Prosím o kontrolu logu, pravděpodobně se jedná o keylogger

[jerabina]

Takový počet svchostů je i docela normální, každý hostí určitou službu, oficiální článek od Microsoftu najdeš zde: http://windows.microsoft.com/cs-cz/windows/what-is-svchost-exe#1TC=windows-7
Spíš by si se měl podívat, jakou službu svchost hostí.

Zavři ostatní programy/prohlížeče, odpoj se od internetu a v HJT fixni:
NÁVOD

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\ondra\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\ondra\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Spotify] "C:\Users\ondra\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore) .
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci.

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem. Jinak je zpráva zde:
v C: \ DelFix.txt

[Reklama]

[oopela]

Ono je to hlavně proto, že já měl vždy pouze jeden. Teď jich mám 13, což je o jeden víc než před dvěma dny. Navíc se mi zase objevilo více steamwebhelper.exe, které se po ukončení samy od sebe zase nahodí i bez steamu. K tomu tři Spotify.exe. Není něco specifičtějšího přímo na keyloggery? S keyloggingem jsem si jistý, ale mohlo by za tím být i víc. Zemana Antilogger mi moc nepomohl. (Jestli máte někdo zkušenosti se steamem, tak jsem nechtic klikl na jeden z těch linků od spambota.) http://i.imgur.com/MdehXH8.png

Jaký byl účel smazání všech programů a jejich logů? :/

# DelFix v1.010 - Logfile created 08/06/2015 at 08:59:04
# Updated 26/04/2015 by Xplode
# Username : ondra - ONDRA-PC
# Operating System : Windows 7 Enterprise Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : C:\zoek-results.log
Deleted : C:\zoek-results2015-02-22-181724.log
Deleted : C:\Users\ondra\Desktop\adwcleaner_4.111.exe
Deleted : C:\Users\ondra\Desktop\JRT.txt
Deleted : C:\Users\ondra\Desktop\JRT_NEW.exe
Deleted : C:\Users\ondra\Desktop\hijackthis.exe
Deleted : C:\Users\ondra\Desktop\hijackthis.log
Deleted : C:\Users\ondra\Desktop\RogueKillerX64 (2).exe
Deleted : C:\Users\ondra\Desktop\TFC.exe
Deleted : C:\Users\ondra\Desktop\zoek.exe
Deleted : C:\Users\ondra\Downloads\JRT.exe
Deleted : C:\Users\ondra\Downloads\RogueKillerX64 (1).exe
Deleted : C:\Users\ondra\Downloads\RogueKillerX64 (2).exe
Deleted : C:\Users\ondra\Downloads\RogueKillerX64.exe
Deleted : C:\Users\ondra\Downloads\zoek.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Cleaning system restore ...

Deleted : RP #714 [Windows Update | 06/06/2015 19:58:09]
Deleted : RP #715 [Windows Update | 06/07/2015 01:00:57]
Deleted : RP #716 [Windows Update | 06/08/2015 01:00:35]

New restore point created !

########## - EOF - ##########

[jerabina]

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs) a ulož si ho na plochu. Ukonči všechna aktivní okna a spusť ho. - Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano - Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna - Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[oopela]

