VIRY.CZ

Dobrý den.
Po té co N360 nahlásil zablokovaní neautorizovaného přístupu z conhost.exe jsem projel celé PC pomocí N360 a všech jeho dalších nástrojů. PC se nepřestávalo zasekávat a tak jsem použil combofix. PC se přestalo sekat. Přesto raději poprosím odborníky, zda by nemrkli na níže uvedený log. MOC DĚKUJU!

ComboFix 14-08-31.01 - kuba 03.09.2014 10:38:35.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.16374.12969 [GMT 2:00]
Spuštěný z: c:\users\kuba\Desktop\xyz.exe
AV: Norton 360 *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton 360 *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton 360 *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\87443810NZZ
c:\users\kuba\AppData\Local\assembly\tmp
c:\users\kuba\AppData\Roaming\Mozilla\Firefox\Profiles\at16fwip.default\search-metadata.json
E:\install.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-08-03 do 2014-09-03 )))))))))))))))))))))))))))))))
.
.
2014-09-03 08:47 . 2014-09-03 08:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-03 07:50 . 2014-09-03 07:50 -------- d-----w- c:\windows\SysWow64\N360_BACKUP
2014-09-03 07:39 . 2014-09-03 07:39 96856 ----a-w- c:\windows\system32\drivers\SMR410.SYS
2014-08-28 08:32 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-28 08:32 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-28 08:32 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-26 12:46 . 2014-08-26 14:04 -------- d-----w- c:\users\kuba\AppData\Roaming\uTorrent
2014-08-20 08:36 . 2014-08-20 08:36 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-08-20 08:36 . 2014-08-20 08:36 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-20 08:36 . 2014-08-20 08:36 -------- d-----w- c:\program files (x86)\Java
2014-08-14 07:15 . 2014-07-07 06:29 -------- d---a-w- c:\users\kuba\AppData\Roaming\com.adobe.AdobeMuseCC.2014.1
2014-08-13 08:28 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-13 08:28 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-13 08:28 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-13 08:28 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-13 08:28 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-13 08:28 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-13 08:28 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-13 08:28 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-13 04:22 . 2014-07-31 23:16 812224 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe
2014-08-10 13:29 . 2014-08-28 00:26 -------- d-----w- c:\windows\system32\drivers\N360x64\1505000.013
2014-08-07 11:09 . 2014-08-07 11:09 -------- d-----w- c:\users\kuba\AppData\Local\TuneUp Software
2014-08-07 11:00 . 2014-07-16 08:24 43320 ----a-w- c:\windows\system32\uxtuneup.dll
2014-08-07 11:00 . 2014-07-16 08:24 36152 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2014-08-07 10:59 . 2014-07-16 08:24 40760 ----a-w- c:\windows\system32\TURegOpt.exe
2014-08-07 10:59 . 2014-07-16 08:24 29496 ----a-w- c:\windows\system32\authuitu.dll
2014-08-07 10:59 . 2014-07-16 08:24 25400 ----a-w- c:\windows\SysWow64\authuitu.dll
2014-08-07 10:59 . 2014-08-07 10:59 -------- d-----w- c:\users\kuba\AppData\Roaming\TuneUp Software
2014-08-07 10:59 . 2014-08-07 11:10 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2014
2014-08-07 10:58 . 2014-08-07 11:00 -------- d-----w- c:\programdata\TuneUp Software
2014-08-07 10:58 . 2014-08-07 11:05 -------- d-sh--w- c:\programdata\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-28 12:05 . 2012-07-17 13:37 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-26 12:42 . 2014-02-04 17:28 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-26 12:42 . 2014-02-04 17:28 699568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-13 08:30 . 2014-02-04 15:41 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-07-11 07:01 . 2014-03-01 18:10 20832 ----a-w- c:\windows\system32\drivers\DDCDrv.sys
2014-07-11 07:01 . 2014-03-01 18:10 145920 ----a-w- c:\windows\system32\DDCHelper.dll
2014-07-11 07:01 . 2014-03-01 18:10 125440 ----a-w- c:\windows\system32\DDCHelperX.dll
2014-07-11 07:01 . 2014-03-01 18:10 108032 ----a-w- c:\windows\SysWow64\DDCHelperX.dll
2014-07-11 07:01 . 2014-03-01 18:10 10240 ----a-w- c:\windows\SysWow64\drivers\DDCDrv.sys
2014-06-23 15:13 . 2014-06-23 15:13 382832 ----a-w- c:\windows\SysWow64\XRiteDevice.dll
2014-06-22 08:42 . 2014-06-22 08:42 78432 ----a-w- c:\windows\system32\atimpc64.dll
2014-06-22 08:42 . 2014-06-22 08:42 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2014-06-22 08:42 . 2014-06-22 08:42 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2014-06-22 08:42 . 2014-06-22 08:42 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2014-06-22 08:42 . 2014-06-22 08:42 143304 ----a-w- c:\windows\system32\atiuxp64.dll
2014-06-22 08:42 . 2014-03-14 18:08 126336 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2014-06-22 08:41 . 2014-06-22 08:41 116024 ----a-w- c:\windows\system32\atiu9p64.dll
2014-06-22 08:41 . 2013-12-24 07:38 99008 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2014-06-22 08:41 . 2014-06-22 08:41 1329864 ----a-w- c:\windows\system32\aticfx64.dll
2014-06-22 08:41 . 2013-12-24 07:36 1107384 ----a-w- c:\windows\SysWow64\aticfx32.dll
2014-06-22 08:41 . 2014-06-22 08:41 10177112 ----a-w- c:\windows\system32\atidxx64.dll
