Od středy zpomalenej net - důvod?

Ardis · Příspěvekod **Ardis** » 15 lis 2014 16:49

ComboFix log:

ComboFix 14-11-15.01 - Ardis 15.11.2014 16:18:28.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4060.2678 [GMT 1:00]
Spuštěný z: d:\users\Ardis\Downloads\ComboFix.exe
Použité ovládací přepínače :: d:\users\Ardis\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"d:\windows\Tasks\Adobe Flash Player Updater.job"
"d:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"d:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\program files (x86)\Google\Update
d:\program files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
d:\program files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
d:\program files (x86)\Google\Update\1.3.25.11\GoogleUpdate.exe
d:\program files (x86)\Google\Update\1.3.25.11\GoogleUpdateBroker.exe
d:\program files (x86)\Google\Update\1.3.25.11\GoogleUpdateComRegisterShell64.exe
d:\program files (x86)\Google\Update\1.3.25.11\GoogleUpdateHelper.msi
d:\program files (x86)\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe
d:\program files (x86)\Google\Update\1.3.25.11\GoogleUpdateSetup.exe
d:\program files (x86)\Google\Update\1.3.25.11\goopdate.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_am.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_ar.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_bg.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_bn.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_ca.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_cs.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_da.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_de.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_el.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_en-GB.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_en.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_es-419.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_es.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_et.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_fa.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_fi.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_fil.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_fr.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_gu.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_hi.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_hr.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_hu.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_id.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_is.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_it.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_iw.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_ja.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_kn.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_ko.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_lt.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_lv.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_ml.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_mr.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_ms.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_nl.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_no.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_pl.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_pt-BR.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_pt-PT.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_ro.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_ru.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_sk.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_sl.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_sr.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_sv.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_sw.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_ta.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_te.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_th.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_tr.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_uk.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_ur.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_vi.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_zh-CN.dll
d:\program files (x86)\Google\Update\1.3.25.11\goopdateres_zh-TW.dll
d:\program files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
d:\program files (x86)\Google\Update\1.3.25.11\psmachine.dll
d:\program files (x86)\Google\Update\1.3.25.11\psmachine_64.dll
d:\program files (x86)\Google\Update\1.3.25.11\psuser.dll
d:\program files (x86)\Google\Update\1.3.25.11\psuser_64.dll
d:\program files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.25.11\GoogleUpdateSetup.exe
d:\program files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\38.0.2125.111\38.0.2125.111_38.0.2125.104_chrome_updater.exe
d:\program files (x86)\Google\Update\GoogleUpdate.exe
d:\windows\Tasks\Adobe Flash Player Updater.job
d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-10-15 do 2014-11-15 )))))))))))))))))))))))))))))))
.
.
2014-11-15 15:23 . 2014-11-15 15:23 -------- d-----w- d:\users\Default\AppData\Local\temp
2014-11-15 14:56 . 2014-11-15 14:56 -------- d-sh--w- d:\users\Ardis\AppData\Local\EmieBrowserModeList
2014-11-15 11:43 . 2014-11-15 11:43 75888 ----a-w- d:\programdata\Microsoft\Windows Defender\Definition Updates\{D2664C49-1C00-45E6-8363-4D7C8BD653F2}\offreg.dll
2014-11-15 09:49 . 2014-11-15 09:49 -------- d-----w- d:\program files\Speccy
2014-11-14 19:41 . 2014-11-14 19:33 24064 ----a-w- d:\windows\zoek-delete.exe
2014-11-14 19:41 . 2014-11-15 15:26 -------- d-----w- d:\users\Ardis\AppData\Local\Temp
2014-11-14 18:50 . 2014-11-14 19:40 -------- d-----w- D:\zoek_backup
2014-11-14 17:31 . 2014-11-14 17:31 -------- d-----w- d:\windows\ERUNT
2014-11-14 17:17 . 2014-11-14 18:41 37624 ----a-w- d:\windows\system32\drivers\TrueSight.sys
2014-11-14 17:17 . 2014-11-14 17:17 -------- d-----w- d:\programdata\RogueKiller
2014-11-14 15:21 . 2014-11-14 15:21 79064 ----a-w- d:\windows\system32\drivers\lkujmbvq.sys
2014-11-14 15:10 . 2014-11-14 17:14 129752 ----a-w- d:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-14 15:10 . 2014-11-14 15:10 -------- d-----w- d:\program files (x86)\Malwarebytes Anti-Malware