ComboFix 15-05-31.01 - ondra 08.06.2015 11:48:16.1.6 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1250.420.1029.18.8190.6437 [GMT 2:00]
Spuštěný z: c:\users\ondra\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\ondra\AppData\Roaming\Love
c:\users\ondra\AppData\Roaming\Love\mari0\options.txt
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-05-08 do 2015-06-08 )))))))))))))))))))))))))))))))
.
.
2015-06-08 10:03 . 2015-06-08 10:03 -------- d-----w- c:\users\Mamka\AppData\Local\temp
2015-06-08 10:03 . 2015-06-08 10:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-06-07 02:07 . 2015-06-07 02:07 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC0DA5DD-A4C2-45D6-89CD-18406ADBBD85}\offreg.2292.dll
2015-06-07 01:05 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-07 01:05 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-06-06 20:30 . 2015-01-29 03:19 2543104 ----a-w- c:\windows\system32\wpdshext.dll
2015-06-06 20:30 . 2015-01-29 03:02 2311168 ----a-w- c:\windows\SysWow64\wpdshext.dll
2015-06-06 20:30 . 2015-01-29 03:19 1195008 ----a-w- c:\windows\system32\drivers\UMDF\WpdMtpDr.dll
2015-06-06 20:28 . 2015-04-04 03:15 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-06-06 20:27 . 2015-04-21 16:55 666624 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll
2015-06-06 20:26 . 2015-02-18 07:06 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2015-06-06 20:26 . 2015-02-18 07:04 142336 ----a-w- c:\windows\system32\poqexec.exe
2015-06-06 20:26 . 2015-03-04 04:41 6656 ----a-w- c:\windows\system32\shimeng.dll
2015-06-06 20:26 . 2015-03-04 04:41 72192 ----a-w- c:\windows\system32\aelupsvc.dll
2015-06-06 20:26 . 2015-03-04 04:41 342016 ----a-w- c:\windows\system32\apphelp.dll
2015-06-06 20:26 . 2015-03-04 04:41 23552 ----a-w- c:\windows\system32\sdbinst.exe
2015-06-06 20:26 . 2015-03-04 04:10 295936 ----a-w- c:\windows\SysWow64\apphelp.dll
2015-06-06 20:26 . 2015-03-04 04:10 20992 ----a-w- c:\windows\SysWow64\sdbinst.exe
2015-06-06 20:26 . 2015-03-04 04:11 5120 ----a-w- c:\windows\SysWow64\shimeng.dll
2015-06-06 19:40 . 2015-06-06 19:03 24064 ----a-w- c:\windows\zoek-delete.exe
2015-06-06 19:40 . 2015-06-08 10:03 -------- d-----w- c:\users\ondra\AppData\Local\Temp
2015-06-04 16:20 . 2015-06-04 16:20 -------- d-----w- c:\users\ondra\AppData\Roaming\RenPy
2015-05-28 16:41 . 2015-05-28 16:41 -------- d-----w- c:\users\ondra\AppData\Local\Octoshape
2015-05-28 16:41 . 2015-05-28 16:41 -------- d-----w- c:\users\ondra\AppData\Roaming\Octoshape
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-07 18:43 . 2015-02-04 15:50 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-07 01:15 . 2012-04-18 14:32 140425016 ----a-w- c:\windows\system32\MRT.exe
2015-06-04 20:23 . 2015-02-20 19:02 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-05-05 01:29 . 2015-06-06 20:29 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-05 01:12 . 2015-06-06 20:29 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-04-14 21:49 . 2012-04-19 12:14 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-14 21:49 . 2012-04-19 12:14 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-14 07:37 . 2015-02-04 15:49 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-14 07:37 . 2015-02-04 15:49 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-14 07:37 . 2015-02-04 15:49 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-03-30 13:25 . 2012-07-04 18:19 33856 ---ha-w- c:\windows\system32\hamachi.sys
2015-03-25 03:24 . 2015-04-14 20:48 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-14 20:48 37376 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-14 20:48 35328 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-14 20:48 3298816 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-14 20:48 2553856 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-14 20:48 191488 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-14 20:48 696320 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-14 20:48 60416 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-14 20:48 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-14 20:48 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-14 20:48 135168 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-14 20:48 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-14 20:48 566784 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-14 20:48 29696 ----a-w- c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-14 20:48 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-14 20:48 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-03-23 03:25 . 2015-04-14 20:48 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-03-23 03:25 . 2015-04-14 20:48 769536 ----a-w- c:\windows\system32\invagent.dll
2015-03-23 03:24 . 2015-04-14 20:48 419840 ----a-w- c:\windows\system32\devinv.dll
2015-03-23 03:24 . 2015-04-14 20:48 957952 ----a-w- c:\windows\system32\appraiser.dll
2015-03-23 03:24 . 2015-04-14 20:48 30720 ----a-w- c:\windows\system32\acmigration.dll
2015-03-23 03:24 . 2015-04-14 20:48 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-03-23 03:24 . 2015-04-14 20:48 192000 ----a-w- c:\windows\system32\aepic.dll
2015-03-23 03:17 . 2015-04-14 20:48 1111552 ----a-w- c:\windows\system32\aeinv.dll
2015-03-20 11:35 . 2012-08-15 13:40 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2015-03-20 11:35 . 2012-08-15 13:40 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2015-03-20 11:35 . 2012-08-15 13:40 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2015-03-20 11:35 . 2012-08-15 13:40 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2015-03-17 05:22 . 2015-04-14 20:47 5557696 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-03-17 05:19 . 2015-04-14 20:47 1727904 ----a-w- c:\windows\system32\ntdll.dll
2015-03-17 05:17 . 2015-04-14 20:47 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-03-17 05:17 . 2015-04-14 20:47 243712 ----a-w- c:\windows\system32\wow64.dll
2015-03-17 05:17 . 2015-04-14 20:47 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-03-17 05:16 . 2015-04-14 20:47 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-03-17 05:16 . 2015-04-14 20:47 503808 ----a-w- c:\windows\system32\srcore.dll
2015-03-17 05:16 . 2015-04-14 20:47 50176 ----a-w- c:\windows\system32\srclient.dll
2015-03-17 05:16 . 2015-04-14 20:47 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2015-03-17 05:16 . 2015-04-14 20:47 424448 ----a-w- c:\windows\system32\KernelBase.dll
2015-03-17 05:16 . 2015-04-14 20:47 1163264 ----a-w- c:\windows\system32\kernel32.dll
2015-03-17 05:16 . 2015-04-14 20:47 43520 ----a-w- c:\windows\system32\csrsrv.dll
2015-03-17 05:16 . 2015-04-14 20:47 112640 ----a-w- c:\windows\system32\smss.exe
2015-03-17 05:16 . 2015-04-14 20:47 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-03-17 05:15 . 2015-04-14 20:47 338432 ----a-w- c:\windows\system32\conhost.exe