2014-06-22 08:41 . 2014-03-14 18:08 8764952 ----a-w- c:\windows\SysWow64\atidxx32.dll
2014-06-22 08:41 . 2013-12-24 07:34 10147688 ----a-w- c:\windows\SysWow64\atiumdva.dll
2014-06-22 08:41 . 2013-12-24 07:33 6715752 ----a-w- c:\windows\SysWow64\atiumdag.dll
2014-06-22 08:41 . 2014-06-22 08:41 10901696 ----a-w- c:\windows\system32\atiumd6a.dll
2014-06-22 08:41 . 2014-06-22 08:41 7896632 ----a-w- c:\windows\system32\atiumd64.dll
2014-06-22 08:35 . 2014-06-22 08:35 13955584 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2014-06-22 08:21 . 2014-06-22 08:21 230912 ----a-w- c:\windows\system32\clinfo.exe
2014-06-22 08:21 . 2014-06-22 08:21 98816 ----a-w- c:\windows\system32\OpenVideo64.dll
2014-06-22 08:20 . 2014-06-22 08:20 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2014-06-22 08:20 . 2014-06-22 08:20 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2014-06-22 08:20 . 2014-06-22 08:20 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll
2014-06-22 08:20 . 2014-06-22 08:20 28427264 ----a-w- c:\windows\system32\amdocl64.dll
2014-06-22 08:18 . 2014-06-22 08:18 23905280 ----a-w- c:\windows\SysWow64\amdocl.dll
2014-06-22 08:15 . 2014-06-22 08:15 65024 ----a-w- c:\windows\system32\OpenCL.dll
2014-06-22 08:15 . 2014-06-22 08:15 58880 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-06-22 08:05 . 2014-06-22 08:05 368640 ----a-w- c:\windows\system32\atiapfxx.exe
2014-06-22 08:05 . 2014-06-22 08:05 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2014-06-22 08:05 . 2014-06-22 08:05 27228672 ----a-w- c:\windows\system32\atio6axx.dll
2014-06-22 08:05 . 2014-06-22 08:05 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2014-06-22 08:05 . 2014-06-22 08:05 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2014-06-22 08:05 . 2014-06-22 08:05 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2014-06-22 08:04 . 2014-06-22 08:04 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
2014-06-22 08:01 . 2014-06-22 08:01 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2014-06-22 07:45 . 2014-06-22 07:45 22903296 ----a-w- c:\windows\SysWow64\atioglxx.dll
2014-06-22 07:44 . 2014-06-22 07:44 442368 ----a-w- c:\windows\system32\atidemgy.dll
2014-06-22 07:44 . 2014-06-22 07:44 31232 ----a-w- c:\windows\system32\atimuixx.dll
2014-06-22 07:44 . 2014-06-22 07:44 589824 ----a-w- c:\windows\system32\atieclxx.exe
2014-06-22 07:43 . 2014-06-22 07:43 240128 ----a-w- c:\windows\system32\atiesrxx.exe
2014-06-22 07:41 . 2014-06-22 07:41 190976 ----a-w- c:\windows\system32\atitmm64.dll
2014-06-22 07:30 . 2014-06-22 07:30 44544 ----a-w- c:\windows\system32\amdmmcl6.dll
2014-06-22 07:30 . 2014-06-22 07:30 35840 ----a-w- c:\windows\SysWow64\amdmmcl.dll
2014-06-22 07:18 . 2014-05-20 18:31 808960 ----a-w- c:\windows\system32\coinst_13.352.dll
2014-06-22 07:07 . 2014-06-22 07:07 1147904 ----a-w- c:\windows\system32\atiadlxx.dll
2014-06-22 07:07 . 2014-06-22 07:07 826880 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2014-06-22 07:07 . 2014-06-22 07:07 75264 ----a-w- c:\windows\system32\atig6pxx.dll
2014-06-22 07:07 . 2014-06-22 07:07 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2014-06-22 07:07 . 2014-06-22 07:07 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2014-06-22 07:07 . 2014-06-22 07:07 146432 ----a-w- c:\windows\system32\atig6txx.dll
2014-06-22 07:06 . 2014-06-22 07:06 133120 ----a-w- c:\windows\SysWow64\atigktxx.dll
2014-06-22 07:06 . 2014-06-22 07:06 630784 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2014-06-22 07:02 . 2014-06-22 07:02 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2014-06-22 02:31 . 2014-06-22 02:31 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
2014-06-22 02:26 . 2014-06-22 02:26 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2014-06-21 07:49 . 2014-06-21 07:49 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2014-06-18 02:18 . 2014-07-09 21:52 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 21:52 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-17 00:57 . 2014-07-08 09:35 10779000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F1434496-C09C-446E-BA43-80CE0CB4703B}\mpengine.dll
2014-06-06 10:10 . 2014-07-09 21:52 624128 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-09 21:52 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-09 21:52 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-09 21:52 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-09 21:52 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-08-01 18:53 233128 ----a-w- c:\users\kuba\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-08-01 18:53 233128 ----a-w- c:\users\kuba\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-08-01 18:53 233128 ----a-w- c:\users\kuba\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-07-08 12:11 463360 ----a-w- c:\users\kuba\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-07-08 12:11 463360 ----a-w- c:\users\kuba\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-07-08 12:11 463360 ----a-w- c:\users\kuba\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NextLive"="c:\users\kuba\AppData\Roaming\newnext.me\nengine.dll" [2014-01-06 1283584]
"SkyDrive"="c:\users\kuba\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2014-08-01 251040]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2014-07-15 39408]
