Prosím o kontrolu logu. W7 Vyřešeno

[memphisto]

Opět vypni rezidentní ochrany antiviru a firewallu a dále:
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
Folder::
c:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
c:\users\Daniel\AppData\Local\{2798C374-3896-4633-A278-9703B0F16020}
c:\users\Daniel\AppData\Local\{8226AF72-C73F-4465-B2D9-C2CBF2CA5482}
c:\users\Daniel\Programy\Kis

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=-


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[Reklama]

[nevim999]

Soubor mám, ale jak to mám přetáhnout bez myši?

[memphisto]

Ona ještě pořád nejde? Psal jsi, že se opravuje spuštění, ale už jsi nenapsal výsledek. Odpoj a zapoj ji znovu, apod.

[nevim999]

V posledním příspěvku jsem psal, že pořád nejde a to je jedinej problém. Nereaguje myš ani touchpad

[memphisto]

Zkus nouzový režim, jestli to nebude lepší. V té hromadě textu jsem to přehlédl

[nevim999]

Nouzový režim jsem zkusil a pořád to samé. Nemohl combofix odstranit nějaké ovladače nebo něco? Protože na live cd linuxu mi myš jede. Ještě zkusím obnovení systému asi 4 hodiny dozadu.

[memphisto]

Vyzkoušej. CF určitě nemazal drivery. Nebylo v logu vidět nic

[nevim999]

Tak sem to obnovil a myš už zase, díky bohu, jede. Přišel sem ale asi o všechny ty scany a fixnuté soubory. Problém nastal tady:

Kód: Vybrat vše

KillAll::
Folder::
c:\programdata\Avira
c:\programdata\Kaspersky Lab
c:\programdata\Kaspersky Lab Setup Files
c:\windows\1C4551A64743409391E41477CD655043.TMP

File::
c:\windows\system32\DRIVERS\kl2.sys
c:\windows\system32\DRIVERS\klim6.sys
c:\windows\system32\DRIVERS\klmouflt.sys

DirLook::
C:\tempt
c:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
c:\users\Daniel\AppData\Local\{2798C374-3896-4633-A278-9703B0F16020}
c:\users\Daniel\AppData\Local\{8226AF72-C73F-4465-B2D9-C2CBF2CA5482}

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=-
"ConsentPromptBehaviorUser"=-
"EnableUIADesktopToggle"=-
"HideFastUserSwitching"=-

Driver::
kl2
KLIM6
klmouflt

DDS::
uStart Page = my.daemon-search.com

Firefox::
FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\timkuvxe.default\
FF - prefs.js: browser.startup.homepage - about:home

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Když combofix dopracoval, restartoval systém a potom myš nejela.

[memphisto]

Ve skriptu ani výsledném logu není nic, co by naznačovalo problém Takže to, co bylo v tom skriptu je pryč?

[nevim999]

Vážně v tomhle musí být nějaká chyba:

Kód: Vybrat vše

KillAll::
Folder::
c:\programdata\Avira
c:\programdata\Kaspersky Lab
c:\programdata\Kaspersky Lab Setup Files
c:\windows\1C4551A64743409391E41477CD655043.TMP

File::
c:\windows\system32\DRIVERS\kl2.sys
c:\windows\system32\DRIVERS\klim6.sys
c:\windows\system32\DRIVERS\klmouflt.sys

DirLook::
C:\tempt
c:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
c:\users\Daniel\AppData\Local\{2798C374-3896-4633-A278-9703B0F16020}
c:\users\Daniel\AppData\Local\{8226AF72-C73F-4465-B2D9-C2CBF2CA5482}

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=-
"ConsentPromptBehaviorUser"=-
"EnableUIADesktopToggle"=-
"HideFastUserSwitching"=-

Driver::
kl2
KLIM6
klmouflt

DDS::
uStart Page = my.daemon-search.com

Firefox::
FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\timkuvxe.default\
FF - prefs.js: browser.startup.homepage - about:home

Udělal jsem to znovu a stejný výsledek. Musel jsem zase obnovit systém.
// Když jsem to napsal bez
File::
c:\windows\system32\DRIVERS\kl2.sys
c:\windows\system32\DRIVERS\klim6.sys
c:\windows\system32\DRIVERS\klmouflt.sys
a
Driver::
kl2
KLIM6
klmouflt
Tak už žádný problém.

