Výrazné snížení výkonu 02.

Příspěvekod **jaro3** » 28 říj 2017 10:18

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“,
po jeho skončení - vše zatrhni (dej zatržítka vlevo od nálezů , do bílých políček)
- pak klikni na "Remove Selected"
- Počkej, dokud Status box nezobrazí " Removal finished, please review result "
- Klikni na "Open report " a pak na " Open TXT“ a zkopíruj ten log a vlož obsah té zprávy prosím sem. Log je možno nalézt v C:\ProgramData\RogueKiller\Logs - Zavři RogueKiller.

Vypni antivir i firewall.
Stáhni Zoek.exe
http://download.bleepingcomputer.com/smeenk/zoek.exe
http://leteckaposta.cz/415997425
klik nahoře vpravo na .rar-file a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
-pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log Zkopíruj sem celý obsah toho logu.
Pokud budou problémy , spusť zoek v nouz. režimu.

Stáhni si Zemana AntiMalware Free z tohoto odkazu:
https://www.zemana.com/Download/AntiMal ... .Setup.exe
a ulož si ho na plochu.
Poklepej na tento soubor na ploše a postupuj podle pokynů k instalaci programu.
Přijmi licenci k používání programu EULA , pokud se nabídne.
Pokud je k dispozici aktualizace programu , klepni na tlačítko „Update now“ ( aktualizovat nyní).
Můžeš si zatrhnout i vytvoření bodu obnovy:
Klikni na ozubené kolečko , poté na „Skenování“ a zatrhni „vytvářet body obnovy“.
Vrať se zpět ( klikni na domeček).
Zavři všechny otevřené soubory, složky a prohlížeče
Neměň žádné nastavení. Klikni na „Skenovat“.
Po skenu lze vidět , zda jsou nějaké nákazy. Klikni na „Další“. Nákazy budou přemístěny do karantény.
Když je skenování dokončeno, objeví se tisková zpráva , zkopíruj sem celý obsah té zprávy.
Jinak můžeš zprávy vidět , když klikneš vpravo nahoře na „ zprávy“.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Reklama

Dak1ng · Příspěvekod **Dak1ng** » 28 říj 2017 11:51

RogueKiller V12.11.21.0 (x64) [Oct 23 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Zden?k [Administrator]
Started from : C:\Users\Zden?k\Desktop\RogueKiller_portable64.exe
Mode : Delete -- Date : 10/28/2017 11:38:03 (Duration : 00:09:44)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 12 ¤¤¤
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-366420006-2506890621-3509595028-1000\Software\eSupport.com -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-366420006-2506890621-3509595028-1000\Software\eSupport.com -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{28CA4483-AB75-4CE7-A002-A5174BB67FB1}C:\users\zden?k\appdata\local\temp\rar$exa2272.30953\microsoft toolkit.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\zden?k\appdata\local\temp\rar$exa2272.30953\microsoft toolkit.exe|Name=microsoft toolkit.exe|Desc=microsoft toolkit.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{40D74899-76A1-40DF-ADDB-9FF55BB09A42}C:\users\zden?k\appdata\local\temp\rar$exa2272.30953\microsoft toolkit.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\zden?k\appdata\local\temp\rar$exa2272.30953\microsoft toolkit.exe|Name=microsoft toolkit.exe|Desc=microsoft toolkit.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{7EBEA73E-CE65-49D0-BB5E-7A5232660D52}C:\users\zden?k\appdata\local\temp\rar$exa2272.25655\microsoft toolkit.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\zden?k\appdata\local\temp\rar$exa2272.25655\microsoft toolkit.exe|Name=microsoft toolkit.exe|Desc=microsoft toolkit.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{2CB267A7-CF7A-4D52-BD2A-3E2B35885620}C:\users\zden?k\appdata\local\temp\rar$exa2272.25655\microsoft toolkit.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\zden?k\appdata\local\temp\rar$exa2272.25655\microsoft toolkit.exe|Name=microsoft toolkit.exe|Desc=microsoft toolkit.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{28CA4483-AB75-4CE7-A002-A5174BB67FB1}C:\users\zden?k\appdata\local\temp\rar$exa2272.30953\microsoft toolkit.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\zden?k\appdata\local\temp\rar$exa2272.30953\microsoft toolkit.exe|Name=microsoft toolkit.exe|Desc=microsoft toolkit.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{40D74899-76A1-40DF-ADDB-9FF55BB09A42}C:\users\zden?k\appdata\local\temp\rar$exa2272.30953\microsoft toolkit.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\zden?k\appdata\local\temp\rar$exa2272.30953\microsoft toolkit.exe|Name=microsoft toolkit.exe|Desc=microsoft toolkit.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{7EBEA73E-CE65-49D0-BB5E-7A5232660D52}C:\users\zden?k\appdata\local\temp\rar$exa2272.25655\microsoft toolkit.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\zden?k\appdata\local\temp\rar$exa2272.25655\microsoft toolkit.exe|Name=microsoft toolkit.exe|Desc=microsoft toolkit.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{2CB267A7-CF7A-4D52-BD2A-3E2B35885620}C:\users\zden?k\appdata\local\temp\rar$exa2272.25655\microsoft toolkit.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\zden?k\appdata\local\temp\rar$exa2272.25655\microsoft toolkit.exe|Name=microsoft toolkit.exe|Desc=microsoft toolkit.exe|Defer=User| [x] -> Deleted
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-366420006-2506890621-3509595028-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-366420006-2506890621-3509595028-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)

¤¤¤ Tasks : 1 ¤¤¤
[PUP.HackTool|VT.HackTool:MSIL/Gendows] \AutoKMS -- C:\Windows\AutoKMS\AutoKMS.exe -> Deleted

¤¤¤ Files : 1 ¤¤¤
[PUP.HackTool][Folder] C:\Windows\AutoKMS -> Deleted
[PUP.HackTool][File] C:\Windows\AutoKMS\AutoKMS.exe -> Deleted
[PUP.HackTool][File] C:\Windows\AutoKMS\AutoKMS.log -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000DM 003-1ER162 SCSI Disk Device +++++
--- User ---
[MBR] 4653961acc0b9520d3f045a446ac2290
[BSP] e33d9fd95c24737c5f31334ff64acfed : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 206848 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 468992 | Size: 953640 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Nesprávná funkce. )