2014-11-14 15:10 . 2014-11-14 15:10 -------- d-----w- d:\programdata\Malwarebytes
2014-11-14 15:10 . 2014-10-01 10:11 63704 ----a-w- d:\windows\system32\drivers\mwac.sys
2014-11-14 15:10 . 2014-10-01 10:11 93400 ----a-w- d:\windows\system32\drivers\mbamchameleon.sys
2014-11-14 15:10 . 2014-10-01 10:11 25816 ----a-w- d:\windows\system32\drivers\mbam.sys
2014-11-12 08:34 . 2014-08-21 06:43 1882624 ----a-w- d:\windows\system32\msxml3.dll
2014-11-12 08:34 . 2014-08-21 06:40 2048 ----a-w- d:\windows\system32\msxml3r.dll
2014-11-12 08:34 . 2014-08-21 06:26 1237504 ----a-w- d:\windows\SysWow64\msxml3.dll
2014-11-12 08:34 . 2014-08-21 06:23 2048 ----a-w- d:\windows\SysWow64\msxml3r.dll
2014-11-12 08:30 . 2014-10-14 02:16 155064 ----a-w- d:\windows\system32\drivers\ksecpkg.sys
2014-11-12 08:30 . 2014-10-14 02:13 683520 ----a-w- d:\windows\system32\termsrv.dll
2014-11-12 08:29 . 2014-10-14 02:12 1460736 ----a-w- d:\windows\system32\lsasrv.dll
2014-11-12 08:29 . 2014-10-14 02:09 146432 ----a-w- d:\windows\system32\msaudite.dll
2014-11-12 08:29 . 2014-10-14 02:07 681984 ----a-w- d:\windows\system32\adtschema.dll
2014-11-12 08:29 . 2014-10-14 01:50 22016 ----a-w- d:\windows\SysWow64\secur32.dll
2014-11-12 08:29 . 2014-10-14 01:49 96768 ----a-w- d:\windows\SysWow64\sspicli.dll
2014-11-12 08:29 . 2014-10-14 01:47 146432 ----a-w- d:\windows\SysWow64\msaudite.dll
2014-11-12 08:29 . 2014-10-14 01:46 681984 ----a-w- d:\windows\SysWow64\adtschema.dll
2014-11-12 08:24 . 2014-08-12 02:02 878080 ----a-w- d:\windows\system32\IMJP10K.DLL
2014-11-12 08:24 . 2014-08-12 01:36 701440 ----a-w- d:\windows\SysWow64\IMJP10K.DLL
2014-11-12 08:24 . 2014-10-03 02:12 500224 ----a-w- d:\windows\system32\AUDIOKSE.dll
2014-11-12 08:24 . 2014-10-03 02:11 680960 ----a-w- d:\windows\system32\audiosrv.dll
2014-11-12 08:24 . 2014-10-03 01:44 442880 ----a-w- d:\windows\SysWow64\AUDIOKSE.dll
2014-11-12 08:24 . 2014-10-03 02:11 284672 ----a-w- d:\windows\system32\EncDump.dll
2014-11-12 08:24 . 2014-10-03 02:11 440832 ----a-w- d:\windows\system32\AudioEng.dll
2014-11-12 08:24 . 2014-10-03 02:11 296448 ----a-w- d:\windows\system32\AudioSes.dll
2014-11-12 08:24 . 2014-10-03 01:44 374784 ----a-w- d:\windows\SysWow64\AudioEng.dll
2014-11-12 08:24 . 2014-10-03 01:44 195584 ----a-w- d:\windows\SysWow64\AudioSes.dll
2014-11-12 08:22 . 2014-10-25 01:57 77824 ----a-w- d:\windows\system32\packager.dll
2014-11-12 08:22 . 2014-10-25 01:32 67584 ----a-w- d:\windows\SysWow64\packager.dll
2014-11-12 08:22 . 2014-10-10 00:57 3198976 ----a-w- d:\windows\system32\win32k.sys
2014-11-12 08:22 . 2014-10-18 02:05 861696 ----a-w- d:\windows\system32\oleaut32.dll
2014-11-12 08:22 . 2014-10-18 01:33 571904 ----a-w- d:\windows\SysWow64\oleaut32.dll
2014-11-07 20:54 . 2014-11-14 14:09 -------- d-----w- d:\programdata\Spybot - Search & Destroy
2014-11-07 20:53 . 2014-11-14 14:14 -------- d-----w- d:\program files (x86)\Spybot - Search & Destroy 2
2014-11-07 06:44 . 2014-11-07 06:44 -------- d-----w- d:\program files (x86)\Microsoft ASP.NET
2014-11-07 06:00 . 2014-06-18 22:23 1943696 ----a-w- d:\windows\system32\dfshim.dll
2014-11-07 06:00 . 2014-06-18 22:23 156312 ----a-w- d:\windows\system32\mscorier.dll
2014-11-07 06:00 . 2014-06-18 22:23 156824 ----a-w- d:\windows\SysWow64\mscorier.dll
2014-11-07 06:00 . 2014-06-18 22:23 1131664 ----a-w- d:\windows\SysWow64\dfshim.dll
2014-11-07 06:00 . 2014-06-18 22:23 73880 ----a-w- d:\windows\system32\mscories.dll
2014-11-07 06:00 . 2014-06-18 22:23 81560 ----a-w- d:\windows\SysWow64\mscories.dll
2014-11-07 05:55 . 2014-08-30 02:10 6583296 ----a-w- d:\windows\system32\mstscax.dll
2014-11-07 05:55 . 2014-08-30 01:50 5702656 ----a-w- d:\windows\SysWow64\mstscax.dll
2014-11-07 05:55 . 2014-08-29 02:07 3179520 ----a-w- d:\windows\system32\rdpcorets.dll
2014-11-07 05:55 . 2014-09-04 05:23 424448 ----a-w- d:\windows\system32\rastls.dll
2014-11-07 05:55 . 2014-09-04 05:04 372736 ----a-w- d:\windows\SysWow64\rastls.dll
2014-11-07 05:55 . 2014-07-17 02:07 235520 ----a-w- d:\windows\system32\winsta.dll
2014-11-07 05:55 . 2014-07-17 02:07 150528 ----a-w- d:\windows\system32\rdpcorekmts.dll
2014-11-07 05:55 . 2014-07-17 02:07 455168 ----a-w- d:\windows\system32\winlogon.exe
2014-11-07 05:55 . 2014-07-17 01:40 157696 ----a-w- d:\windows\SysWow64\winsta.dll
2014-11-07 05:55 . 2014-07-17 01:21 212480 ----a-w- d:\windows\system32\drivers\rdpwd.sys
2014-11-07 05:55 . 2014-07-17 01:21 39936 ----a-w- d:\windows\system32\drivers\tssecsrv.sys
2014-11-06 19:11 . 2014-11-06 19:11 -------- d-----w- d:\users\Ardis\AppData\Roaming\LavasoftStatistics
2014-11-06 19:01 . 2014-11-06 19:01 -------- d-----w- d:\program files\Common Files\Lavasoft
2014-11-06 18:50 . 2014-11-06 18:50 -------- d-----w- d:\programdata\Lavasoft
2014-11-04 20:33 . 2014-11-04 20:33 -------- d-----w- d:\program files (x86)\LogMeIn Hamachi
2014-11-03 19:59 . 2014-11-03 19:59 -------- d-----w- D:\Hudba
2014-10-25 11:36 . 2014-10-25 11:36 -------- d-----w- d:\users\Ardis\AppData\Roaming\HeroesAndGeneralsDesktop
2014-10-25 11:29 . 2014-10-25 11:29 -------- d-----w- d:\users\Ardis\AppData\Local\PAYDAY
2014-10-24 19:37 . 2014-10-24 19:38 -------- d-----w- d:\users\Ardis\AppData\Roaming\DarkSoulsII
2014-10-24 19:35 . 2014-10-24 19:35 -------- d-----w- d:\users\Ardis\AppData\Roaming\Dark Souls 2
2014-10-24 19:05 . 2014-10-24 19:05 -------- d-----w- d:\program files (x86)\R.G. Mechanics
2014-10-24 13:10 . 2012-08-15 16:21 827728 ----a-w- d:\windows\system32\msvcr100.dll
2014-10-24 13:10 . 2011-03-28 09:37 796672 ----a-w- d:\windows\system32\msvcr80.dll
2014-10-24 13:08 . 2013-10-23 07:14 970912 ----a-w- d:\windows\system32\msvcr120.dll
2014-10-23 13:59 . 2014-10-28 18:15 -------- d-----w- d:\users\Ardis\AppData\Local\gtk-2.0
2014-10-23 13:59 . 2014-10-23 13:59 -------- d-----w- d:\users\Ardis\.thumbnails
2014-10-23 13:56 . 2014-10-23 13:56 -------- d-----w- d:\users\Ardis\AppData\Local\fontconfig
2014-10-23 13:56 . 2014-10-28 18:15 -------- d-----w- d:\users\Ardis\.gimp-2.8
2014-10-23 13:56 . 2014-10-23 13:56 -------- d-----w- d:\users\Ardis\AppData\Local\gegl-0.2
2014-10-23 13:54 . 2014-10-23 13:55 -------- d-----w- d:\program files\GIMP 2
