIC565.tmp [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\21.6.0.32\N360.exe;c:\program files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 PDFSFilter;PDFSFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys;c:\windows\SYSNATIVE\DRIVERS\PDFsFilter.sys [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Atheros\Ath_WlanAgent.exe;c:\program files (x86)\Atheros\Ath_WlanAgent.exe [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2015-01-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-23 18:44]
.
2015-01-23 c:\windows\Tasks\GlaryInitialize 5.job
- c:\program files (x86)\Glary Utilities 5\Initialize.exe [2015-01-05 05:16]
.
2015-01-10 c:\windows\Tasks\GlaryOneClickOptimizer 5.job
- c:\program files (x86)\Glary Utilities 5\OneClickMaintenance.exe [2015-01-05 05:16]
.
2015-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-12-23 10:42]
.
2015-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-12-23 10:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2015-01-16 18:46 2471744 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-12-22 15:28 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-12-22 15:28 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-12-22 15:28 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-12-22 15:28 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-12-22 15:28 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-01-31 36352]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-03-18 13427784]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-03-08 1278024]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-12-23 391152]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-12-23 771056]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-12-23 770032]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-03-08 1021056]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2012-03-08 800896]
"rfagent"="c:\program files\RFA 10\rfagent64.exe" [2014-11-26 3525656]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-12-13 2531472]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-12-13 2824504]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{F791A188-699D-4FD4-955A-EB59E89B1907}"= "c:\program files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll" [2010-01-28 104448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
c:\users\Black\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\July AccuWeather.lnk - c:\users\Black\Documents\JulyWeather.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\21.6.0.32\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\21.6.0.32\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HyperDeskCustomThemeEnabler]
"ImagePath"="\"c:\windows\Installer\MSIC565.tmp\" -service"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton 360\Engine\21.6.0.32;c:\program files (x86)\Norton 360\Engine64\21.6.0.32"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG18.00.00.01PROFESSIONAL"="CEA14854DE729A4E7045058399774CD10288D3AE9A83A7B13EA5DBEA0C69C94CF4E0364049AE5044BF73260E40FAFCA7FD8D9E7912231D2E2B658FF311BCC77FFB53924E87C66D92CC015A55505F2E93672A7A8ABD898AE0106878E3D483DE146490B21FD2B0329E11A793A40A0ACC734DD818F5832C2ABFAD8922367F6634B646F61E3BB76450ED16E3762B7C67B6464E57D834188828E25BE94C4E8B12623ACA28910C17616F2D7DF95C7C0F6543AF9E2BD322071EA6877F6E69EF4A36F5143187FDDE25A7A92877EED210FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D1407A9C6AECB7A5D14078EDD5E5BE2F6E667A2D97226D213B555BB9E6FDCC7B088D76585DC3C0C42B0DF83D1A673CF4BDF979A301056B70207F2EF5EB87A32104D18CFD42691E640837726F81E55FABD6A08E9675AFE1B62C884D0477BD76115C8BE5CB25E4B03B83681AFAD3499D2ABFA07382A6D0C125376F327A1FBC20BBB25F2B83958908AC90FCE5178E5DF99F3912B5B9318B3121571438DB9F4AEFA46BD3FE6845CABBD5408928FE9A9ECA139E6F200C29BD4A32A4B59F3E014AE0E392391B8B7240AED004EE24793E5275563E5BDA2DAAB6FE55DCD7C9D6AFCFDB65D99BCD978DE410536C2BC230CF69C2E1D2B4E1884F1A808B972DBA430C37BFBBF9A77C56F30867CA4FB7FA6EE2E7A3E558A5006EB8B48508E6A0AF10EF2A8F7B2525BCC4A2F34E33D436D2659CD96A8C00A4EE7400ABC977118F9C6E509A9D8CA20E7143BE54BDE3715AECDED8EE7A754E4B80B3371964C391306379BF7CADF609A7D15F7536D248C244E98D51D8B854B096415003B8AED03A7ECAA97A5F8641209E41CB96CE180FAD5BB5BB9184023A61989795FD3F1922FD44F5DC56BC4D0C0E746493F1692518543CA39C7956A75A8EA4505919DC8E4E0CDB05D1998662310683213482D908A70BA32AD341B1284588A16565CEC3020817A7D9004EE36EDE9EE9A401C7F0C34C7BB0F84B4A6626C013561DE040B6E953BF6012D012433567C13D46E84CF5DE7D97E5EE184A72CDC31DDEF6756336AAC8092ED3F0B627E9838A19B0FCD557F57B6EB84B9E082629A3DABEE09A21A325C83CFD8A723C6DD01521C8DE5C93C9143B61F4AD68E8D9DFDBBF7ECB33DE0F634BD67BA99CE64BC72C3362D0DCEA2550572EC58D6529699F38752DFA97C230CD26AC3721C9641A66349D9E06F371B3386485941AB78DD37FB40FC9F023C6C6C6E8A06BF8B86D6CEDEE4A1F24FDEAD3448DB1D7699CE96F7A948ED67A6DC3E33D1627F4918AF930C815CDE914129D489DC12274E3C27688526C650D9D6C10EA258F8B9184526D9D5FEB6954FAD7B7F056A9419070259EFAC2E2903F9A552C41F759BEF1AE903FECC"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\IObit\Advanced SystemCare 8\Suo12_StartupManager.