2015-03-17 05:11 . 2015-04-14 20:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 20:47 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 20:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 20:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 20:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 20:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 20:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 20:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 20:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 20:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 20:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 20:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 20:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 20:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 20:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 20:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 20:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 20:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 20:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 20:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 20:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 20:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 20:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 20:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 20:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 20:47 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 20:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 20:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-03-17 05:11 . 2015-04-14 20:47 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-03-17 05:01 . 2015-04-14 20:47 3920824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-03-17 05:01 . 2015-04-14 20:47 3976632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-03-17 04:59 . 2015-04-14 20:47 1309696 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-03-17 04:57 . 2015-04-14 20:47 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-03-17 04:57 . 2015-04-14 20:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2015-03-17 04:56 . 2015-04-14 20:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-03-17 04:56 . 2015-04-14 20:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2015-03-17 04:56 . 2015-04-14 20:47 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2015-03-17 04:56 . 2015-04-14 20:47 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2015-03-17 04:50 . 2015-04-14 20:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2015-03-17 04:50 . 2015-04-14 20:47 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2015-03-17 04:50 . 2015-04-14 20:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-03-17 04:50 . 2015-04-14 20:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2015-03-17 04:50 . 2015-04-14 20:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2015-03-17 04:50 . 2015-04-14 20:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-03-17 04:50 . 2015-04-14 20:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2015-03-17 04:50 . 2015-04-14 20:47 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\ondra\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\ondra\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\ondra\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\ondra\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\ondra\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\ondra\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\ondra\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\ondra\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2012-01-16 393216]
"Octoshape Streaming Services"="c:\users\ondra\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2014-08-01 500016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-04-17 767200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"osk.exe"="osk.exe" [2014-06-18 646144]
"Application Restart 0"="c:\windows\System32\osk.exe" [2014-06-18 646144]
.
c:\users\ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\ondra\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-5 43374104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog64.sys;c:\windows\SYSNATIVE\drivers\AntiLog64.sys [x]
R2 AODDriver4.3;AODDriver4.3;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys;c:\windows\SYSNATIVE\drivers\uxpatch.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys;c:\windows\SYSNATIVE\DRIVERS\teamviewervpn.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-26 07:30 986440 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.81\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-06-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 21:49]
.
2015-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-10 13:28]
.
2015-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-10 13:28]
.
2015-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3146766301-2489898736-3312207408-1000Core.job
- c:\users\ondra\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-11 03:30]
.
2015-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3146766301-2489898736-3312207408-1000UA.job
- c:\users\ondra\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-11 03:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\ondra\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\ondra\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\ondra\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\ondra\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\ondra\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\ondra\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\ondra\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\ondra\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-09 12666984]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2014-10-01 5595336]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\cuj8l42e.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-Clownfish - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-DLC Quest_is1 - c:\program files (x86)\Going Loud Studios\DLC Quest\unins000.exe
AddRemove-GOGPACKPAPERSPLEASE_is1 - c:\gog games\Papers
AddRemove-LOLReplay - c:\program files (x86)\LOLReplay\uninstall.exe
AddRemove-PlagueInc 1.0 - c:\program files (x86)\PlagueInc\Uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-Scribblenauts Unmasked A DC Comics Adventure_is1 - c:\program files (x86)\5th Cell Media\Scribblenauts Unmasked A DC Comics Adventure\unins000.exe
AddRemove-The Witcher 2 - Assassins of Kings Enhanced Edition_is1 - c:\program files (x86)\GOG.com\The Witcher 2 Enhanced Edition\unins000.exe
AddRemove-TkFSVVRPU0hJUFBVREVOVWx0aW1hdGVOaW5qYVNUT1JNM0Z1~D4302771_is1 - c:\program files (x86)\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst\unins000.exe
AddRemove-TmUnitedForever_is1 - c:\program files (x86)\TmUnitedForever\unins000.exe
AddRemove-Uplay - c:\program files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe
AddRemove-{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1 - c:\program files (x86)\Euro Truck Simulator 2\unins000.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{5BBB8682-1335-410F-A79F-8E5611A54BD0}_is1 - c:\program files (x86)\Game Dev Tycoon\unins000.exe
AddRemove-{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1 - c:\program files (x86)\Electronic Arts\Need For Speed World\unins000.exe
AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - c:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe
AddRemove-{9F012408-04EC-4989-932F-4C096117D2DD}_is1 - c:\program files (x86)\Mortal Kombat Komplete Edition\unins000.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
AddRemove-{Grand Master Chess Online}_is1 - c:\program files (x86)\Grand Master Chess Online\unins000.exe
AddRemove-«The Walking Dead - Season Two»_is1 - c:\program files (x86)\Telltale Games\The Walking Dead Season Two\unins000.exe
AddRemove-Kostickov.eu 2.0 - c:\users\ondra\Desktop\Kostickov.eu 2\Odinstalovat produkt.exe
AddRemove-{64DC04AF-BD7C-4CF4-9CA4-938953224328} - c:\users\ondra\Desktop\( ?° ?? ?°)\Nekopara vol. 1\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3146766301-2489898736-3312207408-1000\Software\SecuROM\License information*]
"datasecu"=hex:62,9e,5e,88,44,4a,68,3f,88,00,8f,cd,a2,7d,e1,c4,1f,dc,18,dc,2d,
33,b9,28,de,d3,fb,dc,b9,5e,8f,0d,22,9a,35,82,5b,1d,d2,37,94,3e,ec,d7,26,30,\
"rkeysecu"=hex:96,96,62,48,a6,88,65,f6,b8,42,a8,19,cc,d2,d2,4b
.
[HKEY_USERS\S-1-5-21-3146766301-2489898736-3312207408-1000\Control Panel\Desktop*]
@Allowed: (Read) (RestrictedCode)
"WheelScrollLines"="4"
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-06-08 12:08:11
ComboFix-quarantined-files.txt 2015-06-08 10:08
.
Před spuštěním: Volných bajtů: 167 347 662 848
Po spuštění: Volných bajtů: 166 945 419 264
.
- - End Of File - - E547CD91A06D0A26955E966DC4BA9FD4
A36C5E4F47E84449FF07ED3517B43A31