2014-10-21 17:38 . 2014-10-21 17:38 -------- d-----w- d:\users\Ardis\AppData\Local\Rebellion
2014-10-21 17:37 . 2014-10-21 17:37 -------- d-----w- d:\program files (x86)\AvP Classic
2014-10-18 13:39 . 2014-10-18 13:39 -------- d--h--w- d:\program files (x86)\Common Files\EAInstaller
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-13 18:58 . 2014-06-25 18:40 71344 ----a-w- d:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-13 18:58 . 2014-06-25 18:40 701104 ----a-w- d:\windows\SysWow64\FlashPlayerApp.exe
2014-11-12 10:55 . 2014-07-02 17:25 103374192 ----a-w- d:\windows\system32\MRT.exe
2014-10-08 04:43 . 2014-10-08 04:43 2048 ----a-w- d:\windows\SysWow64\winver.exe
2014-10-08 04:43 . 2014-10-08 04:43 833024 ----a-w- d:\windows\SysWow64\user32.dll
2014-10-08 04:43 . 2014-10-08 04:43 410624 ----a-w- d:\windows\SysWow64\systemcpl.dll
2014-10-08 04:43 . 2014-10-08 04:43 1536 ----a-w- d:\windows\SysWow64\sppcomapi.dll
2014-10-08 04:43 . 2014-10-08 04:43 113543 ----a-w- d:\windows\SysWow64\slmgr.vbs
2014-10-04 14:34 . 2014-10-04 14:34 283064 ----a-w- d:\windows\system32\drivers\dtsoftbus01.sys
2014-10-04 09:42 . 2014-10-04 09:42 11376 ----a-w- d:\windows\SysWow64\drivers\SECDRV.SYS
2014-10-04 06:42 . 2014-07-29 17:28 1291280 ----a-w- d:\windows\SysWow64\nvspbridge.dll
2014-10-04 06:42 . 2014-06-25 17:11 2197680 ----a-w- d:\windows\SysWow64\nvspcap.dll
2014-10-04 06:41 . 2014-07-29 17:28 1715224 ----a-w- d:\windows\system32\nvspbridge64.dll
2014-10-04 06:41 . 2014-06-25 17:11 2800296 ----a-w- d:\windows\system32\nvspcap64.dll
2014-09-19 09:23 . 2014-11-12 08:23 248832 ----a-w- d:\windows\SysWow64\schannel.dll
2014-09-18 04:45 . 2014-08-14 13:29 119296 ----a-w- d:\windows\SysWow64\zlib.dll
2014-09-17 04:51 . 2014-10-03 14:47 31520 ----a-w- d:\windows\system32\nvhdap64.dll
2014-09-17 04:51 . 2014-10-03 14:47 197408 ----a-w- d:\windows\system32\drivers\nvhda64v.sys
2014-09-17 04:51 . 2014-06-25 17:04 1538880 ----a-w- d:\windows\system32\nvhdagenco6420103.dll
2014-09-13 23:48 . 2014-10-03 14:47 957584 ----a-w- d:\windows\system32\NvIFR64.dll
2014-09-13 23:48 . 2014-10-03 14:47 925896 ----a-w- d:\windows\system32\NvFBC64.dll
2014-09-13 23:48 . 2014-10-03 14:47 919240 ----a-w- d:\windows\SysWow64\NvIFR.dll
2014-09-13 23:48 . 2014-10-03 14:47 894096 ----a-w- d:\windows\SysWow64\NvFBC.dll
2014-09-13 23:48 . 2014-10-03 14:47 867528 ----a-w- d:\windows\SysWow64\nvumdshim.dll
2014-09-13 23:48 . 2014-10-03 14:47 501064 ----a-w- d:\windows\system32\nvEncodeAPI64.dll
2014-09-13 23:48 . 2014-10-03 14:47 417096 ----a-w- d:\windows\SysWow64\nvEncodeAPI.dll
2014-09-13 23:48 . 2014-10-03 14:47 393024 ----a-w- d:\windows\system32\NvIFROpenGL.dll
2014-09-13 23:48 . 2014-10-03 14:47 352016 ----a-w- d:\windows\system32\nvoglshim64.dll
2014-09-13 23:48 . 2014-10-03 14:47 348304 ----a-w- d:\windows\SysWow64\NvIFROpenGL.dll
2014-09-13 23:48 . 2014-10-03 14:47 31887680 ----a-w- d:\windows\system32\nvoglv64.dll
2014-09-13 23:48 . 2014-10-03 14:47 303600 ----a-w- d:\windows\SysWow64\nvoglshim32.dll
2014-09-13 23:48 . 2014-10-03 14:47 24552592 ----a-w- d:\windows\SysWow64\nvoglv32.dll
2014-09-13 23:48 . 2014-10-03 14:47 174856 ----a-w- d:\windows\system32\nvinitx.dll
2014-09-13 23:48 . 2014-10-03 14:47 156840 ----a-w- d:\windows\SysWow64\nvinit.dll
2014-09-13 23:48 . 2014-10-03 14:47 14026304 ----a-w- d:\windows\system32\nvopencl.dll
2014-09-13 23:48 . 2014-10-03 14:47 13157696 ----a-w- d:\windows\system32\drivers\nvlddmkm.sys
2014-09-13 23:48 . 2014-10-03 14:47 11392576 ----a-w- d:\windows\SysWow64\nvopencl.dll
2014-09-13 23:48 . 2014-10-03 14:47 4287296 ----a-w- d:\windows\system32\nvcuvid.dll
2014-09-13 23:48 . 2014-10-03 14:47 4008592 ----a-w- d:\windows\SysWow64\nvcuvid.dll
2014-09-13 23:48 . 2014-10-03 14:47 20922512 ----a-w- d:\windows\system32\nvcompiler.dll
2014-09-13 23:48 . 2014-10-03 14:47 19954520 ----a-w- d:\windows\system32\nvd3dumx.dll
2014-09-13 23:48 . 2014-10-03 14:47 1876296 ----a-w- d:\windows\system32\nvdispco6434411.dll
2014-09-13 23:48 . 2014-10-03 14:47 17259664 ----a-w- d:\windows\SysWow64\nvcompiler.dll
2014-09-13 23:48 . 2014-10-03 14:47 1539272 ----a-w- d:\windows\system32\nvdispgenco6434411.dll
2014-09-13 23:48 . 2014-10-03 14:47 13939272 ----a-w- d:\windows\system32\nvcuda.dll
2014-09-13 23:48 . 2014-09-21 17:17 984424 ----a-w- d:\windows\system32\nvumdshimx.dll
2014-09-13 23:48 . 2014-09-21 17:17 2838424 ----a-w- d:\windows\SysWow64\nvapi.dll
2014-09-13 23:48 . 2014-09-21 17:17 11330776 ----a-w- d:\windows\SysWow64\nvcuda.dll
2014-09-13 23:48 . 2014-08-19 20:15 18106152 ----a-w- d:\windows\SysWow64\nvwgf2um.dll
2014-09-13 23:48 . 2014-06-25 17:10 73872 ----a-w- d:\windows\system32\OpenCL.dll
2014-09-13 23:48 . 2014-06-25 17:10 60560 ----a-w- d:\windows\SysWow64\OpenCL.dll
2014-09-13 23:48 . 2014-06-25 17:04 3223120 ----a-w- d:\windows\system32\nvapi64.dll
2014-09-13 23:48 . 2014-06-25 17:04 20589536 ----a-w- d:\windows\system32\nvwgf2umx.dll
2014-09-13 23:48 . 2014-06-25 17:04 16875856 ----a-w- d:\windows\SysWow64\nvd3dum.dll
2014-09-13 21:53 . 2014-06-25 17:10 6890696 ----a-w- d:\windows\system32\nvcpl.dll
2014-09-13 21:53 . 2014-06-25 17:10 3529872 ----a-w- d:\windows\system32\nvsvc64.dll
2014-09-13 21:53 . 2014-06-25 17:10 934216 ----a-w- d:\windows\system32\nvvsvc.exe
2014-09-13 21:53 . 2014-06-25 17:10 62608 ----a-w- d:\windows\system32\nvshext.dll
2014-09-13 21:53 . 2014-06-25 17:10 385168 ----a-w- d:\windows\system32\nvmctray.dll
2014-09-13 21:53 . 2014-06-25 17:10 2557640 ----a-w- d:\windows\system32\nvsvcr.dll
2014-09-13 20:13 . 2014-10-03 14:50 613696 ----a-w- d:\windows\SysWow64\nvStreaming.exe
2014-09-11 15:37 . 2014-06-25 17:10 3961833 ----a-w- d:\windows\system32\nvcoproc.bin
2014-09-04 19:14 . 2014-09-21 15:00 38048 ----a-w- d:\windows\system32\drivers\nvvad64v.sys
2014-09-04 19:14 . 2014-09-21 15:00 34976 ----a-w- d:\windows\system32\nvaudcap64v.dll
2014-09-04 19:14 . 2014-09-21 15:00 32416 ----a-w- d:\windows\SysWow64\nvaudcap32v.dll
2014-09-02 15:26 . 2014-09-02 15:26 110080 ----a-r- d:\users\Ardis\AppData\Roaming\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconF7A21AF7.exe
2014-09-02 15:26 . 2014-09-02 15:26 110080 ----a-r- d:\users\Ardis\AppData\Roaming\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconD7F16134.exe