"Grid"="c:\program files (x86)\ATI Technologies\HydraVision\HydraGrd.exe" [2013-12-24 401408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2014-07-22 2694040]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2012-09-23 3477640]
"RUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe" [2011-09-20 115048]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"FontExpertType1Loader"="c:\program files (x86)\FontExpert\Type1Loader.exe" [2010-05-14 294208]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-06-22 767200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-07-23 688984]
.
c:\users\kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
i1Profiler Tray.lnk - c:\program files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe [2014-3-1 2519552]
Logo Calibration Loader.lnk - c:\program files (x86)\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [2014-3-1 708608]
ProfileReminder.lnk - c:\program files (x86)\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [2014-3-1 954368]
SrvMod.lnk - c:\windows\twain_32\L12U16U2\SrvMod.exe [2008-7-23 49152]
XRGamma.lnk - c:\program files (x86)\X-Rite\i1Profiler\XRGamma.exe [2014-3-1 802816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys;c:\windows\SYSNATIVE\drivers\pdihwctl.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 EyeOneDisplay;EyeOneDisplay;c:\windows\system32\Drivers\i1display_x64.sys;c:\windows\SYSNATIVE\Drivers\i1display_x64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Samsung UPD Service2;Samsung UPD Service2;c:\windows\System32\SUPDSvc2.exe;c:\windows\SYSNATIVE\SUPDSvc2.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 vdisk;Virtual Disk Driver;c:\windows\system32\DRIVERS\vdisk.sys;c:\windows\SYSNATIVE\DRIVERS\vdisk.sys [x]
R3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\kuba\AppData\Local\Temp\tmp7AF9.tmp;c:\users\kuba\AppData\Local\Temp\tmp7AF9.tmp [x]
R3 WSDScan;Podpora skenování WSD přes UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);c:\program files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE;c:\program files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 oodisr;O&O DiskImage Snapshot/Restore Driver;c:\windows\system32\DRIVERS\oodisr.sys;c:\windows\SYSNATIVE\DRIVERS\oodisr.sys [x]
S0 oodisrh;oodisrh;c:\windows\system32\DRIVERS\oodisrh.sys;c:\windows\SYSNATIVE\DRIVERS\oodisrh.sys [x]
S0 oodivd;O&O DiskImage Virtual Devices Driver;c:\windows\system32\DRIVERS\oodivd.sys;c:\windows\SYSNATIVE\DRIVERS\oodivd.sys [x]
S0 oodivdh;oodivdh;c:\windows\system32\DRIVERS\oodivdh.sys;c:\windows\SYSNATIVE\DRIVERS\oodivdh.sys [x]
S0 SMR410;Symantec SMR Utility Service 4.1.0;c:\windows\System32\drivers\SMR410.SYS;c:\windows\SYSNATIVE\drivers\SMR410.SYS [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1505000.013\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1505000.013\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1505000.013\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1505000.013\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140821.007\BHDrvx64.sys;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140821.007\BHDrvx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1505000.013\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1505000.013\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140901.001\IDSvia64.sys;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140901.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1505000.013\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1505000.013\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1505000.013\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1505000.013\SYMNETS.SYS [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run;c:\windows\SYSNATIVE\hasplms.exe -run [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 IOCBIOS;IOCBIOS;c:\programdata\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.sys;c:\programdata\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.sys [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\21.5.0.19\N360.exe;c:\program files (x86)\Norton 360\Engine\21.5.0.19\N360.exe [x]
S2 OO DiskImage;OO DiskImage;c:\program files\OO Software\DiskImage\oodiag.exe;c:\program files\OO Software\DiskImage\oodiag.exe [x]
S2 PSI_SVC_2_x64;Corel License Validation Service V2 x64, Powered by arvato;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [x]
S2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\system32\drivers\DDCDrv.sys;c:\windows\SYSNATIVE\drivers\DDCDrv.sys [x]
S2 xrdd.exe;X-Rite Device Services Manager;c:\program files (x86)\X-Rite\Devices\Services\xrdd.exe;c:\program files (x86)\X-Rite\Devices\Services\xrdd.exe [x]
S2 XTUService;Intel(R) Extreme Tuning Utility;c:\program files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe;c:\program files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 e1kexpress;Intel(R) Network Connections Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 EyeOne;EyeOne;c:\windows\system32\Drivers\i1_x64.sys;c:\windows\SYSNATIVE\Drivers\i1_x64.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\rusb3hub.sys [x]
S3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\rusb3xhc.sys [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys;c:\windows\SYSNATIVE\DRIVERS\teamviewervpn.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-13 12:51 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-09-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-04 12:42]