[memphisto]

Chyba tam není. Popíšu ti, co CF dělal. Příkaz Folder:: znamená vymazat složku a vymazal pouze zbytky AVIRY a Kasperského jako antiviry. Ta složka TEMP byla prázdná. Příkaz File:: maže soubory. Smazal pouze drivery těch zbylých antivirů. Registry:: opravuje položky registru. Jediné, co se tady dělo je, že se hodily do defaultu hodnoty přepínání uživatelů ve Windows, apod. DirLook:: ukáže obsah složky. Driver:: vymaže drivery, ty ovladače antivirů. DDS:: opravuje prohlížeče, Firefox:: je snad jasný. Žádný driver na myš ani touchpad se nemazal. Zkus to ještě jednou bez položek RegLock::

[nevim999]

Tak jsem dojel Combofixem i to poslední, co jsi mi napsal.
ComboFix 11-05-24.06 - Daniel 25.05.2011 20:51:15.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3894.2389 [GMT 2:00]
Spuštěný z: c:\users\Daniel\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Daniel\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
c:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\instance.dat
c:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\mia.lib
c:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.dat
c:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe
c:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.lan
c:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.msi
c:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.par
c:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.res
c:\users\Daniel\AppData\Local\{2798C374-3896-4633-A278-9703B0F16020}
c:\users\Daniel\AppData\Local\{8226AF72-C73F-4465-B2D9-C2CBF2CA5482}
c:\users\Daniel\Programy\Kis
c:\users\Daniel\Programy\Kis\x64\kloehk.dll
c:\users\Daniel\Programy\Kis\x64\sbhook64.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-25 do 2011-05-25 )))))))))))))))))))))))))))))))
.
.
2011-05-26 01:27 . 2011-05-26 01:27 -------- d-----w- C:\found.000
2011-05-25 18:56 . 2011-05-25 18:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-25 10:44 . 2011-05-25 17:55 -------- d-----w- c:\program files (x86)\Autodesk
2011-05-25 10:43 . 2011-05-25 18:16 -------- d-----w- c:\program files (x86)\Common Files\Autodesk Shared
2011-05-25 09:24 . 2011-05-25 09:24 -------- d-----w- C:\tempt
2011-05-23 12:34 . 2011-05-23 12:34 -------- d-----w- c:\programdata\BioWare
2011-05-23 12:11 . 2011-05-23 12:11 -------- d-----w- c:\users\Daniel\AppData\Roaming\Avnex
2011-05-23 12:07 . 2008-12-26 10:56 21504 ----a-w- c:\windows\system32\drivers\vcsvad.sys
2011-05-23 12:03 . 2011-05-23 12:05 -------- d-----w- c:\users\Daniel\AppData\Local\SkypeFx
2011-05-23 12:03 . 2011-05-23 12:03 -------- d-----w- c:\users\Daniel\AppData\Local\IsolatedStorage
2011-05-22 19:35 . 2011-05-25 18:16 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2011-05-22 19:21 . 2011-05-23 13:31 -------- d-----w- c:\program files (x86)\Dragon Age
2011-05-22 18:52 . 2011-05-22 18:52 -------- d-----w- c:\users\Daniel\AppData\Roaming\DeadMage
2011-05-22 07:03 . 2011-05-22 07:03 -------- d-----w- c:\programdata\THQ
2011-05-22 07:01 . 2011-05-23 19:39 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2011-05-22 07:01 . 2011-05-22 07:01 -------- d-----w- c:\windows\SysWow64\xlive
2011-05-22 07:00 . 2008-07-12 06:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2011-05-22 07:00 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2011-05-22 07:00 . 2008-07-12 06:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll
2011-05-22 07:00 . 2008-07-12 06:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2011-05-22 07:00 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2011-05-22 07:00 . 2008-07-12 06:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll
2011-05-13 20:36 . 2011-02-19 06:37 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-05-13 20:36 . 2011-02-19 06:37 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-05-13 20:36 . 2011-02-19 06:36 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-05-13 20:36 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-05-13 20:36 . 2011-02-19 05:32 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-05-13 20:36 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-13 20:36 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-11 21:14 . 2011-05-11 21:14 -------- d-----w- c:\users\Daniel\AppData\Local\ESET
2011-05-11 19:28 . 2011-05-11 19:28 -------- d-----w- c:\program files\CCleaner
2011-05-11 19:19 . 2011-05-11 19:19 -------- d-----w- c:\users\Daniel\AppData\Local\Innovative Solutions
2011-05-11 19:19 . 2011-05-11 19:19 -------- d-----w- c:\program files (x86)\Common Files\Innovative Solutions
2011-05-11 19:19 . 2011-05-11 19:27 -------- d-----w- c:\programdata\Innovative Solutions
2011-05-11 17:19 . 2011-05-25 18:16 -------- d-----w- c:\programdata\Kaspersky Lab
2011-05-11 17:16 . 2011-05-25 18:16 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2011-05-11 17:08 . 2011-05-11 17:08 -------- d-----w- c:\users\Daniel\AppData\Roaming\Malwarebytes
2011-05-11 17:08 . 2011-05-25 17:55 -------- d-----w- c:\programdata\Malwarebytes
2011-05-11 17:08 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-11 15:17 . 2011-05-25 11:22 -------- d-----w- c:\users\Daniel\AppData\Local\cache