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
c:\program files (x86)\Glary Utilities 5\Integrator.exe
.
**************************************************************************
.
Celkový čas: 2015-01-23 15:24:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-01-23 14:24
.
Před spuštěním: Volných bajtů: 175 499 689 984
Po spuštění: Volných bajtů: 174 953 758 720
.
- - End Of File - - 87AD1695C7F16C44BEA8405409499D9B
A36C5E4F47E84449FF07ED3517B43A31
Log Jsem udělal na ntb kde mi norton pořád hlásí útoky z netu
a jináč změna routeru nepomohla...
ComboFix 15-01-22.02 - Black 23.01.2015 15:19:03.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8072.5780 [GMT 1:00]
Spuštěný z: c:\users\Black\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton 360 *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton 360 *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Black\AppData\Local\Temp\_MEI49762\_ctypes.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\_elementtree.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\_hashlib.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\_multiprocessing.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\_socket.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\_ssl.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\hashobjs_ext.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\pyexpat.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\pysqlite2._sqlite.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\python27.dll
c:\users\Black\AppData\Local\Temp\_MEI49762\pythoncom27.dll
c:\users\Black\AppData\Local\Temp\_MEI49762\PyWinTypes27.dll
c:\users\Black\AppData\Local\Temp\_MEI49762\select.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\unicodedata.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\win32api.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\win32com.shell.shell.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\win32crypt.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\win32event.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\win32file.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\win32gui.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\win32inet.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\win32pdh.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\win32pipe.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\win32process.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\win32profile.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\win32security.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\win32ts.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\windows._lib_cacheinvalidation.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\wx._animate.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\wx._controls_.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\wx._core_.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\wx._gdi_.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\wx._html2.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\wx._misc_.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\wx._windows_.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\wx._wizard.pyd
c:\users\Black\AppData\Local\Temp\_MEI49762\wxbase294u_net_vc90.dll
c:\users\Black\AppData\Local\Temp\_MEI49762\wxbase294u_vc90.dll
c:\users\Black\AppData\Local\Temp\_MEI49762\wxmsw294u_adv_vc90.dll
c:\users\Black\AppData\Local\Temp\_MEI49762\wxmsw294u_core_vc90.dll
c:\users\Black\AppData\Local\Temp\_MEI49762\wxmsw294u_html_vc90.dll
c:\users\Black\AppData\Local\Temp\_MEI49762\wxmsw294u_webview_vc90.dll
c:\users\Black\Documents\JulyWeather.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-12-23 do 2015-01-23 )))))))))))))))))))))))))))))))
.
.