Dak1ng · Příspěvekod **Dak1ng** » 28 říj 2017 12:11

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by ZdenŘk on Sat 10/28/2017 at 11:53:30.11.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\ZDENK~1\Desktop\zoek\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

10/28/2017 11:54:17 AM Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\Nero Free deleted successfully
C:\PROGRA~3\PlugCache deleted successfully
C:\Users\ZDENK~1\AppData\\LocalGoogle deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\\LocalLow deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Nero Free not found
C:\PROGRA~3\Package Cache deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\AVAST Software deleted

==== Chromium Look ======================

Google Chrome Version: 29.0.1547.66

Ban Checker for Steam - ZDENK~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\canbadmphamemnmdfngmcabnjmjgaiki
Tampermonkey - ZDENK~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo
LoungeDestroyer - ZDENK~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghahcnmfjfckcedfajbhekgknjdplfcl
2.8.7 (b9b777b) - ZDENK~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnoeeagkgpkplnhmnnlgodjnjgckhja
Chrome Media Router - ZDENK~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"

==== Reset Google Chrome ======================

C:\Users\ZDENK~1\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\ZDENK~1\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\ZDENK~1\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\ZDENK~1\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\ZDENK~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\ZDENK~1\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=23 folders=28 31727051 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\ZDENK~1\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\ZDENK~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Sat 10/28/2017 at 12:09:22.07 ======================

Dak1ng · Příspěvekod **Dak1ng** » 28 říj 2017 12:20

Zemana AntiMalware 2.74.2.150 (Installed)

-------------------------------------------------------
Scan Result : Completed
Scan Date : 2017/10/28
Operating System : Windows 7 64-bit
Processor : 4X Intel(R) Core(TM) i5-4440S CPU @ 2.80GHz
BIOS Mode : UEFI
CUID : 125A1301061007B30E27EF
Scan Type : System Scan
Duration : 5m 50s
Scanned Objects : 32113
Detected Objects : 0
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