2011-05-11 14:58 . 2011-05-25 10:40 -------- d-----w- c:\program files\Autodesk
2011-05-11 10:41 . 2011-05-11 10:41 -------- d-----w- c:\users\Daniel\AppData\Local\Diagnostics
2011-05-11 08:35 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 08:35 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 08:35 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-11 08:31 . 2011-03-29 03:32 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-11 08:31 . 2011-03-29 03:32 99328 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-11 08:31 . 2011-03-29 03:32 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-11 08:31 . 2011-03-29 03:32 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-11 08:31 . 2011-03-29 03:32 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-05-11 08:31 . 2011-03-29 03:32 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-11 08:31 . 2011-03-29 03:32 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-06 07:23 . 2011-05-06 07:23 -------- d-----w- c:\users\Daniel\AppData\Local\SKIDROW
2011-05-03 08:05 . 2011-05-03 19:13 -------- d-----w- c:\users\Daniel\AppData\Local\Adobe
2011-05-03 06:03 . 2011-05-03 06:03 -------- d-----w- c:\users\Daniel\AppData\Roaming\CyberLink
2011-05-02 18:33 . 2002-12-05 12:12 692224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-05-02 18:33 . 2002-12-05 12:10 155648 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-05-02 18:33 . 2002-12-02 13:22 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-05-02 18:33 . 2002-12-02 11:33 57344 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-05-02 18:33 . 2002-12-02 11:33 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-05-02 18:33 . 2011-05-02 18:33 282756 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-05-02 18:33 . 2011-05-02 18:33 163972 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-05-02 16:34 . 2011-05-02 16:34 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-05-02 16:28 . 2011-05-02 16:28 5680 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg
2011-04-29 20:55 . 2011-05-02 18:55 -------- d-----w- c:\users\Daniel\AppData\Roaming\gtk-2.0
2011-04-29 20:55 . 2011-04-29 20:55 -------- d-----w- c:\users\Daniel\.thumbnails
2011-04-29 20:53 . 2011-05-20 08:54 -------- d-----w- c:\users\Daniel\.gimp-2.6
2011-04-28 19:13 . 2011-05-25 18:16 -------- d-----w- c:\programdata\FLEXnet
2011-04-28 19:06 . 2011-04-28 19:06 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2011-04-28 19:04 . 2011-05-25 18:16 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2011-04-28 19:04 . 2011-05-25 18:15 -------- d-----w- c:\programdata\Autodesk
2011-04-28 19:04 . 2011-05-25 09:56 -------- d-----w- c:\users\Daniel\AppData\Roaming\Autodesk
2011-04-28 19:04 . 2011-05-11 15:19 -------- d-----w- c:\users\Daniel\AppData\Local\Autodesk
2011-04-28 16:10 . 2011-04-28 16:10 -------- d-----w- c:\program files (x86)\MSECache
2011-04-27 13:07 . 2011-04-27 13:07 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-04-27 13:06 . 2011-04-27 13:06 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-15 15:40 . 2011-04-15 15:40 254528 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-04-13 14:54 . 2011-04-13 14:54 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-04-13 14:54 . 2011-04-13 14:54 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-12 17:00 . 2011-04-12 17:00 8107 ----a-w- c:\windows\w7dsd.reg
2011-04-12 17:00 . 2011-04-12 17:00 8089 ----a-w- c:\windows\w7dse.reg
2011-04-12 17:00 . 2011-04-12 17:00 275360 ----a-w- c:\windows\system32\DreamScene.dll
2011-04-12 13:53 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-09 16:55 . 2011-04-09 16:55 15453336 ----a-w- c:\windows\SysWow64\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
2011-03-11 06:19 . 2011-04-14 13:30 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 06:19 . 2011-04-14 13:30 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:40 . 2011-04-14 13:30 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-11 05:40 . 2011-04-14 13:30 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-08 06:14 . 2011-04-12 20:07 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-08 05:38 . 2011-04-12 20:07 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-03-04 06:17 . 2011-04-27 05:28 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17 . 2011-04-27 05:28 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:17 . 2011-04-12 20:08 182272 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 06:14 . 2011-04-12 20:08 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 05:27 . 2011-04-12 20:08 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-03-03 03:58 . 2011-04-12 20:07 3133440 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-25_18.39.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-17 23:18 . 2011-05-25 18:40 49826 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-05-25 18:40 37890 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-12 13:53 . 2011-05-25 18:40 10454 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1612018364-1021610765-3977307766-1001_UserData.bin