2015-01-23 14:22 . 2015-01-23 14:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-01-17 16:01 . 2015-01-17 16:01 -------- d-----w- c:\users\Black\AppData\Roaming\MPC-HC
2015-01-17 16:00 . 2014-12-02 14:10 260184 ----a-w- c:\windows\system32\unrar64.dll
2015-01-17 16:00 . 2015-01-17 16:00 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2015-01-17 15:43 . 2015-01-17 15:43 -------- d-----w- c:\programdata\SMR430
2015-01-16 19:17 . 2015-01-16 19:17 359128 ----a-w- c:\windows\system32\drivers\RtsPStor.sys
2015-01-11 10:20 . 2015-01-10 11:45 149024 ----a-w- c:\users\Black\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\driver_booster_setup.vbs
2015-01-10 16:25 . 2015-01-10 16:25 10604648 ----a-w- c:\windows\SysWow64\driver_booster_setup.exe
2015-01-10 09:21 . 2015-01-10 09:21 -------- d-----w- c:\programdata\Raxco
2015-01-10 09:21 . 2015-01-10 09:21 -------- d-----w- c:\program files\Raxco
2015-01-10 09:21 . 2015-01-10 09:21 -------- d-----w- c:\program files\Common Files\Raxco
2015-01-10 09:20 . 2015-01-10 09:20 -------- d-----w- c:\program files (x86)\Raxco
2015-01-10 09:14 . 2015-01-10 09:14 -------- d-----w- c:\programdata\GlarySoft
2015-01-10 08:40 . 2015-01-10 08:40 20160 ----a-w- c:\windows\system32\drivers\GUBootStartup.sys
2015-01-10 08:40 . 2015-01-10 08:40 -------- d-----w- c:\users\Black\AppData\Roaming\GlarySoft
2015-01-10 08:40 . 2015-01-23 14:06 -------- d-----w- c:\program files (x86)\Glary Utilities 5
2015-01-10 08:30 . 2015-01-10 08:30 4044800 ----a-w- c:\windows\system32\drivers\athrx.sys
2015-01-02 18:03 . 2015-01-02 18:03 12288 ----a-w- c:\windows\SysWow64\sbunattend.exe
2015-01-02 17:52 . 2015-01-02 17:52 12288 ----a-w- c:\windows\system32\sbunattend.exe
2015-01-02 17:50 . 2015-01-02 17:50 63088 ----a-w- c:\windows\system32\vsocklib.dll
2015-01-02 17:50 . 2015-01-02 17:50 50800 ----a-w- c:\windows\system32\vmhgfs.dll
2015-01-02 17:50 . 2015-01-02 17:50 34416 ----a-w- c:\windows\system32\vmGuestLibJava.dll
2014-12-26 13:16 . 2015-01-18 13:47 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-12-25 13:53 . 2014-10-16 09:27 27424 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2014-12-25 12:34 . 2014-12-25 12:34 -------- d-----w- c:\users\Black\AppData\Local\SKIDROW
2014-12-25 11:56 . 2014-12-25 11:56 -------- d-----w- c:\program files (x86)\Microsoft ASP.NET
2014-12-25 11:55 . 2014-12-25 11:55 -------- d-----w- c:\users\Black\AppData\Local\NVIDIA Corporation
2014-12-25 11:54 . 2014-12-25 11:55 -------- d-----w- c:\users\Black\AppData\Local\NVIDIA
2014-12-25 11:53 . 2014-12-25 11:53 -------- d-----w- c:\windows\SysWow64\NV
2014-12-25 11:53 . 2014-12-25 11:53 -------- d-----w- c:\windows\system32\NV
2014-12-25 11:45 . 2014-12-13 10:08 994384 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-12-24 16:56 . 2014-12-24 16:56 53360 ----a-w- c:\windows\system32\vmGuestLib.dll
2014-12-24 16:26 . 2014-12-24 16:26 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2014-12-24 15:59 . 2014-12-24 15:59 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2014-12-24 15:59 . 2014-12-24 15:59 -------- d-----w- c:\program files\Common Files\Symantec Shared
2014-12-24 15:58 . 2014-12-24 16:21 -------- d-----w- c:\windows\system32\drivers\N360x64
2014-12-24 15:58 . 2014-12-24 15:58 -------- d-----w- c:\program files (x86)\Norton 360
2014-12-24 15:58 . 2014-12-24 15:59 -------- d-----w- c:\programdata\Norton
2014-12-24 15:58 . 2014-12-24 15:58 -------- d-----w- c:\program files (x86)\NortonInstaller
2014-12-24 15:50 . 2010-11-21 03:24 962048 ----a-w- c:\windows\system32\bootrs2.dll
2014-12-24 15:50 . 2010-11-21 03:24 2217856 ----a-w- c:\windows\system32\bootrs2~1.dll
2014-12-24 15:25 . 2014-12-24 15:25 -------- d-----w- c:\users\Black\AppData\Local\Stardock
2014-12-24 15:21 . 2014-12-24 15:21 -------- d-----w- c:\users\Black\AppData\Roaming\Rainmeter