.
2014-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-04 16:22]
.
2014-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-04 16:22]
.
2014-09-03 c:\windows\Tasks\OO DiskImage {0c871c33-6807-42de-a27d-187132c51a68}.job
- c:\program files\OO Software\DiskImage\oodiag.exe [2014-08-04 13:57]
.
2014-09-03 c:\windows\Tasks\OO DiskImage {420417f3-7e6a-4016-9f08-9a0b9988e68c}.job
- c:\program files\OO Software\DiskImage\oodiag.exe [2014-08-04 13:57]
.
2014-09-03 c:\windows\Tasks\OO DiskImage {c617d1fd-d25a-4205-90ea-15c04fa85d2d}.job
- c:\program files\OO Software\DiskImage\oodiag.exe [2014-08-04 13:57]
.
2014-09-03 c:\windows\Tasks\X-Rite Device Services Software Updater.job
- c:\program files (x86)\X-Rite\Devices\Services\XRD Software Update.exe [2014-06-23 15:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-05-30 09:42 2471744 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2014-07-16 09:06 672416 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2014-07-16 09:06 672416 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2014-07-16 09:06 672416 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-08-01 18:53 260776 ----a-w- c:\users\kuba\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-08-01 18:53 260776 ----a-w- c:\users\kuba\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-08-01 18:53 260776 ----a-w- c:\users\kuba\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-07-08 12:11 470016 ----a-w- c:\users\kuba\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-07-08 12:11 470016 ----a-w- c:\users\kuba\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-07-08 12:11 470016 ----a-w- c:\users\kuba\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OODIIcon]
@="{14A94384-BBED-47ed-86C0-6BF63FD892D0}"
[HKEY_CLASSES_ROOT\CLSID\{14A94384-BBED-47ed-86C0-6BF63FD892D0}]
2014-08-04 13:58 114984 ----a-w- c:\program files\OO Software\DiskImage\oodishi.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-03-22 36352]
"OODITRAY.EXE"="c:\program files\OO Software\DiskImage\ooditray.exe" [2014-08-04 6336808]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-27 558496]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-05-30 13672152]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Převést cíl vazby do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{9AE50D72-20FB-43F3-94FB-51EA747180B2}: NameServer = 8.8.8.8
FF - ProfilePath - c:\users\kuba\AppData\Roaming\Mozilla\Firefox\Profiles\at16fwip.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\21.5.0.19\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\21.5.0.19\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1505000.013\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton 360\Engine\21.5.0.19;c:\program files (x86)\Norton 360\Engine64\21.5.0.19"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\kuba\AppData\Local\Temp\tmp7AF9.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODI08.00.00.01PRO"="556E430E91D9CFEC8F90884F4C8428A1F9FB7661CE0122EDAEA17AA8D3E03CD7B2C26A6AC0CFEA046E7D4B66DFD0753A3E32B6B83A43D93007AE430B73BC4022E2B1859FC3B286405B3D229F72F2D57035FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D14078EDD5E5BE2F6E667BA7FD869164D6794A6171C11EC38DE3D53303E3CBF1CF4F2B48529315B0398819B85AC1F967EEC3B9DF8635DF07D62A0C50EC67AD00AA548EAE5FEC3FB605EAECB390D5060133A8A03FC3B282A474A3844ABE377B0742E396D8B05CB2DBE92B76B90A26D3FDE7C29E34B813CCB15656E3AE4A4A52231A798DE32A5A674A73C2C70CBD6DB20BB4700AA423CA6C83373A328594CDF3C1C9EE073D901162FA6D4BBE56A46674506A2185703265CE46F2ADBA36BCE5FE716142DF4C56B3F8CCC4B3D68B1413DC0A088227C752B34BC1C303ED2C2DAC7E6037DC0BF00EB2C902E7FABAB2B4CEF7D7167EF42426D683B90211773C9CA1C49C8C2FEC6D33D491364492375241F773860A3F7E258439AA3A78ED5D53034C477D443708D5150683F0B73E6A02DA72C00DB93D62EEAB44C0C3FFA8F5DE9DB0E2A954DC3AECCC73F15C3395C9A1C064E3B56824A08ED0066DC3A5F7A82ACBD2873FE2848D5DEFA66E832CE0CE6098DFD22452EB5E59C1633557F28F3D273072833880B734662F6DC628159A61AD2C8C3C1A1CB1F55F41E628679337B6CFE9A85A12F255ED3F77902FC5AF37C5F98738879E90132F3B97007D596573585D18E9DC97115C56884769C08702B8375417C1C011EE9BDF5EF1B9AFD4ADAE764322F3089D2710B01AF1656A77702D5AE758AAF5E4693B422E2DD758B8B7A01E72CF863945B42B1AF65333B54296DB06FA1755A6FEA822E54A0B0586253650FFD8E1FBCEF16856319D6DDBD593F59F634F6C996E419AE647AF93CE7B5A141462C6D89A9F714ABEDF576D932D67D22AD0A6CC742436281361906DC291178A37F8A1FD07C5C6799C014FD9C533FA61B7F1438649F645ED9A7471F2689D1DE1CB5C53EC3669CA8A971556854BEDC04893A885A48D573240B5EB0E3DCD6A9DEA6889D2B660392F327B92E76DF74C863A6503192CDEEF1D35DA693B479C59D873A3EE508ED4D67E7D375A82D525AF313A155EBE588D8B58C896EC4B9AA6D89ECBD3B88BBC4249BA7E4A4E05372B9A1E99C85AB9D3CE6E576414729DC514898230D0E00730B4E7FDC836E0975BC406BBE2DBE76C7E0CF7F39256B3ECA04374EC5F8E45D1C1173BB31CB9AE5E36180BAEF5C0267B4A22C55034E3312F50B7C80F3C495C3695E9FCA56CE16D1B2C26D51DCAA74AA78627B0986461EC895644057D0A896ED53ADC3F9FD13F139B9F762C16A08E185EE352195F80DCF1924428DD20251"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-09-03 11:00:32
ComboFix-quarantined-files.txt 2014-09-03 09:00
.
Před spuštěním: Volných bajtů: 28 279 443 456
Po spuštění: Volných bajtů: 28 861 116 416
.
- - End Of File - - 7751689D06E02D08532203B20DCAF64B
A36C5E4F47E84449FF07ED3517B43A31