[jerabina]

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::

Folder::
c:\program files (x86)\Skype\Updater

File::
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3146766301-2489898736-3312207408-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3146766301-2489898736-3312207408-1000UA.job

Driver::
SkypeUpdate

DDS::
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com

RegLock::
[HKEY_USERS\S-1-5-21-3146766301-2489898736-3312207408-1000\Software\SecuROM\License information*]
"datasecu"=hex:62,9e,5e,88,44,4a,68,3f,88,00,8f,cd,a2,7d,e1,c4,1f,dc,18,dc,2d,
33,b9,28,de,d3,fb,dc,b9,5e,8f,0d,22,9a,35,82,5b,1d,d2,37,94,3e,ec,d7,26,30,\
"rkeysecu"=hex:96,96,62,48,a6,88,65,f6,b8,42,a8,19,cc,d2,d2,4b

[HKEY_USERS\S-1-5-21-3146766301-2489898736-3312207408-1000\Control Panel\Desktop*]
@Allowed: (Read) (RestrictedCode)
"WheelScrollLines"="4"
DUMPHIVE0.003 (REGF)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť:

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[oopela]

Omlouvám se, že jsem neodpovídal. Byl jsem na dovolen=é.

[Orcus]

OK, dodej proveď tedy skript v combofixu.

[oopela]

Omlouvám se, že jsem tady tak dlouho nebyl! Pár nepředvídatelných situací, ale to je jedno. Tady je ten log se skriptem