No threats detected

Dak1ng · Příspěvekod **Dak1ng** » 28 říj 2017 12:28

ComboFix 17-10-17.01 - Zdeněk 10/28/2017 12:22:00.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8080.6386 [GMT 2:00]
Spuštěný z: c:\users\Zdenýk\Desktop\ComboFix.exe
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\PFRO.log
c:\windows\security\logs\scecomp.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2017-09-28 do 2017-10-28 )))))))))))))))))))))))))))))))
.
.
2017-10-28 10:12 . 2017-10-28 10:12 203680 ----a-w- c:\windows\system32\drivers\zam64.sys
2017-10-28 10:12 . 2017-10-28 10:12 203680 ----a-w- c:\windows\system32\drivers\zamguard64.sys
2017-10-28 10:12 . 2017-10-28 10:12 -------- d-----w- c:\program files (x86)\Zemana AntiMalware
2017-10-28 10:05 . 2017-10-28 09:53 24064 ----a-w- c:\windows\zoek-delete.exe
2017-10-28 09:53 . 2017-10-28 10:03 -------- d-----w- C:\zoek_backup
2017-10-28 02:30 . 2017-10-28 02:30 13753048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D482F44E-3AB6-4160-B186-39768C45FEB1}\mpengine.dll
2017-10-27 20:23 . 2017-10-28 09:38 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-10-27 19:57 . 2017-10-27 19:57 -------- d-----w- c:\programdata\Sophos
2017-10-27 19:56 . 2017-10-27 19:56 -------- d-----w- c:\program files (x86)\Sophos
2017-10-27 18:22 . 2017-10-04 11:15 77440 ----a-w- c:\windows\system32\drivers\mbae64.sys
2017-10-27 18:22 . 2017-10-27 18:22 -------- d-----w- c:\programdata\Malwarebytes
2017-10-27 16:33 . 2017-10-27 16:33 -------- d-----w- c:\programdata\Ashampoo
2017-10-27 16:33 . 2017-10-27 16:33 -------- d-----w- c:\program files (x86)\Ashampoo
2017-10-27 13:11 . 2017-10-27 13:11 -------- d-----w- c:\program files (x86)\Nero
2017-10-27 13:10 . 2017-10-27 13:11 -------- d-----w- c:\program files (x86)\Common Files\Nero
2017-10-27 13:10 . 2017-10-27 13:11 -------- d-----w- c:\programdata\Nero
2017-10-26 23:53 . 2016-01-27 02:03 122320 ----a-w- c:\windows\system32\CONEQMSAPOGUILibrary.dll
2017-10-26 23:53 . 2016-01-27 02:03 574760 ----a-w- c:\windows\system32\AERTAC64.dll
2017-10-26 23:53 . 2016-01-27 02:03 118600 ----a-w- c:\windows\system32\AERTAR64.dll
2017-10-26 23:49 . 2016-08-16 21:54 11776 ----a-w- c:\windows\system32\drivers\cs-CZ\usbhub.sys.mui
2017-10-26 23:44 . 2017-10-26 23:44 -------- d-----w- c:\program files (x86)\MSXML 4.0
2017-10-26 23:43 . 2017-10-26 23:43 -------- d-----w- c:\programdata\DriverTalent
2017-10-26 23:42 . 2017-10-26 23:43 -------- d-----w- C:\OSTotoFolder
2017-10-26 23:42 . 2017-10-26 23:46 -------- d-----w- c:\program files (x86)\OSTotoSoft
2017-10-26 22:20 . 2017-10-26 22:44 -------- d-----w- c:\program files (x86)\Intel Driver and Support Assistant
2017-10-26 22:20 . 2016-10-18 15:14 21984 ----a-w- c:\windows\system32\drivers\semav6msr64.sys
2017-10-26 22:20 . 2017-10-26 22:20 -------- d-----w- c:\program files\Intel Driver and Support Assistant
2017-10-26 21:56 . 2017-10-26 21:56 -------- d-----w- c:\programdata\SWCUTemp
2017-10-26 20:01 . 2017-10-26 20:01 -------- d-----w- c:\program files\CPUID
2017-10-26 19:06 . 2017-10-27 18:16 -------- d-----w- C:\AdwCleaner
2017-10-26 19:03 . 2017-10-27 20:22 -------- d-----w- c:\programdata\RogueKiller
2017-10-26 19:02 . 2017-10-27 18:22 -------- d-----w- c:\program files\Malwarebytes
2017-10-22 13:19 . 2017-10-26 21:37 -------- d-----w- c:\program files (x86)\GIGABYTE
2017-10-22 13:12 . 2016-07-22 14:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2017-10-22 13:12 . 2016-07-22 14:51 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2017-10-22 12:52 . 2017-10-26 21:37 -------- d-----w- c:\program files (x86)\RivaTuner Statistics Server
2017-10-22 12:51 . 2017-10-26 21:37 -------- d-----w- c:\program files (x86)\MSI Afterburner
2017-10-22 12:48 . 2017-10-26 21:38 -------- d-----w- c:\program files\MSI Kombustor 3
2017-10-22 12:47 . 2015-07-16 19:12 6131200 ----a-w- c:\windows\SysWow64\mstscax.dll
2017-10-22 12:47 . 2015-07-16 19:11 7077376 ----a-w- c:\windows\system32\mstscax.dll
2017-10-22 12:47 . 2015-07-16 19:11 1057792 ----a-w- c:\windows\system32\rdvidcrl.dll
2017-10-22 12:47 . 2015-07-11 13:15 429568 ----a-w- c:\windows\system32\wksprt.exe
2017-10-22 12:47 . 2015-07-16 19:12 856064 ----a-w- c:\windows\SysWow64\rdvidcrl.dll
2017-10-22 12:47 . 2015-07-16 19:12 53248 ----a-w- c:\windows\SysWow64\tsgqec.dll
2017-10-22 12:47 . 2015-07-16 19:11 62976 ----a-w- c:\windows\system32\tsgqec.dll
2017-10-22 12:46 . 2014-12-11 17:47 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
2017-10-21 23:09 . 2017-10-21 23:09 -------- d-----w- c:\windows\system32\wbem\Framework
2017-10-21 22:57 . 2017-10-26 21:33 -------- d-----w- C:\NVIDIA
2017-10-21 20:09 . 2016-03-23 22:40 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2017-10-21 20:09 . 2016-03-23 22:40 3181568 ----a-w- c:\windows\system32\rdpcorets.dll
2017-10-21 20:09 . 2017-03-07 14:05 243200 ----a-w- c:\windows\system32\rdpudd.dll
2017-10-21 19:51 . 2013-10-02 01:10 44544 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2017-10-21 19:51 . 2013-10-02 04:38 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2017-10-21 19:51 . 2013-10-02 02:22 56832 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2017-10-21 19:51 . 2013-10-02 02:11 13824 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2017-10-21 19:51 . 2013-10-02 02:08 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2017-10-21 19:51 . 2013-10-02 01:48 56832 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2017-10-21 19:51 . 2013-10-02 01:48 18944 ----a-w- c:\windows\system32\wksprtPS.dll
2017-10-21 19:51 . 2013-10-02 00:14 50176 ----a-w- c:\windows\SysWow64\MsRdpWebAccess.dll
2017-10-21 19:51 . 2013-10-02 00:14 17920 ----a-w- c:\windows\SysWow64\wksprtPS.dll
2017-10-21 19:51 . 2013-10-01 23:31 1147392 ----a-w- c:\windows\system32\mstsc.exe
2017-10-21 19:51 . 2013-10-01 22:34 1068544 ----a-w- c:\windows\SysWow64\mstsc.exe
2017-10-21 19:47 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2017-10-21 19:47 . 2012-08-23 14:08 30208 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys
2017-10-21 19:47 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2017-10-21 19:47 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2017-10-21 19:42 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2017-10-21 19:42 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2017-10-21 19:42 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2017-10-21 19:42 . 2014-07-09 02:03 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2017-10-21 19:42 . 2014-07-09 01:31 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2017-10-21 19:42 . 2014-07-09 01:31 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2017-10-21 19:42 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2017-10-21 19:41 . 2015-01-09 03:14 91136 ----a-w- c:\windows\system32\wdi.dll
2017-10-21 19:41 . 2015-01-09 03:14 950272 ----a-w- c:\windows\system32\perftrack.dll
2017-10-21 19:41 . 2015-01-09 03:14 29696 ----a-w- c:\windows\system32\powertracker.dll
2017-10-21 19:41 . 2015-01-09 02:48 76800 ----a-w- c:\windows\SysWow64\wdi.dll
2017-10-21 19:39 . 2017-09-07 17:08 3072 ----a-w- c:\windows\system32\drivers\cs-CZ\usbehci.sys.mui
2017-10-21 17:08 . 2017-10-21 17:08 -------- d-----w- c:\program files (x86)\EasyAntiCheat
2017-10-21 15:26 . 2017-10-21 15:26 -------- d-s---w- c:\windows\system32\CompatTel
2017-10-21 15:26 . 2017-10-21 15:26 -------- d-----w- c:\windows\system32\appraiser
2017-10-21 10:10 . 2017-10-21 10:10 -------- d-----w- c:\programdata\Microsoft Toolkit
2017-10-21 09:33 . 2017-10-21 09:33 8946680 ----a-w- c:\windows\system32\drivers\FACEIT.sys
2017-10-21 09:33 . 2017-10-21 09:33 -------- d-----w- c:\program files\FACEIT
2017-10-21 09:33 . 2017-10-21 09:33 -------- d-----w- c:\program files\FACEIT AC
2017-10-21 09:25 . 2017-10-11 01:05 50624 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2017-10-20 23:06 . 2017-10-20 23:06 -------- d-----w- c:\windows\SysWow64\Wat
2017-10-20 23:06 . 2017-10-20 23:06 -------- d-----w- c:\windows\system32\Wat
2017-10-20 22:54 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2017-10-20 22:54 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2017-10-20 22:52 . 2017-10-20 22:54 -------- d-----w- c:\windows\system32\MRT