Zdravím!
Proč spouštíte ComboFix, profesionální utilitu, která není určena laikům? Hodláte si nabořit systém, nebo některou aplikaci?

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Folder::
c:\program files (x86)\Google\GoogleToolbarNotifier

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=-

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Regnull::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]

Reboot::

Uložte nna plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Zoufalost a časový press kvůli zakázce od klienta, který mne ve své podstatě živí... A modlil jsem se, aby to systém nezbouralo. Za chvilku udělám a dám vědět.
Díky moc!!!

kubak píše:Zoufalost a časový press kvůli zakázce od klienta, který mne ve své podstatě živí... A modlil jsem se, aby to systém nezbouralo. Za chvilku udělám a dám vědět.
Díky moc!!!

Ani já si nedovolím spustit CF bez předchozí kontrolxy běžným skenerem. Abych si mohl dovolit CF spustit, musím vědět, co v systému běží.

Tak tady to je.
Moc děkuju!

ComboFix 14-08-31.01 - kuba 03.09.2014 20:07:56.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.16374.13820 [GMT 2:00]
Spuštěný z: c:\users\kuba\Desktop\xyz.exe
Použité ovládací přepínače :: c:\users\kuba\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton 360 *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton 360 *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\GoogleToolbarNotifier
c:\program files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\gth.dll
c:\program files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\gtn.dll
c:\program files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\Readme.url
c:\program files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\users\kuba\AppData\Local\assembly\tmp
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-08-03 do 2014-09-03 )))))))))))))))))))))))))))))))
.
.
2014-09-03 18:17 . 2014-09-03 18:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-03 07:50 . 2014-09-03 07:50 -------- d-----w- c:\windows\SysWow64\N360_BACKUP
2014-08-28 08:32 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-28 08:32 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-28 08:32 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-26 12:46 . 2014-08-26 14:04 -------- d-----w- c:\users\kuba\AppData\Roaming\uTorrent
2014-08-20 08:36 . 2014-08-20 08:36 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-08-20 08:36 . 2014-08-20 08:36 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-20 08:36 . 2014-08-20 08:36 -------- d-----w- c:\program files (x86)\Java
2014-08-14 07:15 . 2014-07-07 06:29 -------- d---a-w- c:\users\kuba\AppData\Roaming\com.adobe.AdobeMuseCC.2014.1
2014-08-13 08:28 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-13 08:28 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-13 08:28 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-13 08:28 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-13 08:28 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-13 08:28 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-13 08:28 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-13 08:28 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-13 04:22 . 2014-07-31 23:16 812224 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe
2014-08-10 13:29 . 2014-08-28 00:26 -------- d-----w- c:\windows\system32\drivers\N360x64\1505000.013
2014-08-07 11:09 . 2014-08-07 11:09 -------- d-----w- c:\users\kuba\AppData\Local\TuneUp Software
2014-08-07 11:00 . 2014-07-16 08:24 43320 ----a-w- c:\windows\system32\uxtuneup.dll
2014-08-07 11:00 . 2014-07-16 08:24 36152 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2014-08-07 10:59 . 2014-07-16 08:24 40760 ----a-w- c:\windows\system32\TURegOpt.exe
2014-08-07 10:59 . 2014-07-16 08:24 29496 ----a-w- c:\windows\system32\authuitu.dll
2014-08-07 10:59 . 2014-07-16 08:24 25400 ----a-w- c:\windows\SysWow64\authuitu.dll
2014-08-07 10:59 . 2014-08-07 10:59 -------- d-----w- c:\users\kuba\AppData\Roaming\TuneUp Software
2014-08-07 10:59 . 2014-08-07 11:10 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2014
2014-08-07 10:58 . 2014-08-07 11:00 -------- d-----w- c:\programdata\TuneUp Software
2014-08-07 10:58 . 2014-08-07 11:05 -------- d-sh--w- c:\programdata\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-28 12:05 . 2012-07-17 13:37 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-26 12:42 . 2014-02-04 17:28 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-26 12:42 . 2014-02-04 17:28 699568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-13 08:30 . 2014-02-04 15:41 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-07-11 07:01 . 2014-03-01 18:10 20832 ----a-w- c:\windows\system32\drivers\DDCDrv.sys
2014-07-11 07:01 . 2014-03-01 18:10 145920 ----a-w- c:\windows\system32\DDCHelper.dll
2014-07-11 07:01 . 2014-03-01 18:10 125440 ----a-w- c:\windows\system32\DDCHelperX.dll
2014-07-11 07:01 . 2014-03-01 18:10 108032 ----a-w- c:\windows\SysWow64\DDCHelperX.dll
2014-07-11 07:01 . 2014-03-01 18:10 10240 ----a-w- c:\windows\SysWow64\drivers\DDCDrv.sys
2014-06-23 15:13 . 2014-06-23 15:13 382832 ----a-w- c:\windows\SysWow64\XRiteDevice.dll
2014-06-22 08:42 . 2014-06-22 08:42 78432 ----a-w- c:\windows\system32\atimpc64.dll
2014-06-22 08:42 . 2014-06-22 08:42 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2014-06-22 08:42 . 2014-06-22 08:42 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2014-06-22 08:42 . 2014-06-22 08:42 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2014-06-22 08:42 . 2014-06-22 08:42 143304 ----a-w- c:\windows\system32\atiuxp64.dll