ComboFix 15-10-01.01 - ondra 01.10.2015 17:53:57.2.6 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1250.420.1029.18.8190.6198 [GMT 2:00]
Spuštěný z: c:\users\ondra\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\ondra\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-09-01 do 2015-10-01 )))))))))))))))))))))))))))))))
.
.
2015-10-01 16:09 . 2015-10-01 16:09 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-10-01 16:09 . 2015-10-01 16:09 -------- d-----w- c:\users\Petra\AppData\Local\temp
2015-10-01 16:09 . 2015-10-01 16:09 -------- d-----w- c:\users\Mamka\AppData\Local\temp
2015-10-01 16:09 . 2015-10-01 16:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-10-01 05:11 . 2015-10-01 05:12 -------- d-----w- c:\users\Mamka\AppData\Roaming\Raptr
2015-09-30 06:59 . 2014-08-29 02:07 3179520 ----a-w- c:\windows\system32\rdpcorets.dll
2015-09-30 06:59 . 2014-05-08 09:32 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2015-09-29 21:49 . 2013-10-02 01:10 44544 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2015-09-29 21:45 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2015-09-29 21:44 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2015-09-29 21:44 . 2012-08-23 14:13 243200 ----a-w- c:\windows\system32\rdpudd.dll
2015-09-29 21:44 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2015-09-29 21:34 . 2015-07-18 13:08 984448 ----a-w- c:\windows\system32\ucrtbase.dll
2015-09-24 14:15 . 2015-09-24 14:15 -------- d-----w- c:\users\ondra\AppData\Roaming\AMD
2015-09-23 16:51 . 2015-09-23 16:51 -------- d-----w- c:\programdata\ATI
2015-09-23 16:50 . 2015-10-01 05:17 -------- d-----w- c:\users\ondra\AppData\Roaming\Raptr
2015-09-23 16:50 . 2015-09-23 16:51 -------- d-----w- c:\program files (x86)\Raptr
2015-09-23 16:36 . 2015-09-23 16:36 -------- d-----w- c:\program files (x86)\AMD
2015-09-23 16:35 . 2015-09-23 16:35 -------- d-----w- c:\programdata\Package Cache
2015-09-18 21:19 . 2015-09-18 21:19 -------- d-----w- c:\users\ondra\AppData\Local\Steppschuh
2015-09-09 12:57 . 2015-07-23 00:03 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-09-09 12:56 . 2015-07-09 17:58 82944 ----a-w- c:\windows\system32\dwmapi.dll
2015-09-09 12:55 . 2015-08-04 18:03 692672 ----a-w- c:\windows\system32\winload.efi
2015-09-09 12:55 . 2015-08-04 18:00 616360 ----a-w- c:\windows\system32\winresume.efi
2015-09-09 12:55 . 2015-08-04 17:55 147456 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2015-09-09 12:55 . 2015-08-04 17:56 59392 ----a-w- c:\windows\system32\appidapi.dll
2015-09-09 12:55 . 2015-08-04 17:56 32768 ----a-w- c:\windows\system32\appidsvc.dll
2015-09-09 12:55 . 2015-08-04 17:47 50688 ----a-w- c:\windows\SysWow64\appidapi.dll
2015-09-09 12:55 . 2015-08-04 17:56 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
2015-09-09 12:55 . 2015-08-04 17:55 17920 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2015-09-09 12:55 . 2015-08-04 16:58 61440 ----a-w- c:\windows\system32\drivers\appid.sys
2015-09-09 12:53 . 2015-09-02 01:51 3209216 ----a-w- c:\windows\system32\win32k.sys
2015-09-09 12:53 . 2015-09-02 03:04 41984 ----a-w- c:\windows\system32\lpk.dll
2015-09-09 12:53 . 2015-09-02 03:04 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-09-09 12:53 . 2015-09-02 03:04 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-09-09 12:53 . 2015-09-02 03:04 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-09-09 12:53 . 2015-09-02 02:48 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-09-09 12:53 . 2015-09-02 02:48 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-09-09 12:53 . 2015-09-02 02:48 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-09-09 12:53 . 2015-09-02 02:47 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-09-09 12:53 . 2015-09-02 01:47 372736 ----a-w- c:\windows\system32\atmfd.dll
2015-09-09 12:53 . 2015-09-02 01:33 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-09-06 00:25 . 2015-09-06 00:25 -------- d-----w- C:\Crash
2015-09-05 23:58 . 2015-09-05 23:58 -------- d-----w- c:\users\ondra\AppData\Local\Daybreak Game Company
2015-09-05 15:08 . 2015-09-05 15:08 -------- d-----w- c:\users\ondra\AppData\Roaming\PaintersGuild
2015-09-01 18:05 . 2015-09-01 18:05 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2015-09-01 18:05 . 2015-09-01 18:05 -------- d-----w- c:\program files (x86)\AGEIA Technologies
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-01 05:32 . 2015-02-04 15:50 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-09-22 12:23 . 2012-04-19 12:14 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-09-22 12:23 . 2012-04-19 12:14 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-08-31 22:45 . 2015-09-29 12:39 11062400 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C5864BA4-398E-4528-8F3C-0990D08E852E}\mpengine.dll
2015-08-26 16:37 . 2012-04-18 14:32 134753440 ----a-w- c:\windows\system32\MRT.exe
2015-08-05 17:56 . 2015-09-29 21:39 342016 ----a-w- c:\windows\system32\schannel.dll
2015-08-05 17:56 . 2015-09-09 12:57 1110016 ----a-w- c:\windows\system32\schedsvc.dll
2015-08-05 17:41 . 2015-09-29 21:39 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-08-04 06:29 . 2015-08-04 06:29 107784 ----a-w- c:\windows\system32\amdave64.dll
2015-08-04 06:29 . 2015-08-04 06:29 100568 ----a-w- c:\windows\SysWow64\amdave32.dll
2015-08-04 06:28 . 2015-08-04 06:28 141792 ----a-w- c:\windows\system32\amdhcp64.dll
2015-08-04 06:28 . 2014-04-18 02:43 128384 ----a-w- c:\windows\SysWow64\amdhcp32.dll
2015-08-04 06:28 . 2015-08-04 06:28 78432 ----a-w- c:\windows\system32\atimpc64.dll
2015-08-04 06:28 . 2015-08-04 06:28 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2015-08-04 06:28 . 2015-08-04 06:28 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2015-08-04 06:28 . 2015-08-04 06:28 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2015-08-04 06:28 . 2012-01-17 04:23 152056 ----a-w- c:\windows\system32\atiuxp64.dll
2015-08-04 06:28 . 2014-04-18 02:42 133016 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2015-08-04 06:28 . 2015-08-04 06:28 120144 ----a-w- c:\windows\system32\atiu9p64.dll
2015-08-04 06:28 . 2012-01-17 04:23 102616 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2015-08-04 06:28 . 2012-01-17 05:22 1445224 ----a-w- c:\windows\system32\aticfx64.dll
2015-08-04 06:28 . 2012-01-17 05:24 1193904 ----a-w- c:\windows\SysWow64\aticfx32.dll
2015-08-04 06:28 . 2012-01-17 04:59 11948704 ----a-w- c:\windows\system32\atidxx64.dll
2015-08-04 06:28 . 2014-04-18 02:42 10094152 ----a-w- c:\windows\SysWow64\atidxx32.dll
2015-08-04 06:28 . 2012-01-17 04:46 7929616 ----a-w- c:\windows\SysWow64\atiumdva.dll