2017-10-20 22:52 . 2017-10-20 22:52 126925120 -c--a-w- c:\windows\system32\MRT-KB890830.exe
2017-10-20 22:50 . 2013-10-14 16:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2017-10-20 22:15 . 2017-10-20 22:15 -------- d-----w- c:\windows\Migration
2017-10-20 22:11 . 2017-09-13 15:32 95464 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2017-10-20 22:02 . 2016-04-09 04:20 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2017-10-20 22:02 . 2016-04-09 03:52 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
2017-10-20 22:02 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2017-10-20 22:02 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2017-10-19 16:10 . 2017-10-19 16:10 -------- d-----w- c:\program files\TeamSpeak 3 Client
2017-10-19 15:24 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2017-10-19 15:24 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2017-10-19 15:24 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2017-10-19 15:24 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2017-10-19 15:24 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2017-10-19 15:24 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2017-10-19 15:24 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2017-10-19 15:13 . 2017-04-27 22:50 3550208 ----a-w- c:\windows\SysWow64\D3DCompiler_47.dll
2017-10-19 15:13 . 2017-04-12 13:05 4296704 ----a-w- c:\windows\system32\D3DCompiler_47.dll
2017-10-19 15:06 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2017-10-19 15:06 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2017-10-19 15:06 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2017-10-19 15:06 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2017-10-19 15:06 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2017-10-19 15:06 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2017-10-19 15:06 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2017-10-19 15:06 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2017-10-19 15:02 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll
2017-10-19 15:02 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2017-10-19 15:01 . 2015-07-23 00:02 879104 ----a-w- c:\windows\system32\tdh.dll
2017-10-19 15:01 . 2015-07-22 17:53 635392 ----a-w- c:\windows\SysWow64\tdh.dll
2017-10-19 14:59 . 2015-07-15 18:10 1743360 ----a-w- c:\windows\system32\sysmain.dll
2017-10-19 14:58 . 2016-03-16 18:50 156672 ----a-w- c:\windows\system32\mtxoci.dll
2017-10-19 14:57 . 2012-12-07 13:20 441856 ----a-w- c:\windows\system32\Wpc.dll
2017-10-19 14:56 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-09-13 23:20 . 2017-09-13 23:20 798008 ----a-w- c:\windows\SysWow64\vulkan-1-1-0-61-0.dll
2017-09-13 23:20 . 2017-09-13 23:20 490296 ----a-w- c:\windows\SysWow64\vulkaninfo-1-1-0-61-0.exe
2017-09-13 23:19 . 2017-09-13 23:19 927544 ----a-w- c:\windows\system32\vulkan-1-1-0-61-0.dll
2017-09-13 23:19 . 2017-09-13 23:19 591160 ----a-w- c:\windows\system32\vulkaninfo-1-1-0-61-0.exe
2017-09-13 15:08 . 2017-10-20 22:12 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2017-10-25 3102496]
"ASUS ROG Armoury"="" [BU]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2017-09-20 9856176]
"FACEIT"="c:\program files\FACEIT\FACEIT.exe" [2017-10-03 81046232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-02-21 292848]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2017-09-05 587288]
"DSATray"="c:\program files (x86)\Intel Driver and Support Assistant\DsaTray.exe" [2017-09-18 131360]
.
c:\users\Zdeněk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GIGABYTE XTREME GAMING ENGINE.lnk - c:\program files (x86)\GIGABYTE\XTREME GAMING ENGINE\autorun.exe /r [2017-10-22 172176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
R2 NvTelemetryContainer;NVIDIA Telemetry Container;c:\program files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe;c:\program files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\program files (x86)\EasyAntiCheat\EasyAntiCheat.exe;c:\program files (x86)\EasyAntiCheat\EasyAntiCheat.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 NvContainerNetworkService;NVIDIA NetworkService Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]
R3 NvStreamKms;NVIDIA KMS;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 PAExec;PAExec;c:\windows\PAExec.exe;c:\windows\PAExec.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USER_ESRV_SVC_QUEENCREEK;User Energy Server Service queencreek;c:\program files\Intel\SUR\QUEENCREEK\esrv_svc.exe;c:\program files\Intel\SUR\QUEENCREEK\esrv_svc.exe [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 FACEIT;FACEIT;c:\windows\System32\Drivers\FACEIT.sys;c:\windows\SYSNATIVE\Drivers\FACEIT.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x]
S1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DSAService;Intel(R) Driver & Support Assistant;c:\program files (x86)\Intel Driver and Support Assistant\DSAService.exe;c:\program files (x86)\Intel Driver and Support Assistant\DSAService.exe [x]
S2 ESRV_SVC_QUEENCREEK;Energy Server Service queencreek;c:\program files\Intel\SUR\QUEENCREEK\esrv_svc.exe;c:\program files\Intel\SUR\QUEENCREEK\esrv_svc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 LHelperSvc;Local Helper Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 NvContainerLocalSystem;NVIDIA LocalSystem Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]
S2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [x]
S2 SystemUsageReportSvc_QUEENCREEK;Intel(R) System Usage Report Service SystemUsageReportSvc_QUEENCREEK;c:\program files\Intel Driver and Support Assistant\SUR\SurSvc.exe;c:\program files\Intel Driver and Support Assistant\SUR\SurSvc.exe [x]
S2 ZAMSvc;ZAM Controller Service;c:\program files (x86)\Zemana AntiMalware\ZAM.exe;c:\program files (x86)\Zemana AntiMalware\ZAM.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 nvvhci;NVVHCI Enumerator Service;c:\windows\system32\DRIVERS\nvvhci.sys;c:\windows\SYSNATIVE\DRIVERS\nvvhci.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 semav6msr64;semav6msr64;c:\windows\system32\drivers\semav6msr64.sys;c:\windows\SYSNATIVE\drivers\semav6msr64.sys [x]
S3 XtuAcpiDriver;Intel(R) Extreme Tuning Utility Device Service;c:\windows\system32\DRIVERS\XtuAcpiDriver.sys;c:\windows\SYSNATIVE\DRIVERS\XtuAcpiDriver.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ESPROTECTIONDRIVER
*NewlyCreated* - MBAMFARFLT
*NewlyCreated* - MBAMPROTECTION
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBPROTECTION
*NewlyCreated* - ZAM
*NewlyCreated* - ZAM_GUARD
*Deregistered* - ESProtectionDriver
*Deregistered* - MBAMFarflt
*Deregistered* - MBAMProtection
*Deregistered* - MBAMSwissArmy
*Deregistered* - MBAMWebProtection
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
LocalDriverService REG_MULTI_SZ LDrvSvc
LocalHelperService REG_MULTI_SZ LHelperSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-10-19 10:37 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2017-10-09 08:33 775064 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2017-10-09 08:33 775064 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2017-10-09 08:33 775064 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2014-04-11 36352]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2016-01-27 16418560]
"ZAM"="c:\program files (x86)\Zemana AntiMalware\ZAM.exe" [2017-08-09 15775888]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} - (no file)
AddRemove-{01f3f6b8-1a81-4b10-b51f-f69af12e1d69} - c:\programdata\Package Cache\{01f3f6b8-1a81-4b10-b51f-f69af12e1d69}\Intel Driver and Support Assistant Installer.exe
AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - c:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
AddRemove-{d992c12e-cab2-426f-bde3-fb8c53950b0d} - c:\programdata\Package Cache\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\VC_redist.x64.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2017-10-28 12:27:39
ComboFix-quarantined-files.txt 2017-10-28 10:27
ComboFix2.txt 2017-10-26 19:35
.
Před spuštěním: Volných bajtů: 922,015,469,568
Po spuštění: Volných bajtů: 921,597,669,376
.
- - End Of File - - 0DED4FE3513C01A910F969635FBD508C
5FB38429D5D77768867C76DCBDB35194