2014-06-22 08:42 . 2014-03-14 18:08 126336 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2014-06-22 08:41 . 2014-06-22 08:41 116024 ----a-w- c:\windows\system32\atiu9p64.dll
2014-06-22 08:41 . 2013-12-24 07:38 99008 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2014-06-22 08:41 . 2014-06-22 08:41 1329864 ----a-w- c:\windows\system32\aticfx64.dll
2014-06-22 08:41 . 2013-12-24 07:36 1107384 ----a-w- c:\windows\SysWow64\aticfx32.dll
2014-06-22 08:41 . 2014-06-22 08:41 10177112 ----a-w- c:\windows\system32\atidxx64.dll
2014-06-22 08:41 . 2014-03-14 18:08 8764952 ----a-w- c:\windows\SysWow64\atidxx32.dll
2014-06-22 08:41 . 2013-12-24 07:34 10147688 ----a-w- c:\windows\SysWow64\atiumdva.dll
2014-06-22 08:41 . 2013-12-24 07:33 6715752 ----a-w- c:\windows\SysWow64\atiumdag.dll
2014-06-22 08:41 . 2014-06-22 08:41 10901696 ----a-w- c:\windows\system32\atiumd6a.dll
2014-06-22 08:41 . 2014-06-22 08:41 7896632 ----a-w- c:\windows\system32\atiumd64.dll
2014-06-22 08:35 . 2014-06-22 08:35 13955584 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2014-06-22 08:21 . 2014-06-22 08:21 230912 ----a-w- c:\windows\system32\clinfo.exe
2014-06-22 08:21 . 2014-06-22 08:21 98816 ----a-w- c:\windows\system32\OpenVideo64.dll
2014-06-22 08:20 . 2014-06-22 08:20 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2014-06-22 08:20 . 2014-06-22 08:20 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2014-06-22 08:20 . 2014-06-22 08:20 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll
2014-06-22 08:20 . 2014-06-22 08:20 28427264 ----a-w- c:\windows\system32\amdocl64.dll
2014-06-22 08:18 . 2014-06-22 08:18 23905280 ----a-w- c:\windows\SysWow64\amdocl.dll
2014-06-22 08:15 . 2014-06-22 08:15 65024 ----a-w- c:\windows\system32\OpenCL.dll
2014-06-22 08:15 . 2014-06-22 08:15 58880 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-06-22 08:05 . 2014-06-22 08:05 368640 ----a-w- c:\windows\system32\atiapfxx.exe
2014-06-22 08:05 . 2014-06-22 08:05 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2014-06-22 08:05 . 2014-06-22 08:05 27228672 ----a-w- c:\windows\system32\atio6axx.dll
2014-06-22 08:05 . 2014-06-22 08:05 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2014-06-22 08:05 . 2014-06-22 08:05 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2014-06-22 08:05 . 2014-06-22 08:05 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2014-06-22 08:04 . 2014-06-22 08:04 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
2014-06-22 08:01 . 2014-06-22 08:01 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2014-06-22 07:45 . 2014-06-22 07:45 22903296 ----a-w- c:\windows\SysWow64\atioglxx.dll
2014-06-22 07:44 . 2014-06-22 07:44 442368 ----a-w- c:\windows\system32\atidemgy.dll
2014-06-22 07:44 . 2014-06-22 07:44 31232 ----a-w- c:\windows\system32\atimuixx.dll
2014-06-22 07:44 . 2014-06-22 07:44 589824 ----a-w- c:\windows\system32\atieclxx.exe
2014-06-22 07:43 . 2014-06-22 07:43 240128 ----a-w- c:\windows\system32\atiesrxx.exe
2014-06-22 07:41 . 2014-06-22 07:41 190976 ----a-w- c:\windows\system32\atitmm64.dll
2014-06-22 07:30 . 2014-06-22 07:30 44544 ----a-w- c:\windows\system32\amdmmcl6.dll
2014-06-22 07:30 . 2014-06-22 07:30 35840 ----a-w- c:\windows\SysWow64\amdmmcl.dll
2014-06-22 07:18 . 2014-05-20 18:31 808960 ----a-w- c:\windows\system32\coinst_13.352.dll
2014-06-22 07:07 . 2014-06-22 07:07 1147904 ----a-w- c:\windows\system32\atiadlxx.dll
2014-06-22 07:07 . 2014-06-22 07:07 826880 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2014-06-22 07:07 . 2014-06-22 07:07 75264 ----a-w- c:\windows\system32\atig6pxx.dll
2014-06-22 07:07 . 2014-06-22 07:07 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2014-06-22 07:07 . 2014-06-22 07:07 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2014-06-22 07:07 . 2014-06-22 07:07 146432 ----a-w- c:\windows\system32\atig6txx.dll
2014-06-22 07:06 . 2014-06-22 07:06 133120 ----a-w- c:\windows\SysWow64\atigktxx.dll
2014-06-22 07:06 . 2014-06-22 07:06 630784 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2014-06-22 07:02 . 2014-06-22 07:02 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2014-06-22 02:31 . 2014-06-22 02:31 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
2014-06-22 02:26 . 2014-06-22 02:26 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2014-06-21 07:49 . 2014-06-21 07:49 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2014-06-18 02:18 . 2014-07-09 21:52 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 21:52 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-17 00:57 . 2014-07-08 09:35 10779000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F1434496-C09C-446E-BA43-80CE0CB4703B}\mpengine.dll
2014-06-06 10:10 . 2014-07-09 21:52 624128 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-09 21:52 509440 ----a-w- c:\windows\SysWow64\qedit.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-08-01 18:53 233128 ----a-w- c:\users\kuba\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-08-01 18:53 233128 ----a-w- c:\users\kuba\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-08-01 18:53 233128 ----a-w- c:\users\kuba\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-07-08 12:11 463360 ----a-w- c:\users\kuba\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-07-08 12:11 463360 ----a-w- c:\users\kuba\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-07-08 12:11 463360 ----a-w- c:\users\kuba\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NextLive"="c:\users\kuba\AppData\Roaming\newnext.me\nengine.dll" [2014-01-06 1283584]
"SkyDrive"="c:\users\kuba\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2014-08-01 251040]