2014-08-23 02:07 . 2014-08-28 06:56 404480 ----a-w- d:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 06:56 311808 ----a-w- d:\windows\SysWow64\gdi32.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-21 . E573BD9AB55C8E333C202B9E255F972E . 1008640 . . [6.1.7601.17514] .. d:\windows\system32\user32.dll
.
[-] 2014-10-08 . 2C9CC9F492CA596B1B9FC1AE5E916356 . 833024 . . [6.1.7601.17514] .. d:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. d:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EADM"="d:\origin\Origin.exe" [2014-11-05 3618648]
"Skype"="d:\program files (x86)\Skype\Phone\Skype.exe" [2014-10-01 22065760]
"DAEMON Tools Lite"="d:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="d:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-31 4085896]
"Adobe ARM"="d:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"amd_dc_opt"="d:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"seznam-listicka-distribuce"="d:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"LogMeIn Hamachi Ui"="d:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-11-03 3835728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;d:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;d:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;d:\windows\system32\drivers\dmvsc.sys;d:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 esgiguard;esgiguard;d:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;d:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 GalaxyService;GalaxyService;d:\program files (x86)\GalaxyClient\GalaxyService.exe;d:\program files (x86)\GalaxyClient\GalaxyService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;d:\windows\system32\IEEtwCollector.exe;d:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;d:\windows\system32\DRIVERS\MijXfilt.sys;d:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 Origin Client Service;Origin Client Service;d:\origin\OriginClientService.exe;d:\origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;d:\windows\system32\drivers\rdpvideominiport.sys;d:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Survarium Update Service;Survarium Update Service;d:\hry\Survarium\Survarium\game\binaries\x86\survarium_service.exe;d:\hry\Survarium\Survarium\game\binaries\x86\survarium_service.exe [x]
R3 TsUsbFlt;TsUsbFlt;d:\windows\system32\drivers\tsusbflt.sys;d:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;d:\windows\system32\drivers\TsUsbGD.sys;d:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;d:\windows\system32\Wat\WatAdminSvc.exe;d:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;d:\windows\system32\drivers\aswSnx.sys;d:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys;d:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;d:\windows\system32\DRIVERS\dtsoftbus01.sys;d:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 ndisrd;WinpkFilter LightWeight Filter;d:\windows\system32\DRIVERS\ndisrd.sys;d:\windows\SYSNATIVE\DRIVERS\ndisrd.sys [x]
S2 aswHwid;avast! HardwareID;d:\windows\system32\drivers\aswHwid.sys;d:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;d:\windows\system32\drivers\aswMonFlt.sys;d:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;d:\windows\system32\drivers\aswStm.sys;d:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;d:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;d:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;d:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 NvNetworkService;NVIDIA Network Service;d:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;d:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;d:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;d:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;d:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;d:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 NvStreamKms;NvStreamKms;d:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;d:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);d:\windows\system32\drivers\nvvad64v.sys;d:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;d:\windows\system32\DRIVERS\Rt64win7.sys;d:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-28 09:53 1089352 ----a-w- d:\program files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-01 11:22 634872 ----a-w- d:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="d:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-10-04 2463552]
"ShadowPlay"="d:\windows\system32\nvspcap64.dll" [2014-10-04 2800296]
.
------- Doplňkový sken -------
.
uLocal Page = d:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = d:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - d:\windows\system32\GPhotos.scr/200
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Mafia Game - d:\windows\system32\MafiaSetup.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - d:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - d:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - d:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - d:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
AddRemove-{A9B7C1D3-2022-6541-9B04-351C1398996F}_is1 - d:\fraps\Fraps-full version 3.3.2. - 100%\unins000.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - d:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - d:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3482088778-2252776441-1584117637-1000\Software\SecuROM\License information*]
"datasecu"=hex:20,b6,e3,5f,a0,94,2f,4b,04,58,29,6c,8b,4e,e1,71,3c,de,b0,e1,39,
26,4c,e1,4a,c7,fb,35,25,f5,c7,e2,d3,ef,fd,f9,bb,34,9d,be,e2,6b,1c,84,cd,72,\
"rkeysecu"=hex:2a,5f,09,9b,e0,11,b0,ad,df,bb,ff,1d,b7,fb,27,29
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@d:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="d:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\program files\AVAST Software\Avast\AvastSvc.exe
d:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
.
**************************************************************************
.
Celkový čas: 2014-11-15 16:30:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-11-15 15:30
ComboFix2.txt 2014-11-15 11:46
.
Před spuštěním: Volných bajtů: 97 413 107 712
Po spuštění: Volných bajtů: 96 945 807 360
.
- - End Of File - - 2EB4FD80A72946F929FC0ABF5D81377D
A36C5E4F47E84449FF07ED3517B43A31