Příspěvekod **jaro3** » 28 říj 2017 13:45

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Dak1ng · Příspěvekod **Dak1ng** » 28 říj 2017 14:03

ComboFix 17-10-17.01 - Zdeněk 10/28/2017 13:50:17.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8080.6314 [GMT 2:00]
Spuštěný z: c:\users\Zdenýk\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Zdenýk\Desktop\CFScript.txt
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2017-09-28 do 2017-10-28 )))))))))))))))))))))))))))))))
.
.
2017-10-28 11:54 . 2017-10-28 11:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-10-28 10:24 . 2017-10-28 10:24 -------- d-----w- c:\users\Zdenek
2017-10-28 10:22 . 2017-10-28 10:22 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D482F44E-3AB6-4160-B186-39768C45FEB1}\offreg.1720.dll
2017-10-28 10:12 . 2017-10-28 10:12 203680 ----a-w- c:\windows\system32\drivers\zam64.sys
2017-10-28 10:12 . 2017-10-28 10:12 203680 ----a-w- c:\windows\system32\drivers\zamguard64.sys
2017-10-28 10:12 . 2017-10-28 10:12 -------- d-----w- c:\program files (x86)\Zemana AntiMalware
2017-10-28 10:05 . 2017-10-28 09:53 24064 ----a-w- c:\windows\zoek-delete.exe
2017-10-28 09:53 . 2017-10-28 10:03 -------- d-----w- C:\zoek_backup
2017-10-28 02:30 . 2017-10-28 02:30 13753048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D482F44E-3AB6-4160-B186-39768C45FEB1}\mpengine.dll
2017-10-27 20:23 . 2017-10-28 09:38 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-10-27 19:57 . 2017-10-27 19:57 -------- d-----w- c:\programdata\Sophos
2017-10-27 19:56 . 2017-10-27 19:56 -------- d-----w- c:\program files (x86)\Sophos
2017-10-27 18:22 . 2017-10-04 11:15 77440 ----a-w- c:\windows\system32\drivers\mbae64.sys
2017-10-27 18:22 . 2017-10-27 18:22 -------- d-----w- c:\programdata\Malwarebytes
2017-10-27 16:33 . 2017-10-27 16:33 -------- d-----w- c:\programdata\Ashampoo
2017-10-27 16:33 . 2017-10-27 16:33 -------- d-----w- c:\program files (x86)\Ashampoo
2017-10-27 13:11 . 2017-10-27 13:11 -------- d-----w- c:\program files (x86)\Nero
2017-10-27 13:10 . 2017-10-27 13:11 -------- d-----w- c:\program files (x86)\Common Files\Nero
2017-10-27 13:10 . 2017-10-27 13:11 -------- d-----w- c:\programdata\Nero
2017-10-26 23:53 . 2016-01-27 02:03 122320 ----a-w- c:\windows\system32\CONEQMSAPOGUILibrary.dll
2017-10-26 23:53 . 2016-01-27 02:03 574760 ----a-w- c:\windows\system32\AERTAC64.dll
2017-10-26 23:53 . 2016-01-27 02:03 118600 ----a-w- c:\windows\system32\AERTAR64.dll
2017-10-26 23:49 . 2016-08-16 21:54 11776 ----a-w- c:\windows\system32\drivers\cs-CZ\usbhub.sys.mui
2017-10-26 23:44 . 2017-10-26 23:44 -------- d-----w- c:\program files (x86)\MSXML 4.0
2017-10-26 23:43 . 2017-10-26 23:43 -------- d-----w- c:\programdata\DriverTalent
2017-10-26 23:42 . 2017-10-26 23:43 -------- d-----w- C:\OSTotoFolder
2017-10-26 23:42 . 2017-10-26 23:46 -------- d-----w- c:\program files (x86)\OSTotoSoft
2017-10-26 22:20 . 2017-10-26 22:44 -------- d-----w- c:\program files (x86)\Intel Driver and Support Assistant
2017-10-26 22:20 . 2016-10-18 15:14 21984 ----a-w- c:\windows\system32\drivers\semav6msr64.sys
2017-10-26 22:20 . 2017-10-26 22:20 -------- d-----w- c:\program files\Intel Driver and Support Assistant
2017-10-26 21:56 . 2017-10-26 21:56 -------- d-----w- c:\programdata\SWCUTemp
2017-10-26 20:01 . 2017-10-26 20:01 -------- d-----w- c:\program files\CPUID
2017-10-26 19:06 . 2017-10-27 18:16 -------- d-----w- C:\AdwCleaner
2017-10-26 19:03 . 2017-10-27 20:22 -------- d-----w- c:\programdata\RogueKiller
2017-10-26 19:02 . 2017-10-27 18:22 -------- d-----w- c:\program files\Malwarebytes
2017-10-22 13:19 . 2017-10-26 21:37 -------- d-----w- c:\program files (x86)\GIGABYTE
2017-10-22 13:12 . 2016-07-22 14:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2017-10-22 13:12 . 2016-07-22 14:51 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2017-10-22 12:52 . 2017-10-26 21:37 -------- d-----w- c:\program files (x86)\RivaTuner Statistics Server
2017-10-22 12:51 . 2017-10-26 21:37 -------- d-----w- c:\program files (x86)\MSI Afterburner
2017-10-22 12:48 . 2017-10-26 21:38 -------- d-----w- c:\program files\MSI Kombustor 3
2017-10-22 12:47 . 2015-07-16 19:12 6131200 ----a-w- c:\windows\SysWow64\mstscax.dll
2017-10-22 12:47 . 2015-07-16 19:11 7077376 ----a-w- c:\windows\system32\mstscax.dll
2017-10-22 12:47 . 2015-07-16 19:11 1057792 ----a-w- c:\windows\system32\rdvidcrl.dll
2017-10-22 12:47 . 2015-07-11 13:15 429568 ----a-w- c:\windows\system32\wksprt.exe
2017-10-22 12:47 . 2015-07-16 19:12 856064 ----a-w- c:\windows\SysWow64\rdvidcrl.dll
2017-10-22 12:47 . 2015-07-16 19:12 53248 ----a-w- c:\windows\SysWow64\tsgqec.dll
2017-10-22 12:47 . 2015-07-16 19:11 62976 ----a-w- c:\windows\system32\tsgqec.dll
2017-10-22 12:46 . 2014-12-11 17:47 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
2017-10-21 23:09 . 2017-10-21 23:09 -------- d-----w- c:\windows\system32\wbem\Framework
2017-10-21 22:57 . 2017-10-26 21:33 -------- d-----w- C:\NVIDIA
2017-10-21 20:09 . 2016-03-23 22:40 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2017-10-21 20:09 . 2016-03-23 22:40 3181568 ----a-w- c:\windows\system32\rdpcorets.dll
2017-10-21 20:09 . 2017-03-07 14:05 243200 ----a-w- c:\windows\system32\rdpudd.dll