"Grid"="c:\program files (x86)\ATI Technologies\HydraVision\HydraGrd.exe" [2013-12-24 401408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2014-07-22 2694040]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2012-09-23 3477640]
"RUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe" [2011-09-20 115048]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"FontExpertType1Loader"="c:\program files (x86)\FontExpert\Type1Loader.exe" [2010-05-14 294208]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-06-22 767200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-07-23 688984]
.
c:\users\kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
i1Profiler Tray.lnk - c:\program files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe [2014-3-1 2519552]
Logo Calibration Loader.lnk - c:\program files (x86)\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [2014-3-1 708608]
ProfileReminder.lnk - c:\program files (x86)\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [2014-3-1 954368]
SrvMod.lnk - c:\windows\twain_32\L12U16U2\SrvMod.exe [2008-7-23 49152]
XRGamma.lnk - c:\program files (x86)\X-Rite\i1Profiler\XRGamma.exe [2014-3-1 802816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys;c:\windows\SYSNATIVE\drivers\pdihwctl.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 EyeOneDisplay;EyeOneDisplay;c:\windows\system32\Drivers\i1display_x64.sys;c:\windows\SYSNATIVE\Drivers\i1display_x64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Samsung UPD Service2;Samsung UPD Service2;c:\windows\System32\SUPDSvc2.exe;c:\windows\SYSNATIVE\SUPDSvc2.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 vdisk;Virtual Disk Driver;c:\windows\system32\DRIVERS\vdisk.sys;c:\windows\SYSNATIVE\DRIVERS\vdisk.sys [x]
R3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\kuba\AppData\Local\Temp\tmp7AF9.tmp;c:\users\kuba\AppData\Local\Temp\tmp7AF9.tmp [x]
R3 WSDScan;Podpora skenování WSD přes UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);c:\program files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE;c:\program files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 oodisr;O&O DiskImage Snapshot/Restore Driver;c:\windows\system32\DRIVERS\oodisr.sys;c:\windows\SYSNATIVE\DRIVERS\oodisr.sys [x]
S0 oodisrh;oodisrh;c:\windows\system32\DRIVERS\oodisrh.sys;c:\windows\SYSNATIVE\DRIVERS\oodisrh.sys [x]
S0 oodivd;O&O DiskImage Virtual Devices Driver;c:\windows\system32\DRIVERS\oodivd.sys;c:\windows\SYSNATIVE\DRIVERS\oodivd.sys [x]
S0 oodivdh;oodivdh;c:\windows\system32\DRIVERS\oodivdh.sys;c:\windows\SYSNATIVE\DRIVERS\oodivdh.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1505000.013\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1505000.013\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1505000.013\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1505000.013\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140821.007\BHDrvx64.sys;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140821.007\BHDrvx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1505000.013\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1505000.013\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140901.001\IDSvia64.sys;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140901.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1505000.013\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1505000.013\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1505000.013\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1505000.013\SYMNETS.SYS [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run;c:\windows\SYSNATIVE\hasplms.exe -run [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 IOCBIOS;IOCBIOS;c:\programdata\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.sys;c:\programdata\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.sys [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\21.5.0.19\N360.exe;c:\program files (x86)\Norton 360\Engine\21.5.0.19\N360.exe [x]
S2 OO DiskImage;OO DiskImage;c:\program files\OO Software\DiskImage\oodiag.exe;c:\program files\OO Software\DiskImage\oodiag.exe [x]
S2 PSI_SVC_2_x64;Corel License Validation Service V2 x64, Powered by arvato;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [x]
S2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\system32\drivers\DDCDrv.sys;c:\windows\SYSNATIVE\drivers\DDCDrv.sys [x]
S2 xrdd.exe;X-Rite Device Services Manager;c:\program files (x86)\X-Rite\Devices\Services\xrdd.exe;c:\program files (x86)\X-Rite\Devices\Services\xrdd.exe [x]
S2 XTUService;Intel(R) Extreme Tuning Utility;c:\program files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe;c:\program files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 e1kexpress;Intel(R) Network Connections Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 EyeOne;EyeOne;c:\windows\system32\Drivers\i1_x64.sys;c:\windows\SYSNATIVE\Drivers\i1_x64.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\rusb3hub.sys [x]
S3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\rusb3xhc.sys [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys;c:\windows\SYSNATIVE\DRIVERS\teamviewervpn.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-13 12:51 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-09-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-04 12:42]
.
2014-09-03 c:\windows\Tasks\OO DiskImage {0c871c33-6807-42de-a27d-187132c51a68}.job
- c:\program files\OO Software\DiskImage\oodiag.exe [2014-08-04 13:57]
.
2014-09-03 c:\windows\Tasks\OO DiskImage {420417f3-7e6a-4016-9f08-9a0b9988e68c}.job
- c:\program files\OO Software\DiskImage\oodiag.exe [2014-08-04 13:57]
.