2014-12-24 15:21 . 2014-12-24 15:21 -------- d-----w- c:\program files\Rainmeter
2014-12-24 15:13 . 2014-12-24 15:13 -------- d-----w- c:\users\Black\AppData\Local\Windows Live Writer
2014-12-24 15:13 . 2014-12-24 15:13 -------- d-----w- c:\users\Black\AppData\Roaming\Windows Live Writer
2014-12-24 15:10 . 2014-12-24 15:10 -------- d-----w- c:\windows\cs
2014-12-24 15:10 . 2014-12-24 15:10 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2014-12-24 15:10 . 2014-12-24 15:10 -------- d-----w- c:\program files\Windows Live
2014-12-24 15:10 . 2014-12-24 15:10 -------- d-----w- c:\program files (x86)\Windows Live
2014-12-24 15:09 . 2014-12-24 15:35 -------- d-----w- c:\users\Black\AppData\Local\Windows Live
2014-12-24 15:09 . 2014-12-24 15:09 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2014-12-24 14:48 . 2014-12-24 14:48 -------- d-----w- c:\users\Black\AppData\Local\Skype
2014-12-24 14:48 . 2015-01-23 14:14 -------- d-----w- c:\users\Black\AppData\Roaming\Skype
2014-12-24 14:48 . 2014-12-24 14:48 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-12-24 14:48 . 2014-12-24 14:50 -------- d-----r- c:\program files (x86)\Skype
2014-12-24 14:48 . 2014-12-24 14:50 -------- d-----w- c:\programdata\Skype
2014-12-24 14:44 . 2014-12-24 14:44 -------- d-----w- c:\programdata\APN
2014-12-24 14:44 . 2015-01-23 14:22 -------- d-----w- c:\users\Black\AppData\Roaming\uTorrent
2014-12-24 14:29 . 2015-01-16 18:44 -------- d-----w- c:\users\Black\AppData\Local\Adobe
2014-12-24 14:28 . 2014-12-24 14:28 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2014-12-24 14:27 . 2014-12-24 14:27 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-12-24 14:27 . 2014-12-24 14:27 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-12-24 14:27 . 2014-12-24 14:27 -------- d-----w- c:\programdata\Oracle
2014-12-24 14:27 . 2014-12-24 14:27 -------- d-----w- c:\program files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-16 18:58 . 2014-12-23 09:01 113365784 ----a-w- c:\windows\system32\MRT.exe
2015-01-16 18:44 . 2014-12-23 08:21 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-16 18:44 . 2014-12-23 08:21 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-25 13:25 . 2009-07-13 23:57 22112256 ----a-w- c:\windows\system32\imageres.dll
2014-12-24 15:10 . 2012-07-17 13:37 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-12-24 14:20 . 2014-12-24 14:20 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2014-12-24 14:20 . 2014-12-24 14:20 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2014-12-24 14:20 . 2014-12-24 14:20 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2014-12-24 14:20 . 2014-12-24 14:20 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2014-12-24 13:39 . 2014-12-24 14:06 22030336 ----a-w- c:\windows\system32\imageres.dll.backup
2014-12-24 13:39 . 2009-07-13 23:42 22111744 ----a-w- c:\windows\SysWow64\imageres.dll
2014-12-23 13:20 . 2014-12-23 13:20 925184 ----a-w- c:\windows\expstart.exe
2014-12-23 12:14 . 2014-12-23 12:14 606208 ----a-w- c:\windows\system32\mstime.dll
2014-12-23 12:14 . 2014-12-23 12:14 163840 ----a-w- c:\windows\system32\ieakui.dll
2014-12-23 12:13 . 2014-12-23 12:13 229376 ----a-w- c:\windows\system32\ieaksie.dll
2014-12-23 12:13 . 2014-12-23 12:13 126976 ----a-w- c:\windows\system32\ieakeng.dll
2014-12-23 12:13 . 2014-12-23 12:13 18432 ----a-w- c:\windows\system32\corpol.dll
2014-12-23 12:06 . 2014-12-23 12:06 73216 ----a-w- c:\windows\system32\admparse.dll
2014-12-23 12:06 . 2014-12-23 12:06 131584 ----a-w- c:\windows\system32\aaclient.dll
2014-12-23 11:55 . 2014-12-23 11:52 63088 ----a-w- c:\windows\SysWow64\vsocklib.dll
2014-12-23 11:55 . 2014-12-23 11:52 50800 ----a-w- c:\windows\SysWow64\vmhgfs.dll
2014-12-23 11:55 . 2014-12-23 11:52 34416 ----a-w- c:\windows\SysWow64\vmGuestLibJava.dll
2014-12-23 11:55 . 2014-12-23 11:52 53360 ----a-w- c:\windows\SysWow64\vmGuestLib.dll