aswMBR log:

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2014-11-15 16:34:36
-----------------------------
16:34:36.656 OS Version: Windows x64 6.1.7601 Service Pack 1
16:34:36.656 Number of processors: 4 586 0x3A09
16:34:36.656 ComputerName: ARDIS-PC UserName: Ardis
16:34:37.202 Initialize success
16:34:37.218 VM: initialized successfully
16:34:37.218 VM: Intel CPU BiosDisabled
16:34:40.681 AVAST engine defs: 14111500
16:34:45.143 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:34:45.143 Disk 0 Vendor: WDC_WD7500AZRX-00A8LB0 01.01A01 Size: 715404MB BusType: 3
16:34:45.205 Disk 0 MBR read successfully
16:34:45.221 Disk 0 MBR scan
16:34:45.221 Disk 0 Windows 7 default MBR code
16:34:45.221 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:34:45.221 Disk 0 default boot code
16:34:45.268 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 315303 MB offset 206848
16:34:45.283 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 399999 MB offset 645947392
16:34:45.283 Disk 0 scanning D:\Windows\system32\drivers
16:34:51.320 Service scanning
16:35:04.518 Modules scanning
16:35:04.518 Disk 0 trace - called modules:
16:35:04.549 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
16:35:04.549 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80046f5060]
16:35:04.549 3 CLASSPNP.SYS[fffff8800193343f] -> nt!IofCallDriver -> [0xfffffa800410e520]
16:35:04.565 5 ACPI.sys[fffff88000f287a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800410a680]
16:35:05.033 AVAST engine scan D:\Windows
16:35:06.453 AVAST engine scan D:\Windows\system32
16:37:04.295 AVAST engine scan D:\Windows\system32\drivers
16:37:13.374 AVAST engine scan D:\Users\Ardis
16:41:21.228 File: D:\Users\Ardis\Desktop\zoek.exe **INFECTED** Win32:Malware-gen
16:43:17.994 File: D:\Users\Ardis\Downloads\WinRAR.64.bit.cz-full.exe **INFECTED** MSIL:GenMalicious-V [Trj]
16:43:20.833 AVAST engine scan D:\ProgramData
16:44:06.479 Disk 0 statistics 4011316/0/0 @ 4,29 MB/s
16:44:06.494 Scan finished successfully
16:44:47.725 Disk 0 MBR has been saved successfully to "D:\Users\Ardis\Desktop\MBR.dat"
16:44:47.725 The log file has been saved successfully to "D:\Users\Ardis\Desktop\aswMBR.txt"