2017-10-21 19:51 . 2013-10-02 01:10 44544 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2017-10-21 19:51 . 2013-10-02 04:38 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2017-10-21 19:51 . 2013-10-02 02:22 56832 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2017-10-21 19:51 . 2013-10-02 02:11 13824 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2017-10-21 19:51 . 2013-10-02 02:08 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2017-10-21 19:51 . 2013-10-02 01:48 56832 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2017-10-21 19:51 . 2013-10-02 01:48 18944 ----a-w- c:\windows\system32\wksprtPS.dll
2017-10-21 19:51 . 2013-10-02 00:14 50176 ----a-w- c:\windows\SysWow64\MsRdpWebAccess.dll
2017-10-21 19:51 . 2013-10-02 00:14 17920 ----a-w- c:\windows\SysWow64\wksprtPS.dll
2017-10-21 19:51 . 2013-10-01 23:31 1147392 ----a-w- c:\windows\system32\mstsc.exe
2017-10-21 19:51 . 2013-10-01 22:34 1068544 ----a-w- c:\windows\SysWow64\mstsc.exe
2017-10-21 19:47 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2017-10-21 19:47 . 2012-08-23 14:08 30208 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys
2017-10-21 19:47 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2017-10-21 19:47 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2017-10-21 19:42 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2017-10-21 19:42 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2017-10-21 19:42 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2017-10-21 19:42 . 2014-07-09 02:03 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2017-10-21 19:42 . 2014-07-09 01:31 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2017-10-21 19:42 . 2014-07-09 01:31 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2017-10-21 19:42 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2017-10-21 19:41 . 2015-01-09 03:14 91136 ----a-w- c:\windows\system32\wdi.dll
2017-10-21 19:41 . 2015-01-09 03:14 950272 ----a-w- c:\windows\system32\perftrack.dll
2017-10-21 19:41 . 2015-01-09 03:14 29696 ----a-w- c:\windows\system32\powertracker.dll
2017-10-21 19:41 . 2015-01-09 02:48 76800 ----a-w- c:\windows\SysWow64\wdi.dll
2017-10-21 19:39 . 2017-09-07 17:08 3072 ----a-w- c:\windows\system32\drivers\cs-CZ\usbehci.sys.mui
2017-10-21 17:08 . 2017-10-21 17:08 -------- d-----w- c:\program files (x86)\EasyAntiCheat
2017-10-21 15:26 . 2017-10-21 15:26 -------- d-s---w- c:\windows\system32\CompatTel
2017-10-21 15:26 . 2017-10-21 15:26 -------- d-----w- c:\windows\system32\appraiser
2017-10-21 10:10 . 2017-10-21 10:10 -------- d-----w- c:\programdata\Microsoft Toolkit
2017-10-21 09:33 . 2017-10-21 09:33 8946680 ----a-w- c:\windows\system32\drivers\FACEIT.sys
2017-10-21 09:33 . 2017-10-21 09:33 -------- d-----w- c:\program files\FACEIT
2017-10-21 09:33 . 2017-10-21 09:33 -------- d-----w- c:\program files\FACEIT AC
2017-10-21 09:25 . 2017-10-11 01:05 50624 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2017-10-20 23:06 . 2017-10-20 23:06 -------- d-----w- c:\windows\SysWow64\Wat
2017-10-20 23:06 . 2017-10-20 23:06 -------- d-----w- c:\windows\system32\Wat
2017-10-20 22:54 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2017-10-20 22:54 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2017-10-20 22:52 . 2017-10-20 22:54 -------- d-----w- c:\windows\system32\MRT
2017-10-20 22:52 . 2017-10-20 22:52 126925120 -c--a-w- c:\windows\system32\MRT-KB890830.exe
2017-10-20 22:50 . 2013-10-14 16:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2017-10-20 22:15 . 2017-10-20 22:15 -------- d-----w- c:\windows\Migration
2017-10-20 22:11 . 2017-09-13 15:32 95464 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2017-10-20 22:02 . 2016-04-09 04:20 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2017-10-20 22:02 . 2016-04-09 03:52 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
2017-10-20 22:02 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2017-10-20 22:02 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2017-10-19 16:10 . 2017-10-19 16:10 -------- d-----w- c:\program files\TeamSpeak 3 Client
2017-10-19 15:24 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2017-10-19 15:24 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2017-10-19 15:24 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2017-10-19 15:24 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2017-10-19 15:24 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2017-10-19 15:24 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2017-10-19 15:24 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2017-10-19 15:13 . 2017-04-27 22:50 3550208 ----a-w- c:\windows\SysWow64\D3DCompiler_47.dll
2017-10-19 15:13 . 2017-04-12 13:05 4296704 ----a-w- c:\windows\system32\D3DCompiler_47.dll
2017-10-19 15:06 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2017-10-19 15:06 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2017-10-19 15:06 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2017-10-19 15:06 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2017-10-19 15:06 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2017-10-19 15:06 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2017-10-19 15:06 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2017-10-19 15:06 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2017-10-19 15:02 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll
2017-10-19 15:02 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2017-10-19 15:01 . 2015-07-23 00:02 879104 ----a-w- c:\windows\system32\tdh.dll
2017-10-19 15:01 . 2015-07-22 17:53 635392 ----a-w- c:\windows\SysWow64\tdh.dll
2017-10-19 14:59 . 2015-07-15 18:10 1743360 ----a-w- c:\windows\system32\sysmain.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-09-13 23:20 . 2017-09-13 23:20 798008 ----a-w- c:\windows\SysWow64\vulkan-1-1-0-61-0.dll