2014-12-23 11:55 . 2014-12-23 11:55 219248 ----a-w- c:\windows\SysWow64\vm3dum.dll
2014-12-23 11:55 . 2014-12-23 11:55 3223152 ----a-w- c:\windows\SysWow64\vm3dgl.dll
2014-12-23 11:55 . 2014-12-23 11:55 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2014-12-23 11:55 . 2014-12-23 11:54 1047552 ----a-w- c:\windows\SysWow64\mfc71u.dll
2014-12-23 11:54 . 2014-12-23 11:54 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2014-12-23 11:54 . 2014-12-23 11:51 18432 ----a-w- c:\windows\SysWow64\corpol.dll
2014-12-23 11:54 . 2014-12-23 11:51 73216 ----a-w- c:\windows\SysWow64\admparse.dll
2014-12-23 11:54 . 2014-12-23 11:51 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2014-12-23 11:24 . 2014-12-23 11:24 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2014-12-23 11:19 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll
2014-12-23 11:19 . 2010-11-21 03:23 2851840 ----a-w- c:\windows\system32\themeui.dll
2014-12-23 11:19 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll
2014-12-23 11:18 . 2014-12-23 11:18 386680 ----a-w- c:\windows\system32\drivers\sptd.sys
2014-12-23 11:05 . 2014-12-23 11:05 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2014-12-23 11:05 . 2014-12-23 11:05 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-12-23 09:10 . 2014-12-23 09:10 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-12-23 09:10 . 2014-12-23 09:10 942592 ----a-w- c:\windows\system32\jsIntl.dll
2014-12-23 09:10 . 2014-12-23 09:10 92160 ----a-w- c:\windows\system32\mshtmled.dll
2014-12-23 09:10 . 2014-12-23 09:10 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-12-23 09:10 . 2014-12-23 09:10 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-12-23 09:10 . 2014-12-23 09:10 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-12-23 09:10 . 2014-12-23 09:10 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-12-23 09:10 . 2014-12-23 09:10 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2014-12-23 09:10 . 2014-12-23 09:10 81408 ----a-w- c:\windows\system32\icardie.dll
2014-12-23 09:10 . 2014-12-23 09:10 800768 ----a-w- c:\windows\system32\msfeeds.dll
2014-12-23 09:10 . 2014-12-23 09:10 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2014-12-23 09:10 . 2014-12-23 09:10 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-23 09:10 . 2014-12-23 09:10 774144 ----a-w- c:\windows\system32\jscript.dll
2014-12-23 09:10 . 2014-12-23 09:10 77312 ----a-w- c:\windows\system32\tdc.ocx
2014-12-23 09:10 . 2014-12-23 09:10 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-12-23 09:10 . 2014-12-23 09:10 718848 ----a-w- c:\windows\system32\ie4uinit.exe
2014-12-23 09:10 . 2014-12-23 09:10 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-12-23 09:10 . 2014-12-23 09:10 66560 ----a-w- c:\windows\system32\iesetup.dll
2014-12-23 09:10 . 2014-12-23 09:10 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2014-12-23 09:10 . 2014-12-23 09:10 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-12-23 09:10 . 2014-12-23 09:10 633856 ----a-w- c:\windows\system32\ieui.dll
2014-12-23 09:10 . 2014-12-23 09:10 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-12-23 09:10 . 2014-12-23 09:10 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-12-23 09:10 . 2014-12-23 09:10 62464 ----a-w- c:\windows\system32\pngfilt.dll
2014-12-23 09:10 . 2014-12-23 09:10 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-12-23 09:10 . 2014-12-23 09:10 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2014-12-23 09:10 . 2014-12-23 09:10 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-12-23 09:10 . 2014-12-23 09:10 6039552 ----a-w- c:\windows\system32\jscript9.dll
2014-12-23 09:10 . 2014-12-23 09:10 580096 ----a-w- c:\windows\system32\vbscript.dll
2014-12-23 09:10 . 2014-12-23 09:10 54784 ----a-w- c:\windows\system32\jsproxy.dll