2015-08-04 06:28 . 2012-01-17 04:43 7408936 ----a-w- c:\windows\SysWow64\atiumdag.dll
2015-08-04 06:27 . 2015-08-04 06:27 8893160 ----a-w- c:\windows\system32\atiumd6a.dll
2015-08-04 06:27 . 2015-08-04 06:27 8779872 ----a-w- c:\windows\system32\atiumd64.dll
2015-08-04 06:25 . 2015-08-04 06:25 297672 ----a-w- c:\windows\system32\drivers\amdacpksd.sys
2015-08-04 06:23 . 2015-08-04 06:23 21622784 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2015-08-04 06:19 . 2015-08-04 06:19 235008 ----a-w- c:\windows\system32\clinfo.exe
2015-08-04 06:18 . 2015-08-04 06:18 47785472 ----a-w- c:\windows\system32\amdocl64.dll
2015-08-04 06:14 . 2015-08-04 06:14 39714304 ----a-w- c:\windows\SysWow64\amdocl.dll
2015-08-04 06:09 . 2015-08-04 06:09 65024 ----a-w- c:\windows\system32\OpenCL.dll
2015-08-04 06:09 . 2015-08-04 06:09 59392 ----a-w- c:\windows\SysWow64\OpenCL.dll
2015-08-04 05:58 . 2015-08-04 05:58 27535872 ----a-w- c:\windows\system32\amdocl12cl64.dll
2015-08-04 05:57 . 2015-08-04 05:57 22318592 ----a-w- c:\windows\SysWow64\amdocl12cl.dll
2015-08-04 04:12 . 2015-08-04 04:12 127488 ----a-w- c:\windows\system32\mantle64.dll
2015-08-04 04:12 . 2015-08-04 04:12 113664 ----a-w- c:\windows\SysWow64\mantle32.dll
2015-08-04 04:11 . 2015-08-04 04:11 6477312 ----a-w- c:\windows\system32\amdmantle64.dll
2015-08-04 03:43 . 2015-08-04 03:43 5068288 ----a-w- c:\windows\SysWow64\amdmantle32.dll
2015-08-04 03:21 . 2015-08-04 03:21 93696 ----a-w- c:\windows\system32\mantleaxl64.dll
2015-08-04 03:21 . 2015-08-04 03:21 86528 ----a-w- c:\windows\SysWow64\mantleaxl32.dll
2015-08-04 02:55 . 2015-08-04 02:55 30752256 ----a-w- c:\windows\system32\atio6axx.dll
2015-08-04 02:32 . 2014-04-18 01:51 25299968 ----a-w- c:\windows\SysWow64\atioglxx.dll
2015-08-04 02:25 . 2015-08-04 02:25 367104 ----a-w- c:\windows\system32\atiapfxx.exe
2015-08-04 02:25 . 2015-08-04 02:25 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2015-08-04 02:25 . 2015-08-04 02:25 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2015-08-04 02:24 . 2015-08-04 02:24 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2015-08-04 02:24 . 2015-08-04 02:24 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2015-08-04 02:24 . 2015-08-04 02:24 15716864 ----a-w- c:\windows\system32\aticaldd64.dll
2015-08-04 02:21 . 2015-08-04 02:21 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2015-08-04 02:21 . 2015-08-04 02:21 50688 ----a-w- c:\windows\system32\amdmmcl6.dll
2015-08-04 02:21 . 2015-08-04 02:21 39424 ----a-w- c:\windows\SysWow64\amdmmcl.dll
2015-08-04 02:07 . 2015-08-04 02:07 442368 ----a-w- c:\windows\system32\atidemgy.dll
2015-08-04 02:07 . 2015-08-04 02:07 160256 ----a-w- c:\windows\system32\atieah64.exe
2015-08-04 02:07 . 2015-08-04 02:07 143872 ----a-w- c:\windows\SysWow64\atieah32.exe
2015-08-04 02:07 . 2015-08-04 02:07 204800 ----a-w- c:\windows\system32\amdgfxinfo64.dll
2015-08-04 02:07 . 2015-08-04 02:07 189952 ----a-w- c:\windows\SysWow64\amdgfxinfo32.dll
2015-08-04 02:07 . 2015-08-04 02:07 29696 ----a-w- c:\windows\system32\atimuixx.dll
2015-08-04 02:07 . 2015-08-04 02:07 672768 ----a-w- c:\windows\system32\atieclxx.exe
2015-08-04 02:06 . 2015-08-04 02:06 246784 ----a-w- c:\windows\system32\atiesrxx.exe
2015-08-04 02:05 . 2015-08-04 02:05 190976 ----a-w- c:\windows\system32\atitmm64.dll
2015-08-04 01:48 . 2015-08-04 01:48 865792 ----a-w- c:\windows\system32\coinst_15.20.dll
2015-08-04 01:48 . 2015-08-04 01:48 89088 ----a-w- c:\windows\system32\atisamu64.dll
2015-08-04 01:47 . 2015-08-04 01:47 80896 ----a-w- c:\windows\SysWow64\atisamu32.dll
2015-08-04 01:43 . 2015-08-04 01:43 1247744 ----a-w- c:\windows\system32\atiadlxx.dll
2015-08-04 01:43 . 2015-08-04 01:43 926720 ----a-w- c:\windows\SysWow64\atiadlxx.dll
2015-08-04 01:43 . 2014-04-18 01:09 926720 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2015-08-04 01:43 . 2015-08-04 01:43 75264 ----a-w- c:\windows\system32\atig6pxx.dll
2015-08-04 01:43 . 2015-08-04 01:43 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2015-08-04 01:43 . 2014-04-18 01:07 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2015-08-04 01:42 . 2015-08-04 01:42 156672 ----a-w- c:\windows\system32\atig6txx.dll
2015-08-04 01:42 . 2014-04-18 01:07 141824 ----a-w- c:\windows\SysWow64\atigktxx.dll
2015-08-04 01:42 . 2015-08-04 01:42 665088 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2015-08-04 01:37 . 2015-08-04 01:37 102912 ----a-w- c:\windows\system32\hsa-thunk64.dll
2015-08-04 01:37 . 2015-08-04 01:37 102400 ----a-w- c:\windows\SysWow64\hsa-thunk.dll
2015-08-04 01:35 . 2015-08-04 01:35 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2015-08-03 10:12 . 2012-07-04 18:19 33856 ---ha-w- c:\windows\system32\hamachi.sys
2015-07-30 18:06 . 2015-08-13 19:24 1648128 ----a-w- c:\windows\system32\DWrite.dll
2015-07-30 18:06 . 2015-08-13 19:24 1180160 ----a-w- c:\windows\system32\FntCache.dll
2015-07-30 18:06 . 2015-08-13 19:24 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2015-07-30 17:57 . 2015-08-13 19:24 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-07-30 17:57 . 2015-08-13 19:24 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2015-07-30 13:13 . 2015-08-14 01:31 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-07-30 13:13 . 2015-08-14 01:31 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-28 20:09 . 2015-08-13 19:27 17344 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-07-28 20:05 . 2015-08-13 19:27 774656 ----a-w- c:\windows\system32\invagent.dll
2015-07-28 20:05 . 2015-08-13 19:27 743424 ----a-w- c:\windows\system32\generaltel.dll
2015-07-28 20:05 . 2015-08-13 19:27 437760 ----a-w- c:\windows\system32\devinv.dll
2015-07-28 20:05 . 2015-08-13 19:27 1116672 ----a-w- c:\windows\system32\appraiser.dll
2015-07-28 20:05 . 2015-08-13 19:27 69120 ----a-w- c:\windows\system32\acmigration.dll
2015-07-28 20:05 . 2015-08-13 19:27 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-07-28 19:55 . 2015-08-13 19:27 1148416 ----a-w- c:\windows\system32\aeinv.dll
2015-07-22 17:53 . 2015-09-09 12:58 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-07-15 18:15 . 2015-08-13 19:27 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-07-15 18:10 . 2015-08-13 19:27 1743360 ----a-w- c:\windows\system32\sysmain.dll
2015-07-15 18:10 . 2015-08-13 19:27 11264 ----a-w- c:\windows\system32\msmmsp.dll