user32 link:
https://www.virustotal.com/cs/file/2673 ... /analysis/

Reklama

Příspěvekod **jaro3** » 16 lis 2014 10:25

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

KillAll::
Collect::
d:\windows\system32\drivers\lkujmbvq.sys

Folder::
d:\programdata\Spybot - Search & Destroy
d:\program files (x86)\Spybot - Search & Destroy 2
d:\users\Ardis\AppData\Roaming\LavasoftStatistics
d:\program files\Common Files\Lavasoft
d:\programdata\Lavasoft

DirLook::
d:\users\Ardis\AppData\Local\EmieBrowserModeList


RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@d:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="d:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
d:\users\Ardis\AppData\Roaming\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconF7A21AF7.exe
d:\users\Ardis\AppData\Roaming\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconD7F16134.exe
d:\windows\system32\user32.dll
D:\Users\Ardis\Desktop\zoek.exe
D:\Users\Ardis\Downloads\WinRAR.64.bit.cz-full.exe

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

Ardis · Příspěvekod **Ardis** » 16 lis 2014 17:19

Combofix log:

ComboFix 14-11-15.01 - Ardis 16.11.2014 16:44:07.3.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4060.2609 [GMT 1:00]
Spuštěný z: d:\users\Ardis\Downloads\ComboFix.exe
Použité ovládací přepínače :: d:\users\Ardis\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\program files (x86)\Spybot - Search & Destroy 2
d:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe.log
d:\program files (x86)\Spybot - Search & Destroy 2\spybotsd2-install-bdcore-update.exe
d:\program files (x86)\Spybot - Search & Destroy 2\spybotsd2-translation-hux2.exe
d:\program files (x86)\Spybot - Search & Destroy 2\spybotsd2-translation-nlx2.exe
d:\program files\Common Files\Lavasoft
d:\programdata\Lavasoft
d:\programdata\Lavasoft\Ad-Aware 11\Logs\20141106T185015.766925PID4968_AdAwareWebInstaller.log
d:\programdata\Lavasoft\Ad-Aware 11\Logs\20141106T190150.096089PID4360_AdAwareUpdater.log
d:\programdata\Lavasoft\Ad-Aware 11\Logs\20141106T201441.428554PID1756_AdAwareWebInstaller.log
d:\programdata\Lavasoft\Ad-Aware 11\Logs\20141106T202149.090015PID3812_AdAwareUpdater.log
d:\programdata\Lavasoft\Ad-Aware 11\Logs\20141108T140916.317286PID6092_AdAwareWebInstaller.log
d:\programdata\Lavasoft\Ad-Aware 11\Logs\20141108T170308.684238PID432_AdAwareWebInstaller.log
d:\programdata\Lavasoft\Ad-Aware 11\Options\Partner.xml
d:\programdata\Lavasoft\Ad-Aware 11\Options\UpdateServer.xml
d:\programdata\Spybot - Search & Destroy
d:\programdata\Spybot - Search & Destroy\Cleaning\141107-220742.xml
d:\programdata\Spybot - Search & Destroy\Cleaning\141107-224103.xml
d:\programdata\Spybot - Search & Destroy\Cleaning\141108-110414.xml
d:\programdata\Spybot - Search & Destroy\Cleaning\141108-151513.xml
d:\programdata\Spybot - Search & Destroy\Cleaning\141108-192046.xml
d:\programdata\Spybot - Search & Destroy\Cleaning\141109-144206.xml
d:\programdata\Spybot - Search & Destroy\Cleaning\141109-195922.xml
d:\programdata\Spybot - Search & Destroy\Cleaning\141110-204618.xml
d:\programdata\Spybot - Search & Destroy\Cleaning\141112-183734.xml
d:\programdata\Spybot - Search & Destroy\Cleaning\141113-145253.xml
d:\programdata\Spybot - Search & Destroy\ClientCount.bin
d:\programdata\Spybot - Search & Destroy\Logs\141107-224103.xml.cleaning.log
d:\programdata\Spybot - Search & Destroy\Logs\141108-110414.xml.cleaning.log
d:\programdata\Spybot - Search & Destroy\Logs\141108-151513.xml.cleaning.log
d:\programdata\Spybot - Search & Destroy\Logs\141109-144206.xml.cleaning.log
d:\programdata\Spybot - Search & Destroy\Logs\141109-195922.xml.cleaning.log
d:\programdata\Spybot - Search & Destroy\Logs\141110-204618.xml.cleaning.log
d:\programdata\Spybot - Search & Destroy\Logs\141112-183734.xml.cleaning.log
d:\programdata\Spybot - Search & Destroy\Logs\141113-145253.xml.cleaning.log
d:\programdata\Spybot - Search & Destroy\Logs\Firewall.log
d:\programdata\Spybot - Search & Destroy\Logs\Checks.141107-2204.txt
d:\programdata\Spybot - Search & Destroy\Logs\Checks.141107-2235.txt
d:\programdata\Spybot - Search & Destroy\Logs\Checks.141107-2241.txt
d:\programdata\Spybot - Search & Destroy\Logs\Checks.141108-1132.txt
d:\programdata\Spybot - Search & Destroy\Logs\Checks.141108-1543.txt
d:\programdata\Spybot - Search & Destroy\Logs\Checks.141108-1638.txt
d:\programdata\Spybot - Search & Destroy\Logs\Checks.141108-1845.txt
d:\programdata\Spybot - Search & Destroy\Logs\Checks.141108-1915.txt
d:\programdata\Spybot - Search & Destroy\Logs\Checks.141108-1944.txt
d:\programdata\Spybot - Search & Destroy\Logs\Checks.141109-1507.txt
d:\programdata\Spybot - Search & Destroy\Logs\Checks.141109-2021.txt
d:\programdata\Spybot - Search & Destroy\Logs\Checks.141110-2110.txt
d:\programdata\Spybot - Search & Destroy\Logs\Checks.141112-1902.txt
d:\programdata\Spybot - Search & Destroy\Logs\Checks.141113-1516.txt
d:\programdata\Spybot - Search & Destroy\Logs\Quarantine.log
d:\programdata\Spybot - Search & Destroy\Logs\Scanner.log
d:\programdata\Spybot - Search & Destroy\Logs\Updates.log
d:\users\Ardis\AppData\Roaming\LavasoftStatistics
d:\users\Ardis\AppData\Roaming\LavasoftStatistics\adaware.xml
d:\users\Ardis\AppData\Roaming\LavasoftStatistics\adaware\D7D91EC4-5BE8-482F-8A6E-8F37A388EF99.xml
d:\windows\capsys184523.log
d:\windows\system32\drivers\lkujmbvq.sys
.
Nakažená kopie d:\windows\SysWow64\ntdll.dll byla nalezena a vyléčena.
Obnovena kopie z - d:\combofix\HarddiskVolumeShadowCopy9_!Windows!SysWOW64!ntdll.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-10-16 do 2014-11-16 )))))))))))))))))))))))))))))))