2014-12-23 09:10 . 2014-12-23 09:10 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-12-23 09:10 . 2014-12-23 09:10 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-12-23 09:10 . 2014-12-23 09:10 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2014-12-23 09:10 . 2014-12-23 09:10 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-12-23 09:10 . 2014-12-23 09:10 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-12-23 09:10 . 2014-12-23 09:10 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-12-23 09:10 . 2014-12-23 09:10 48128 ----a-w- c:\windows\system32\imgutil.dll
2014-12-23 09:10 . 2014-12-23 09:10 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-12-23 09:10 . 2014-12-23 09:10 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-12-23 09:10 . 2014-12-23 09:10 413696 ----a-w- c:\windows\system32\html.iec
2014-12-23 09:10 . 2014-12-23 09:10 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-12-23 09:10 . 2014-12-23 09:10 389296 ----a-w- c:\windows\system32\iedkcs32.dll
2014-12-23 09:10 . 2014-12-23 09:10 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-12-23 09:10 . 2014-12-23 09:10 34304 ----a-w- c:\windows\system32\iernonce.dll
2014-12-23 09:10 . 2014-12-23 09:10 337408 ----a-w- c:\windows\SysWow64\html.iec
2014-12-23 09:10 . 2014-12-23 09:10 316928 ----a-w- c:\windows\system32\dxtrans.dll
2014-12-23 09:10 . 2014-12-23 09:10 30208 ----a-w- c:\windows\system32\licmgr10.dll
2014-12-23 09:10 . 2014-12-23 09:10 2885120 ----a-w- c:\windows\system32\iertutil.dll
2014-12-23 09:10 . 2014-12-23 09:10 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-12-23 09:10 . 2014-12-23 09:10 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-12-23 09:10 . 2014-12-23 09:10 25059840 ----a-w- c:\windows\system32\mshtml.dll
2014-12-23 09:10 . 2014-12-23 09:10 247808 ----a-w- c:\windows\system32\msls31.dll
2014-12-23 09:10 . 2014-12-23 09:10 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-12-23 09:10 . 2014-12-23 09:10 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-12-23 09:10 . 2014-12-23 09:10 2358272 ----a-w- c:\windows\system32\wininet.dll
2014-12-23 09:10 . 2014-12-23 09:10 235520 ----a-w- c:\windows\system32\url.dll
2014-12-23 09:10 . 2014-12-23 09:10 235008 ----a-w- c:\windows\system32\elshyph.dll
2014-12-23 09:10 . 2014-12-23 09:10 2125312 ----a-w- c:\windows\system32\inetcpl.cpl
2014-12-23 09:10 . 2014-12-23 09:10 208384 ----a-w- c:\windows\SysWow64\webcheck.dll
2014-12-23 09:10 . 2014-12-23 09:10 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-12-23 09:10 . 2014-12-23 09:10 199680 ----a-w- c:\windows\system32\msrating.dll
2014-12-23 09:10 . 2014-12-23 09:10 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2013-10-21 . A4F64C7ABD1A393693D458E97F0DD4E2 . 2792960 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[7] 2013-10-21 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[7] 2013-10-21 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[7] 2010-11-21 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-12-12 7394584]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-12-22 23308616]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"Advanced SystemCare 8"="c:\program files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" [2014-11-07 2425632]
"uTorrent"="c:\users\Black\AppData\Roaming\uTorrent\uTorrent.exe" [2015-01-16 1374032]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-12-11 30877280]
"Zoner Photo Studio Autoupdate"="c:\program files\ZONER\PHOTO STUDIO 17\Program32\ZPSTRAY.EXE" [2014-12-19 458456]
"GUDelayStartup"="c:\program files (x86)\Glary Utilities 5\StartupManager.exe" [2015-01-05 37152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-12-21 292848]
"Dolby Home Theater v4"="c:\dolby pcee4\pcee4.exe" [2012-08-31 508656]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"driver_booster_setup"="wscript.exe" [2013-10-12 141824]
.