2017-09-13 23:20 . 2017-09-13 23:20 490296 ----a-w- c:\windows\SysWow64\vulkaninfo-1-1-0-61-0.exe
2017-09-13 23:19 . 2017-09-13 23:19 927544 ----a-w- c:\windows\system32\vulkan-1-1-0-61-0.dll
2017-09-13 23:19 . 2017-09-13 23:19 591160 ----a-w- c:\windows\system32\vulkaninfo-1-1-0-61-0.exe
2017-09-13 15:08 . 2017-10-20 22:12 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2017-10-25 3102496]
"ASUS ROG Armoury"="" [BU]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2017-09-20 9856176]
"FACEIT"="c:\program files\FACEIT\FACEIT.exe" [2017-10-03 81046232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-02-21 292848]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2017-09-05 587288]
"DSATray"="c:\program files (x86)\Intel Driver and Support Assistant\DsaTray.exe" [2017-09-18 131360]
.
c:\users\Zdeněk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GIGABYTE XTREME GAMING ENGINE.lnk - c:\program files (x86)\GIGABYTE\XTREME GAMING ENGINE\autorun.exe /r [2017-10-22 172176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
R2 NvTelemetryContainer;NVIDIA Telemetry Container;c:\program files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe;c:\program files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\program files (x86)\EasyAntiCheat\EasyAntiCheat.exe;c:\program files (x86)\EasyAntiCheat\EasyAntiCheat.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 NvContainerNetworkService;NVIDIA NetworkService Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]
R3 NvStreamKms;NVIDIA KMS;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 PAExec;PAExec;c:\windows\PAExec.exe;c:\windows\PAExec.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USER_ESRV_SVC_QUEENCREEK;User Energy Server Service queencreek;c:\program files\Intel\SUR\QUEENCREEK\esrv_svc.exe;c:\program files\Intel\SUR\QUEENCREEK\esrv_svc.exe [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 FACEIT;FACEIT;c:\windows\System32\Drivers\FACEIT.sys;c:\windows\SYSNATIVE\Drivers\FACEIT.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x]
S1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DSAService;Intel(R) Driver & Support Assistant;c:\program files (x86)\Intel Driver and Support Assistant\DSAService.exe;c:\program files (x86)\Intel Driver and Support Assistant\DSAService.exe [x]
S2 ESRV_SVC_QUEENCREEK;Energy Server Service queencreek;c:\program files\Intel\SUR\QUEENCREEK\esrv_svc.exe;c:\program files\Intel\SUR\QUEENCREEK\esrv_svc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 LHelperSvc;Local Helper Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 NvContainerLocalSystem;NVIDIA LocalSystem Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]
S2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [x]
S2 SystemUsageReportSvc_QUEENCREEK;Intel(R) System Usage Report Service SystemUsageReportSvc_QUEENCREEK;c:\program files\Intel Driver and Support Assistant\SUR\SurSvc.exe;c:\program files\Intel Driver and Support Assistant\SUR\SurSvc.exe [x]
S2 ZAMSvc;ZAM Controller Service;c:\program files (x86)\Zemana AntiMalware\ZAM.exe;c:\program files (x86)\Zemana AntiMalware\ZAM.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 nvvhci;NVVHCI Enumerator Service;c:\windows\system32\DRIVERS\nvvhci.sys;c:\windows\SYSNATIVE\DRIVERS\nvvhci.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 semav6msr64;semav6msr64;c:\windows\system32\drivers\semav6msr64.sys;c:\windows\SYSNATIVE\drivers\semav6msr64.sys [x]
S3 XtuAcpiDriver;Intel(R) Extreme Tuning Utility Device Service;c:\windows\system32\DRIVERS\XtuAcpiDriver.sys;c:\windows\SYSNATIVE\DRIVERS\XtuAcpiDriver.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ESPROTECTIONDRIVER
*NewlyCreated* - MBAMFARFLT
*NewlyCreated* - MBAMPROTECTION
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBPROTECTION
*NewlyCreated* - ZAM
*NewlyCreated* - ZAM_GUARD
*Deregistered* - ESProtectionDriver
*Deregistered* - MBAMFarflt
*Deregistered* - MBAMProtection
*Deregistered* - MBAMSwissArmy
*Deregistered* - MBAMWebProtection
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
LocalDriverService REG_MULTI_SZ LDrvSvc
LocalHelperService REG_MULTI_SZ LHelperSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-10-19 10:37 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2017-10-09 08:33 775064 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2017-10-09 08:33 775064 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2017-10-09 08:33 775064 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2014-04-11 36352]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2016-01-27 16418560]
"ZAM"="c:\program files (x86)\Zemana AntiMalware\ZAM.exe" [2017-08-09 15775888]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} - (no file)
AddRemove-{01f3f6b8-1a81-4b10-b51f-f69af12e1d69} - c:\programdata\Package Cache\{01f3f6b8-1a81-4b10-b51f-f69af12e1d69}\Intel Driver and Support Assistant Installer.exe
AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - c:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
AddRemove-{d992c12e-cab2-426f-bde3-fb8c53950b0d} - c:\programdata\Package Cache\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\VC_redist.x64.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2017-10-28 13:55:17
ComboFix-quarantined-files.txt 2017-10-28 11:55
ComboFix2.txt 2017-10-28 10:27
ComboFix3.txt 2017-10-26 19:35
.
Před spuštěním: Volných bajtů: 921,703,690,240
Po spuštění: Volných bajtů: 921,626,382,336
.
- - End Of File - - 9C82DBA3832135F17E743CBEC8B6B61F
5FB38429D5D77768867C76DCBDB35194