.
.
2014-11-16 15:53 . 2014-11-16 15:53 -------- d-----w- d:\users\Default\AppData\Local\temp
2014-11-15 14:56 . 2014-11-15 14:56 -------- d-sh--w- d:\users\Ardis\AppData\Local\EmieBrowserModeList
2014-11-15 09:49 . 2014-11-15 09:49 -------- d-----w- d:\program files\Speccy
2014-11-14 19:41 . 2014-11-14 19:33 24064 ----a-w- d:\windows\zoek-delete.exe
2014-11-14 19:41 . 2014-11-16 15:53 -------- d-----w- d:\users\Ardis\AppData\Local\Temp
2014-11-14 18:50 . 2014-11-14 19:40 -------- d-----w- D:\zoek_backup
2014-11-14 17:31 . 2014-11-14 17:31 -------- d-----w- d:\windows\ERUNT
2014-11-14 17:17 . 2014-11-14 18:41 37624 ----a-w- d:\windows\system32\drivers\TrueSight.sys
2014-11-14 17:17 . 2014-11-14 17:17 -------- d-----w- d:\programdata\RogueKiller
2014-11-14 15:10 . 2014-11-14 17:14 129752 ----a-w- d:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-14 15:10 . 2014-11-14 15:10 -------- d-----w- d:\program files (x86)\Malwarebytes Anti-Malware
2014-11-14 15:10 . 2014-11-14 15:10 -------- d-----w- d:\programdata\Malwarebytes
2014-11-14 15:10 . 2014-10-01 10:11 63704 ----a-w- d:\windows\system32\drivers\mwac.sys
2014-11-14 15:10 . 2014-10-01 10:11 93400 ----a-w- d:\windows\system32\drivers\mbamchameleon.sys
2014-11-14 15:10 . 2014-10-01 10:11 25816 ----a-w- d:\windows\system32\drivers\mbam.sys
2014-11-12 08:34 . 2014-08-21 06:43 1882624 ----a-w- d:\windows\system32\msxml3.dll
2014-11-12 08:34 . 2014-08-21 06:40 2048 ----a-w- d:\windows\system32\msxml3r.dll
2014-11-12 08:34 . 2014-08-21 06:26 1237504 ----a-w- d:\windows\SysWow64\msxml3.dll
2014-11-12 08:34 . 2014-08-21 06:23 2048 ----a-w- d:\windows\SysWow64\msxml3r.dll
2014-11-12 08:30 . 2014-10-14 02:16 155064 ----a-w- d:\windows\system32\drivers\ksecpkg.sys
2014-11-12 08:30 . 2014-10-14 02:13 683520 ----a-w- d:\windows\system32\termsrv.dll
2014-11-12 08:29 . 2014-10-14 02:12 1460736 ----a-w- d:\windows\system32\lsasrv.dll
2014-11-12 08:29 . 2014-10-14 02:09 146432 ----a-w- d:\windows\system32\msaudite.dll
2014-11-12 08:29 . 2014-10-14 02:07 681984 ----a-w- d:\windows\system32\adtschema.dll
2014-11-12 08:29 . 2014-10-14 01:50 22016 ----a-w- d:\windows\SysWow64\secur32.dll
2014-11-12 08:29 . 2014-10-14 01:49 96768 ----a-w- d:\windows\SysWow64\sspicli.dll
2014-11-12 08:29 . 2014-10-14 01:47 146432 ----a-w- d:\windows\SysWow64\msaudite.dll
2014-11-12 08:29 . 2014-10-14 01:46 681984 ----a-w- d:\windows\SysWow64\adtschema.dll
2014-11-12 08:24 . 2014-08-12 02:02 878080 ----a-w- d:\windows\system32\IMJP10K.DLL
2014-11-12 08:24 . 2014-08-12 01:36 701440 ----a-w- d:\windows\SysWow64\IMJP10K.DLL
2014-11-12 08:24 . 2014-10-03 02:12 500224 ----a-w- d:\windows\system32\AUDIOKSE.dll
2014-11-12 08:24 . 2014-10-03 02:11 680960 ----a-w- d:\windows\system32\audiosrv.dll
2014-11-12 08:24 . 2014-10-03 01:44 442880 ----a-w- d:\windows\SysWow64\AUDIOKSE.dll
2014-11-12 08:24 . 2014-10-03 02:11 284672 ----a-w- d:\windows\system32\EncDump.dll
2014-11-12 08:24 . 2014-10-03 02:11 440832 ----a-w- d:\windows\system32\AudioEng.dll
2014-11-12 08:24 . 2014-10-03 02:11 296448 ----a-w- d:\windows\system32\AudioSes.dll
2014-11-12 08:24 . 2014-10-03 01:44 374784 ----a-w- d:\windows\SysWow64\AudioEng.dll
2014-11-12 08:24 . 2014-10-03 01:44 195584 ----a-w- d:\windows\SysWow64\AudioSes.dll
2014-11-12 08:22 . 2014-10-25 01:57 77824 ----a-w- d:\windows\system32\packager.dll
2014-11-12 08:22 . 2014-10-25 01:32 67584 ----a-w- d:\windows\SysWow64\packager.dll
2014-11-12 08:22 . 2014-10-10 00:57 3198976 ----a-w- d:\windows\system32\win32k.sys
2014-11-12 08:22 . 2014-10-18 02:05 861696 ----a-w- d:\windows\system32\oleaut32.dll
2014-11-12 08:22 . 2014-10-18 01:33 571904 ----a-w- d:\windows\SysWow64\oleaut32.dll
2014-11-07 06:44 . 2014-11-07 06:44 -------- d-----w- d:\program files (x86)\Microsoft ASP.NET
2014-11-07 06:00 . 2014-06-18 22:23 1943696 ----a-w- d:\windows\system32\dfshim.dll
2014-11-07 06:00 . 2014-06-18 22:23 156312 ----a-w- d:\windows\system32\mscorier.dll
2014-11-07 06:00 . 2014-06-18 22:23 156824 ----a-w- d:\windows\SysWow64\mscorier.dll
2014-11-07 06:00 . 2014-06-18 22:23 1131664 ----a-w- d:\windows\SysWow64\dfshim.dll
2014-11-07 06:00 . 2014-06-18 22:23 73880 ----a-w- d:\windows\system32\mscories.dll
2014-11-07 06:00 . 2014-06-18 22:23 81560 ----a-w- d:\windows\SysWow64\mscories.dll
2014-11-07 05:55 . 2014-08-30 02:10 6583296 ----a-w- d:\windows\system32\mstscax.dll
2014-11-07 05:55 . 2014-08-30 01:50 5702656 ----a-w- d:\windows\SysWow64\mstscax.dll
2014-11-07 05:55 . 2014-08-29 02:07 3179520 ----a-w- d:\windows\system32\rdpcorets.dll
2014-11-07 05:55 . 2014-09-04 05:23 424448 ----a-w- d:\windows\system32\rastls.dll
2014-11-07 05:55 . 2014-09-04 05:04 372736 ----a-w- d:\windows\SysWow64\rastls.dll
2014-11-07 05:55 . 2014-07-17 02:07 235520 ----a-w- d:\windows\system32\winsta.dll
2014-11-07 05:55 . 2014-07-17 02:07 150528 ----a-w- d:\windows\system32\rdpcorekmts.dll
2014-11-07 05:55 . 2014-07-17 02:07 455168 ----a-w- d:\windows\system32\winlogon.exe
2014-11-07 05:55 . 2014-07-17 01:40 157696 ----a-w- d:\windows\SysWow64\winsta.dll
2014-11-07 05:55 . 2014-07-17 01:21 212480 ----a-w- d:\windows\system32\drivers\rdpwd.sys
2014-11-07 05:55 . 2014-07-17 01:21 39936 ----a-w- d:\windows\system32\drivers\tssecsrv.sys
2014-11-04 20:33 . 2014-11-04 20:33 -------- d-----w- d:\program files (x86)\LogMeIn Hamachi
2014-11-03 19:59 . 2014-11-03 19:59 -------- d-----w- D:\Hudba
2014-10-25 11:36 . 2014-10-25 11:36 -------- d-----w- d:\users\Ardis\AppData\Roaming\HeroesAndGeneralsDesktop
2014-10-25 11:29 . 2014-10-25 11:29 -------- d-----w- d:\users\Ardis\AppData\Local\PAYDAY