- 2011-04-12 03:44 . 2011-05-25 18:37 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-04-12 03:44 . 2011-05-25 18:56 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-04-12 03:44 . 2011-05-25 18:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-04-12 03:44 . 2011-05-25 18:37 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-05-25 18:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-05-25 18:37 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-04-12 14:16 . 2011-05-25 18:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-04-12 14:16 . 2011-05-25 18:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-04-12 14:16 . 2011-05-25 18:57 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-04-12 14:16 . 2011-05-25 18:39 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-04-12 14:16 . 2011-05-25 18:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-04-12 14:16 . 2011-05-25 18:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-04-12 13:50 . 2011-05-25 18:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-04-12 13:50 . 2011-05-25 18:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-12 13:50 . 2011-05-25 18:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-12 13:50 . 2011-05-25 18:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-05-25 18:37 . 2011-05-25 18:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-05-25 18:56 . 2011-05-25 18:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-05-25 18:56 . 2011-05-25 18:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-05-25 18:37 . 2011-05-25 18:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-05-25 18:37 391096 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-05-25 18:56 391096 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2011-05-25 18:33 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-05-25 18:52 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-04-12 16:15 . 2011-05-25 18:56 22004152 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1612018364-1021610765-3977307766-1001-8192.dat
- 2011-04-12 16:15 . 2011-05-25 18:37 22004152 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1612018364-1021610765-3977307766-1001-8192.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-08-16 2736128]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-03-09 26100520]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"ZumoDrive"="c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2010-10-25 2080]
"DAEMON Tools Lite"="c:\users\Daniel\Programy\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 908160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-09 98304]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-09-28 584760]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-08-30 61112]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R3 AVerAF35;HP USB DVB-T TV Tuner;c:\windows\system32\Drivers\HPAF35.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-05-11 1431888]
R3 HPIR;HP TV Tuner Infrared Receiver;c:\windows\system32\DRIVERS\HPIR.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-04 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-08-05 681528]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-05 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-09-28 26680]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-01 2533400]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 11:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2011-05-14 c:\windows\Tasks\HPCeeScheduleForDANIEL-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
2011-05-25 c:\windows\Tasks\HPCeeScheduleForDaniel.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-28 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-28 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-28 415256]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-07-23 487424]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-08-31 611896]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences Pro\FencesMenu64.dll" [2010-09-16 464744]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bing.com?pc=HPNTDF
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\timkuvxe.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Crysis WARHEAD(R) - c:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe
AddRemove-{7353BAE6-5E49-46C4-A9B5-8A269A313789} - c:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1612018364-1021610765-3977307766-1001\Software\SecuROM\License information*]
"datasecu"=hex:7e,2b,95,fa,48,e3,5c,3d,23,d6,76,e0,48,3c,3d,41,4a,e6,de,33,62,
6e,59,35,00,20,69,b6,ac,11,58,71,76,2d,39,2d,5d,ed,ff,60,93,d6,ce,58,34,9e,\
"rkeysecu"=hex:59,96,be,5c,34,c5,32,3c,1d,a6,fb,e3,67,52,9b,58
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
c:\program files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2011-05-25 21:02:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-05-25 19:02
ComboFix2.txt 2011-05-25 18:43
ComboFix3.txt 2011-05-25 17:52
ComboFix4.txt 2011-05-25 17:32
ComboFix5.txt 2011-05-25 18:50
.
Před spuštěním: Volných bajtů: 187 805 335 552
Po spuštění: Volných bajtů: 187 753 140 224
.
- - End Of File - - 87AD716D3879E758962FCA9A99A2CE48