2014-09-03 c:\windows\Tasks\OO DiskImage {c617d1fd-d25a-4205-90ea-15c04fa85d2d}.job
- c:\program files\OO Software\DiskImage\oodiag.exe [2014-08-04 13:57]
.
2014-09-03 c:\windows\Tasks\X-Rite Device Services Software Updater.job
- c:\program files (x86)\X-Rite\Devices\Services\XRD Software Update.exe [2014-06-23 15:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-05-30 09:42 2471744 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2014-07-16 09:06 672416 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2014-07-16 09:06 672416 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2014-07-16 09:06 672416 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-08-01 18:53 260776 ----a-w- c:\users\kuba\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-08-01 18:53 260776 ----a-w- c:\users\kuba\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-08-01 18:53 260776 ----a-w- c:\users\kuba\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-07-08 12:11 470016 ----a-w- c:\users\kuba\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-07-08 12:11 470016 ----a-w- c:\users\kuba\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-07-08 12:11 470016 ----a-w- c:\users\kuba\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OODIIcon]
@="{14A94384-BBED-47ed-86C0-6BF63FD892D0}"
[HKEY_CLASSES_ROOT\CLSID\{14A94384-BBED-47ed-86C0-6BF63FD892D0}]
2014-08-04 13:58 114984 ----a-w- c:\program files\OO Software\DiskImage\oodishi.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-03-22 36352]
"OODITRAY.EXE"="c:\program files\OO Software\DiskImage\ooditray.exe" [2014-08-04 6336808]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-27 558496]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-05-30 13672152]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Převést cíl vazby do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{9AE50D72-20FB-43F3-94FB-51EA747180B2}: NameServer = 8.8.8.8
FF - ProfilePath - c:\users\kuba\AppData\Roaming\Mozilla\Firefox\Profiles\at16fwip.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\21.5.0.19\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\21.5.0.19\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1505000.013\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton 360\Engine\21.5.0.19;c:\program files (x86)\Norton 360\Engine64\21.5.0.19"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\kuba\AppData\Local\Temp\tmp7AF9.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODI08.00.00.01PRO"="556E430E91D9CFEC8F90884F4C8428A1F9FB7661CE0122EDAEA17AA8D3E03CD7B2C26A6AC0CFEA046E7D4B66DFD0753A3E32B6B83A43D93007AE430B73BC4022E2B1859FC3B286405B3D229F72F2D57035FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D14078EDD5E5BE2F6E667BA7FD869164D6794A6171C11EC38DE3D53303E3CBF1CF4F2B48529315B0398819B85AC1F967EEC3B9DF8635DF07D62A0C50EC67AD00AA548EAE5FEC3FB605EAECB390D5060133A8A03FC3B282A474A3844ABE377B0742E396D8B05CB2DBE92B76B90A26D3FDE7C29E34B813CCB15656E3AE4A4A52231A798DE32A5A674A73C2C70CBD6DB20BB4700AA423CA6C83373A328594CDF3C1C9EE073D901162FA6D4BBE56A46674506A2185703265CE46F2ADBA36BCE5FE716142DF4C56B3F8CCC4B3D68B1413DC0A088227C752B34BC1C303ED2C2DAC7E6037DC0BF00EB2C902E7FABAB2B4CEF7D7167EF42426D683B90211773C9CA1C49C8C2FEC6D33D491364492375241F773860A3F7E258439AA3A78ED5D53034C477D443708D5150683F0B73E6A02DA72C00DB93D62EEAB44C0C3FFA8F5DE9DB0E2A954DC3AECCC73F15C3395C9A1C064E3B56824A08ED0066DC3A5F7A82ACBD2873FE2848D5DEFA66E832CE0CE6098DFD22452EB5E59C1633557F28F3D273072833880B734662F6DC628159A61AD2C8C3C1A1CB1F55F41E628679337B6CFE9A85A12F255ED3F77902FC5AF37C5F98738879E90132F3B97007D596573585D18E9DC97115C56884769C08702B8375417C1C011EE9BDF5EF1B9AFD4ADAE764322F3089D2710B01AF1656A77702D5AE758AAF5E4693B422E2DD758B8B7A01E72CF863945B42B1AF65333B54296DB06FA1755A6FEA822E54A0B0586253650FFD8E1FBCEF16856319D6DDBD593F59F634F6C996E419AE647AF93CE7B5A141462C6D89A9F714ABEDF576D932D67D22AD0A6CC742436281361906DC291178A37F8A1FD07C5C6799C014FD9C533FA61B7F1438649F645ED9A7471F2689D1DE1CB5C53EC3669CA8A971556854BEDC04893A885A48D573240B5EB0E3DCD6A9DEA6889D2B660392F327B92E76DF74C863A6503192CDEEF1D35DA693B479C59D873A3EE508ED4D67E7D375A82D525AF313A155EBE588D8B58C896EC4B9AA6D89ECBD3B88BBC4249BA7E4A4E05372B9A1E99C85AB9D3CE6E576414729DC514898230D0E00730B4E7FDC836E0975BC406BBE2DBE76C7E0CF7F39256B3ECA04374EC5F8E45D1C1173BB31CB9AE5E36180BAEF5C0267B4A22C55034E3312F50B7C80F3C495C3695E9FCA56CE16D1B2C26D51DCAA74AA78627B0986461EC895644057D0A896ED53ADC3F9FD13F139B9F762C16A08E185EE352195F80DCF1924428DD20251"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\windows\system32\hasplms.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
.
**************************************************************************
.
Celkový čas: 2014-09-03 20:29:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-09-03 18:29
ComboFix2.txt 2014-09-03 09:00
.
Před spuštěním: Volných bajtů: 28 382 650 368
Po spuštění: Volných bajtů: 28 351 832 064
.
- - End Of File - - 55FBAC2FCD614201F0FB67C6CE69F97E
A36C5E4F47E84449FF07ED3517B43A31

Ano, tak. Věřte, že už jsme tu pár nabouraných systémů řešili. Jinak smazáno, log je již OK. Nastala nějaká změna?

Jdu zase pracovat, tak uvidím. Ráno dám vědět.
Ještě jednou děkuju!

Zatím není zač, budu tu až večer.

VIRY.CZ

log z combofix (po problémech s conhost.exe)

log z combofix (po problémech s conhost.exe)

Re: log z combofix (po problémech s conhost.exe)

Re: log z combofix (po problémech s conhost.exe)

Re: log z combofix (po problémech s conhost.exe)

Re: log z combofix (po problémech s conhost.exe)

Re: log z combofix (po problémech s conhost.exe)

Re: log z combofix (po problémech s conhost.exe)

Re: log z combofix (po problémech s conhost.exe)