c:\users\Black\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
driver_booster_setup.vbs [2015-1-10 149024]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2014-5-25 36536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{F791A188-699D-4FD4-955A-EB59E89B1907}"= "c:\program files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll" [2010-01-28 104448]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R3 cpuz137;cpuz137; [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1506000.020\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx64.sys;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\ccSetx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys;c:\windows\SYSNATIVE\drivers\GUBootStartup.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20150116.001\IDSvia64.sys;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20150116.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1506000.020\SYMNETS.SYS [x]
S2 AdvancedSystemCareService8;Advanced SystemCare Service 8;c:\program files (x86)\IObit\Advanced SystemCare 8\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 HyperDeskCustomThemeEnabler;HyperDesk's Custom Theme Enabler;c:\windows\Installer\MSIC565.tmp;c:\windows\Installer\MSIC565.tmp [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\21.6.0.32\N360.exe;c:\program files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 PDFSFilter;PDFSFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys;c:\windows\SYSNATIVE\DRIVERS\PDFsFilter.sys [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Atheros\Ath_WlanAgent.exe;c:\program files (x86)\Atheros\Ath_WlanAgent.exe [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2015-01-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-23 18:44]
.
2015-01-23 c:\windows\Tasks\GlaryInitialize 5.job
- c:\program files (x86)\Glary Utilities 5\Initialize.exe [2015-01-05 05:16]
.
2015-01-10 c:\windows\Tasks\GlaryOneClickOptimizer 5.job
- c:\program files (x86)\Glary Utilities 5\OneClickMaintenance.exe [2015-01-05 05:16]
.
2015-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-12-23 10:42]
.
2015-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-12-23 10:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2015-01-16 18:46 2471744 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-12-22 15:28 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-12-22 15:28 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-12-22 15:28 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-12-22 15:28 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-12-22 15:28 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-01-31 36352]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-03-18 13427784]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-03-08 1278024]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-12-23 391152]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-12-23 771056]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-12-23 770032]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-03-08 1021056]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2012-03-08 800896]
"rfagent"="c:\program files\RFA 10\rfagent64.exe" [2014-11-26 3525656]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-12-13 2531472]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-12-13 2824504]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{F791A188-699D-4FD4-955A-EB59E89B1907}"= "c:\program files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll" [2010-01-28 104448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
c:\users\Black\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\July AccuWeather.lnk - c:\users\Black\Documents\JulyWeather.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\21.6.0.32\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\21.6.0.32\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HyperDeskCustomThemeEnabler]