2015-07-15 10:20 . 2015-07-15 10:20 96256 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2015-07-15 10:20 . 2015-07-15 10:20 103424 ----a-w- c:\windows\system32\DelayAPO.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-09-25 21:25 194824 ----a-w- c:\users\ondra\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-09-25 21:25 194824 ----a-w- c:\users\ondra\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-09-25 21:25 194824 ----a-w- c:\users\ondra\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-09-25 21:25 194824 ----a-w- c:\users\ondra\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-09-25 21:25 194824 ----a-w- c:\users\ondra\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-09-25 21:25 194824 ----a-w- c:\users\ondra\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-09-25 21:25 194824 ----a-w- c:\users\ondra\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-09-25 21:25 194824 ----a-w- c:\users\ondra\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-09-25 21:25 194824 ----a-w- c:\users\ondra\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-09-25 21:25 194824 ----a-w- c:\users\ondra\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-09-25 21:25 194824 ----a-w- c:\users\ondra\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-09-25 21:25 194824 ----a-w- c:\users\ondra\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-09-25 21:25 194824 ----a-w- c:\users\ondra\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-09-25 21:25 194824 ----a-w- c:\users\ondra\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-09-25 21:25 194824 ----a-w- c:\users\ondra\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-09-25 21:25 194824 ----a-w- c:\users\ondra\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\ondra\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2015-09-21 2025016]
"Dropbox Update"="c:\users\ondra\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-06-25 134512]
"Spotify"="c:\users\ondra\AppData\Roaming\Spotify\Spotify.exe" [2015-09-21 7571000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2015-08-03 5579624]
"Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2015-07-27 56080]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"osk.exe"="osk.exe" [2014-06-18 646144]
"Application Restart 0"="c:\windows\System32\osk.exe" [2014-06-18 646144]
.
c:\users\ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\ondra\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-5 36710720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog64.sys;c:\windows\SYSNATIVE\drivers\AntiLog64.sys [x]
R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys;c:\windows\SYSNATIVE\DRIVERS\teamviewervpn.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.3;AODDriver4.3;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys;c:\windows\SYSNATIVE\drivers\uxpatch.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-09-30 10:32 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\45.0.2454.101\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-10-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 12:23]
.
2015-09-30 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3146766301-2489898736-3312207408-1000Core.job
- c:\users\ondra\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-25 07:40]
.
2015-10-01 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3146766301-2489898736-3312207408-1000UA.job
- c:\users\ondra\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-25 07:40]
.
2015-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-10 13:20]
.
2015-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-10 13:20]
.
2015-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d0efa0f27c8844.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-10 13:20]
.
2015-10-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3146766301-2489898736-3312207408-1000Core.job
- c:\users\ondra\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-11 14:17]
.
2015-10-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3146766301-2489898736-3312207408-1000UA.job
- c:\users\ondra\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-11 14:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-09-25 21:25 232712 ----a-w- c:\users\ondra\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-09-25 21:25 232712 ----a-w- c:\users\ondra\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-09-25 21:25 232712 ----a-w- c:\users\ondra\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-09-25 21:25 232712 ----a-w- c:\users\ondra\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-09-25 21:25 232712 ----a-w- c:\users\ondra\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-09-25 21:25 232712 ----a-w- c:\users\ondra\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-09-25 21:25 232712 ----a-w- c:\users\ondra\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-09-25 21:25 232712 ----a-w- c:\users\ondra\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-09 12666984]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2014-10-01 5595336]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 46.228.16.1 46.228.16.2
TCP: Interfaces\{EEADFE49-BF99-4814-B00D-0010BAD39469}: NameServer = 46.228.16.1
FF - ProfilePath - c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\cuj8l42e.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - c:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
AddRemove-MKLOL - c:\program files (x86)\MKJogo\MKLOL\MKuInst.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3146766301-2489898736-3312207408-1000\Software\SecuROM\License information*]
"datasecu"=hex:62,9e,5e,88,44,4a,68,3f,88,00,8f,cd,a2,7d,e1,c4,1f,dc,18,dc,2d,
33,b9,28,de,d3,fb,dc,b9,5e,8f,0d,22,9a,35,82,5b,1d,d2,37,94,3e,ec,d7,26,30,\
"rkeysecu"=hex:96,96,62,48,a6,88,65,f6,b8,42,a8,19,cc,d2,d2,4b
.
[HKEY_USERS\S-1-5-21-3146766301-2489898736-3312207408-1000\Control Panel\Desktop*]
@Allowed: (Read) (RestrictedCode)
"WheelScrollLines"="4"
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_185_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_185_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_185_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_185_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.19"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\users\ondra\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\progra~2\Raptr\raptr.exe
c:\progra~2\Raptr\raptr_im.exe
.
**************************************************************************
.
Celkový čas: 2015-10-01 18:21:31 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-10-01 16:21
ComboFix2.txt 2015-06-08 10:08
.
Před spuštěním: Volných bajtů: 224 949 014 528
Po spuštění: Volných bajtů: 225 102 131 200
.
- - End Of File - - 10A5FC0B060502848CB04F9DC7D55584
A36C5E4F47E84449FF07ED3517B43A31