Dak1ng · Příspěvekod **Dak1ng** » 28 říj 2017 14:04

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 2:04:23 PM, on 10/28/2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18817)

Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Users\Zdeněk\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DSATray] C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [FACEIT] "C:\Program Files\FACEIT\FACEIT.exe"
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Intel(R) Driver & Support Assistant (DSAService) - Intel - C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Energy Server Service queencreek (ESRV_SVC_QUEENCREEK) - Unknown owner - C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: PAExec - Power Admin LLC - C:\Windows\PAExec.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Intel(R) System Usage Report Service SystemUsageReportSvc_QUEENCREEK (SystemUsageReportSvc_QUEENCREEK) - Unknown owner - C:\Program Files\Intel Driver and Support Assistant\SUR\SurSvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: User Energy Server Service queencreek (USER_ESRV_SVC_QUEENCREEK) - Unknown owner - C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAM Controller Service (ZAMSvc) - Copyright 2017. - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe

--
End of file - 8925 bytes

Dak1ng · Příspěvekod **Dak1ng** » 28 říj 2017 14:06

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2017-10-28 14:05:38
-----------------------------
14:05:38.922 OS Version: Windows x64 6.1.7601 Service Pack 1
14:05:38.922 Number of processors: 4 586 0x3C03
14:05:38.922 ComputerName: ZDENEK-PC UserName: Zdenek
14:05:39.718 Initialize success
14:05:39.780 VM: initialized successfully
14:05:39.780 VM: Intel CPU supported
14:05:50.435 VM: not used
14:05:55.583 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000068
14:05:55.583 Disk 0 Vendor: ST1000DM CC43 Size: 953869MB BusType: 11
14:05:55.676 Disk 0 MBR read successfully
14:05:55.676 Disk 0 MBR scan
14:05:55.676 Disk 0 unknown MBR code
14:05:55.676 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
14:05:55.692 Disk 0 scanning C:\Windows\system32\drivers
14:06:00.247 Service scanning
14:06:08.640 Modules scanning
14:06:08.640 Disk 0 trace - called modules:
14:06:08.656 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll iaStorA.sys
14:06:09.155 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009f2d060]
14:06:09.155 3 CLASSPNP.SYS[fffff880025d143f] -> nt!IofCallDriver -> \Device\00000068[0xfffffa800766e9c0]
14:06:09.155 Disk 0 statistics 93168/0/0 @ 10.09 MB/s
14:06:09.155 Scan finished successfully
14:06:24.973 Disk 0 MBR has been saved successfully to "C:\Users\Zdenek\Desktop\MBR.dat"
14:06:24.973 The log file has been saved successfully to "C:\Users\Zdenek\Desktop\aswMBR.txt"

Příspěvekod **Orcus** » 28 říj 2017 15:36

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

====================================================

Vyčisti systém CCleanerem

====================================================

Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore) .
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci.

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem. Jinak je zpráva zde: C: \ DelFix.txt

Co problémy?

Dak1ng · Příspěvekod **Dak1ng** » 28 říj 2017 15:55

# DelFix v1.013 - Logfile created 28/10/2017 at 15:45:19
# Updated 17/04/2016 by Xplode
# Username : Zdeněk - ZDENĚK-PC
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\ComboFix.txt
Deleted : C:\zoek-results.log
Deleted : C:\Users\Zdeněk\Desktop\AdwCleaner.exe
Deleted : C:\Users\Zdeněk\Desktop\aswmbr.exe
Deleted : C:\Users\Zdeněk\Desktop\aswMBR.txt
Deleted : C:\Users\Zdeněk\Desktop\CFScript.txt
Deleted : C:\Users\Zdeněk\Desktop\ComboFix.exe
Deleted : C:\Users\Zdeněk\Desktop\JRT error.PNG
Deleted : C:\Users\Zdeněk\Desktop\JRT.exe
Deleted : C:\Users\Zdeněk\Desktop\JRT.txt
Deleted : C:\Users\Zdeněk\Desktop\HijackThis.exe
Deleted : C:\Users\Zdeněk\Desktop\hijackthis.log
Deleted : C:\Users\Zdeněk\Desktop\MBR.dat
Deleted : C:\Users\Zdeněk\Desktop\RogueKiller_portable64.exe
Deleted : C:\Users\Zdeněk\Desktop\TFC.exe
Deleted : C:\Users\Zdeněk\Desktop\zoek.rar
Deleted : C:\Users\Zdeněk\Downloads\AdwCleaner.exe
Deleted : C:\Users\Zdeněk\Downloads\aswmbr.exe
Deleted : C:\Users\Zdeněk\Downloads\ComboFix.exe
Deleted : C:\Users\Zdeněk\Downloads\JRT.exe
Deleted : C:\Users\Zdeněk\Downloads\RogueKiller_portable64.exe
Deleted : C:\Users\Zdeněk\Downloads\TFC.exe
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR
Deleted : HKLM\SYSTEM\CurrentControlSet\Services\aswMBR

~ Cleaning system restore ...

Deleted : RP #30 [MB-20171026234449 | 10/26/2017 23:44:49]
Deleted : RP #31 [Instalováno Realtek High Definition Audio Driver | 10/26/2017 23:52:40]
Deleted : RP #32 [Windows Update | 10/27/2017 00:38:18]
Deleted : RP #33 [Installed Nero 9 Essentials 4.4.9.0 | 10/27/2017 13:09:15]
Deleted : RP #34 [Installed Nero 9 Essentials 4.4.9.0 | 10/27/2017 13:12:45]
Deleted : RP #35 [JRT Pre-Junkware Removal | 10/27/2017 19:50:12]
Deleted : RP #36 [Installed Sophos Virus Removal Tool. | 10/27/2017 19:56:15]
Deleted : RP #37 [zoek.exe restore point | 10/28/2017 09:54:09]

New restore point created !

########## - EOF - ##########

Dak1ng · Příspěvekod **Dak1ng** » 28 říj 2017 15:57

FPS fixnuté na 250, občas to tedá skočí zpět na těch 80, ale to je tak na 2 sekundy. Díky moc jaro3 a Orcus za pomoc! :inlove:

Výrazné snížení výkonu 02. Vyřešeno

Re: Výrazné snížení výkonu 02.

Re: Výrazné snížení výkonu 02.

Re: Výrazné snížení výkonu 02.

Re: Výrazné snížení výkonu 02.

Re: Výrazné snížení výkonu 02.

Re: Výrazné snížení výkonu 02.

Re: Výrazné snížení výkonu 02.

Re: Výrazné snížení výkonu 02.

Re: Výrazné snížení výkonu 02.

Re: Výrazné snížení výkonu 02.

Re: Výrazné snížení výkonu 02.

Re: Výrazné snížení výkonu 02.

Kdo je online