"ImagePath"="\"c:\windows\Installer\MSIC565.tmp\" -service"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton 360\Engine\21.6.0.32;c:\program files (x86)\Norton 360\Engine64\21.6.0.32"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG18.00.00.01PROFESSIONAL"="CEA14854DE729A4E7045058399774CD10288D3AE9A83A7B13EA5DBEA0C69C94CF4E0364049AE5044BF73260E40FAFCA7FD8D9E7912231D2E2B658FF311BCC77FFB53924E87C66D92CC015A55505F2E93672A7A8ABD898AE0106878E3D483DE146490B21FD2B0329E11A793A40A0ACC734DD818F5832C2ABFAD8922367F6634B646F61E3BB76450ED16E3762B7C67B6464E57D834188828E25BE94C4E8B12623ACA28910C17616F2D7DF95C7C0F6543AF9E2BD322071EA6877F6E69EF4A36F5143187FDDE25A7A92877EED210FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D1407A9C6AECB7A5D14078EDD5E5BE2F6E667A2D97226D213B555BB9E6FDCC7B088D76585DC3C0C42B0DF83D1A673CF4BDF979A301056B70207F2EF5EB87A32104D18CFD42691E640837726F81E55FABD6A08E9675AFE1B62C884D0477BD76115C8BE5CB25E4B03B83681AFAD3499D2ABFA07382A6D0C125376F327A1FBC20BBB25F2B83958908AC90FCE5178E5DF99F3912B5B9318B3121571438DB9F4AEFA46BD3FE6845CABBD5408928FE9A9ECA139E6F200C29BD4A32A4B59F3E014AE0E392391B8B7240AED004EE24793E5275563E5BDA2DAAB6FE55DCD7C9D6AFCFDB65D99BCD978DE410536C2BC230CF69C2E1D2B4E1884F1A808B972DBA430C37BFBBF9A77C56F30867CA4FB7FA6EE2E7A3E558A5006EB8B48508E6A0AF10EF2A8F7B2525BCC4A2F34E33D436D2659CD96A8C00A4EE7400ABC977118F9C6E509A9D8CA20E7143BE54BDE3715AECDED8EE7A754E4B80B3371964C391306379BF7CADF609A7D15F7536D248C244E98D51D8B854B096415003B8AED03A7ECAA97A5F8641209E41CB96CE180FAD5BB5BB9184023A61989795FD3F1922FD44F5DC56BC4D0C0E746493F1692518543CA39C7956A75A8EA4505919DC8E4E0CDB05D1998662310683213482D908A70BA32AD341B1284588A16565CEC3020817A7D9004EE36EDE9EE9A401C7F0C34C7BB0F84B4A6626C013561DE040B6E953BF6012D012433567C13D46E84CF5DE7D97E5EE184A72CDC31DDEF6756336AAC8092ED3F0B627E9838A19B0FCD557F57B6EB84B9E082629A3DABEE09A21A325C83CFD8A723C6DD01521C8DE5C93C9143B61F4AD68E8D9DFDBBF7ECB33DE0F634BD67BA99CE64BC72C3362D0DCEA2550572EC58D6529699F38752DFA97C230CD26AC3721C9641A66349D9E06F371B3386485941AB78DD37FB40FC9F023C6C6C6E8A06BF8B86D6CEDEE4A1F24FDEAD3448DB1D7699CE96F7A948ED67A6DC3E33D1627F4918AF930C815CDE914129D489DC12274E3C27688526C650D9D6C10EA258F8B9184526D9D5FEB6954FAD7B7F056A9419070259EFAC2E2903F9A552C41F759BEF1AE903FECC"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\IObit\Advanced SystemCare 8\Suo12_StartupManager.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
c:\program files (x86)\Glary Utilities 5\Integrator.exe
.
**************************************************************************
.
Celkový čas: 2015-01-23 15:24:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-01-23 14:24
.
Před spuštěním: Volných bajtů: 175 499 689 984
Po spuštění: Volných bajtů: 174 953 758 720
.
- - End Of File - - 87AD1695C7F16C44BEA8405409499D9B
A36C5E4F47E84449FF07ED3517B43A31
Re: VBS Duhini - jak se dá odstranit ?
Napsal: 23 led 2015 16:59
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přtáhněte nad ikonu ComboFix a pusťte. CF se spsutí vykoná příkazy ze skriptu.KillAll::
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
Driver::
c2cautoupdatesvc
c2cpnrsvc
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
Regnull::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
Reboot::
Re: VBS Duhini - jak se dá odstranit ?
Napsal: 23 led 2015 17:31
Dobře zachvíli to tam vložím.
A mohu se zeptat co mi to odstranilo ? všiml jsme si že mi to odstranilo počasí (July Weather)
ale to nemohlo přitahovat ty útoky ?
A mohu se zeptat co mi to odstranilo ? všiml jsme si že mi to odstranilo počasí (July Weather)
ale to nemohlo přitahovat ty útoky ?