[jerabina]

No, takovéto dlouhé mezery mezi čištěním nejsou dobré, můžeme začít v podstatě od začátku ..

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

===================================================

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

===================================================

Stáhni AdwCleaner (by Xplode)

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

===================================================

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na Kopírovat do schránky a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

[oopela]

Jen bych se chtěl zeptat... Opravdu jsou všechny tyto kroky nutné? Předtím ničemu nepomohly. Logy dodám v průběhu hodiny. A taky... Jak poznám, že ty svchosty jsou pravé? Jde to nějak? Jestli tohle celé náhodou není zbytečné... Nikdy jich tolik totiž nebylo.

AdwCleaner

# AdwCleaner v5.009 - Logfile created 04/10/2015 at 13:57:57
# Updated 27/09/2015 by Xplode
# Database : 2015-10-04.1 [Server]
# Operating system : Windows 7 Enterprise Service Pack 1 (x64)
# Username : ondra - ONDRA-PC
# Running from : C:\Users\ondra\Desktop\Čištění\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****

File Found : C:\Users\ondra\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage
File Found : C:\Users\ondra\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Found : C:\Users\ondra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Found : C:\Users\ondra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
File Found : C:\Users\ondra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage
File Found : C:\Users\ondra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage-journal

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

Task Found : Adobe Flash Player Updater

***** [ Registry ] *****


***** [ Web browsers ] *****

[C:\Users\ondra\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : en.softonic.com
[C:\Users\ondra\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : pc-sleep-timer.en.softonic.com

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1623 bytes] ##########

Malwarebytes

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 4.10.2015
Čas skenování: 14:03
Protokol:
Správce: Ano

Verze: 2.1.8.1057
Databáze malwaru: v2015.10.04.02
Databáze rootkitů: v2015.10.02.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: ondra

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 479454
Uplynulý čas: 26 min, 40 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 1
Adware.EoRezo, C:\Users\ondra\Downloads\Nepotvrzeno 899888.crdownload, , [db17a2b09bf07cba41f3dac023def60a],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[jerabina]

Tyto kroky jsou důležité z důvodu, že v podstatě nevíme, v jakém stavu se tvůj počítač nachází a jestli tam náhodou něco nepřibylo ...

Kolik je teďka tich svchostů aktivních? Spíše než jestli se jedná o pravé svchosty, by jsi se měl podívat na jaké služby odkazují(pravým a přejít ke službě ve Správci úloh). Já třeba osobně mám cca. 14 aktivních svchostů.

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.

Spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[oopela]

Aha... Takže jak se na to tak koukám, všechny svchost.exe vypadají zdravě. Ale předtím jich tam bylo i dvacet tak si myslím, že jsme se zbavili toho červa. Tímhle bych vám chtěl moc poděkovat. Jde vidět, že vám na fóru záleží a moc si toho vážím. Kdybych vám mohl poslat příspěvek tak bych to udělal. Jste super!

PS: Ty logy můžu dodat, jestli je třeba.