2014-10-24 19:37 . 2014-10-24 19:38 -------- d-----w- d:\users\Ardis\AppData\Roaming\DarkSoulsII
2014-10-24 19:35 . 2014-10-24 19:35 -------- d-----w- d:\users\Ardis\AppData\Roaming\Dark Souls 2
2014-10-24 19:05 . 2014-10-24 19:05 -------- d-----w- d:\program files (x86)\R.G. Mechanics
2014-10-24 13:10 . 2012-08-15 16:21 827728 ----a-w- d:\windows\system32\msvcr100.dll
2014-10-24 13:10 . 2011-03-28 09:37 796672 ----a-w- d:\windows\system32\msvcr80.dll
2014-10-24 13:08 . 2013-10-23 07:14 970912 ----a-w- d:\windows\system32\msvcr120.dll
2014-10-23 13:59 . 2014-10-28 18:15 -------- d-----w- d:\users\Ardis\AppData\Local\gtk-2.0
2014-10-23 13:59 . 2014-10-23 13:59 -------- d-----w- d:\users\Ardis\.thumbnails
2014-10-23 13:56 . 2014-10-23 13:56 -------- d-----w- d:\users\Ardis\AppData\Local\fontconfig
2014-10-23 13:56 . 2014-10-28 18:15 -------- d-----w- d:\users\Ardis\.gimp-2.8
2014-10-23 13:56 . 2014-10-23 13:56 -------- d-----w- d:\users\Ardis\AppData\Local\gegl-0.2
2014-10-23 13:54 . 2014-10-23 13:55 -------- d-----w- d:\program files\GIMP 2
2014-10-21 17:38 . 2014-10-21 17:38 -------- d-----w- d:\users\Ardis\AppData\Local\Rebellion
2014-10-21 17:37 . 2014-10-21 17:37 -------- d-----w- d:\program files (x86)\AvP Classic
2014-10-18 13:39 . 2014-10-18 13:39 -------- d--h--w- d:\program files (x86)\Common Files\EAInstaller
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-13 18:58 . 2014-06-25 18:40 71344 ----a-w- d:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-13 18:58 . 2014-06-25 18:40 701104 ----a-w- d:\windows\SysWow64\FlashPlayerApp.exe
2014-11-12 10:55 . 2014-07-02 17:25 103374192 ----a-w- d:\windows\system32\MRT.exe
2014-10-08 04:43 . 2014-10-08 04:43 2048 ----a-w- d:\windows\SysWow64\winver.exe
2014-10-08 04:43 . 2014-10-08 04:43 833024 ----a-w- d:\windows\SysWow64\user32.dll
2014-10-08 04:43 . 2014-10-08 04:43 410624 ----a-w- d:\windows\SysWow64\systemcpl.dll
2014-10-08 04:43 . 2014-10-08 04:43 1536 ----a-w- d:\windows\SysWow64\sppcomapi.dll
2014-10-08 04:43 . 2014-10-08 04:43 113543 ----a-w- d:\windows\SysWow64\slmgr.vbs
2014-10-04 14:34 . 2014-10-04 14:34 283064 ----a-w- d:\windows\system32\drivers\dtsoftbus01.sys
2014-10-04 09:42 . 2014-10-04 09:42 11376 ----a-w- d:\windows\SysWow64\drivers\SECDRV.SYS
2014-10-04 06:42 . 2014-07-29 17:28 1291280 ----a-w- d:\windows\SysWow64\nvspbridge.dll
2014-10-04 06:42 . 2014-06-25 17:11 2197680 ----a-w- d:\windows\SysWow64\nvspcap.dll
2014-10-04 06:41 . 2014-07-29 17:28 1715224 ----a-w- d:\windows\system32\nvspbridge64.dll
2014-10-04 06:41 . 2014-06-25 17:11 2800296 ----a-w- d:\windows\system32\nvspcap64.dll
2014-09-19 09:23 . 2014-11-12 08:23 248832 ----a-w- d:\windows\SysWow64\schannel.dll
2014-09-18 04:45 . 2014-08-14 13:29 119296 ----a-w- d:\windows\SysWow64\zlib.dll
2014-09-17 04:51 . 2014-10-03 14:47 31520 ----a-w- d:\windows\system32\nvhdap64.dll
2014-09-17 04:51 . 2014-10-03 14:47 197408 ----a-w- d:\windows\system32\drivers\nvhda64v.sys
2014-09-17 04:51 . 2014-06-25 17:04 1538880 ----a-w- d:\windows\system32\nvhdagenco6420103.dll
2014-09-13 23:48 . 2014-10-03 14:47 957584 ----a-w- d:\windows\system32\NvIFR64.dll
2014-09-13 23:48 . 2014-10-03 14:47 925896 ----a-w- d:\windows\system32\NvFBC64.dll
2014-09-13 23:48 . 2014-10-03 14:47 919240 ----a-w- d:\windows\SysWow64\NvIFR.dll
2014-09-13 23:48 . 2014-10-03 14:47 894096 ----a-w- d:\windows\SysWow64\NvFBC.dll
2014-09-13 23:48 . 2014-10-03 14:47 867528 ----a-w- d:\windows\SysWow64\nvumdshim.dll
2014-09-13 23:48 . 2014-10-03 14:47 501064 ----a-w- d:\windows\system32\nvEncodeAPI64.dll
2014-09-13 23:48 . 2014-10-03 14:47 417096 ----a-w- d:\windows\SysWow64\nvEncodeAPI.dll
2014-09-13 23:48 . 2014-10-03 14:47 393024 ----a-w- d:\windows\system32\NvIFROpenGL.dll
2014-09-13 23:48 . 2014-10-03 14:47 352016 ----a-w- d:\windows\system32\nvoglshim64.dll
2014-09-13 23:48 . 2014-10-03 14:47 348304 ----a-w- d:\windows\SysWow64\NvIFROpenGL.dll
2014-09-13 23:48 . 2014-10-03 14:47 31887680 ----a-w- d:\windows\system32\nvoglv64.dll
2014-09-13 23:48 . 2014-10-03 14:47 303600 ----a-w- d:\windows\SysWow64\nvoglshim32.dll
2014-09-13 23:48 . 2014-10-03 14:47 24552592 ----a-w- d:\windows\SysWow64\nvoglv32.dll
2014-09-13 23:48 . 2014-10-03 14:47 174856 ----a-w- d:\windows\system32\nvinitx.dll
2014-09-13 23:48 . 2014-10-03 14:47 156840 ----a-w- d:\windows\SysWow64\nvinit.dll
2014-09-13 23:48 . 2014-10-03 14:47 14026304 ----a-w- d:\windows\system32\nvopencl.dll
2014-09-13 23:48 . 2014-10-03 14:47 13157696 ----a-w- d:\windows\system32\drivers\nvlddmkm.sys
2014-09-13 23:48 . 2014-10-03 14:47 11392576 ----a-w- d:\windows\SysWow64\nvopencl.dll
2014-09-13 23:48 . 2014-10-03 14:47 4287296 ----a-w- d:\windows\system32\nvcuvid.dll
2014-09-13 23:48 . 2014-10-03 14:47 4008592 ----a-w- d:\windows\SysWow64\nvcuvid.dll
2014-09-13 23:48 . 2014-10-03 14:47 20922512 ----a-w- d:\windows\system32\nvcompiler.dll
2014-09-13 23:48 . 2014-10-03 14:47 19954520 ----a-w- d:\windows\system32\nvd3dumx.dll
2014-09-13 23:48 . 2014-10-03 14:47 1876296 ----a-w- d:\windows\system32\nvdispco6434411.dll
2014-09-13 23:48 . 2014-10-03 14:47 17259664 ----a-w- d:\windows\SysWow64\nvcompiler.dll
2014-09-13 23:48 . 2014-10-03 14:47 1539272 ----a-w- d:\windows\system32\nvdispgenco6434411.dll
2014-09-13 23:48 . 2014-10-03 14:47 13939272 ----a-w- d:\windows\system32\nvcuda.dll
2014-09-13 23:48 . 2014-09-21 17:17 984424 ----a-w- d:\windows\system32\nvumdshimx.dll
2014-09-13 23:48 . 2014-09-21 17:17 2838424 ----a-w- d:\windows\SysWow64\nvapi.dll
2014-09-13 23:48 . 2014-09-21 17:17 11330776 ----a-w- d:\windows\SysWow64\nvcuda.dll
2014-09-13 23:48 . 2014-08-19 20:15 18106152 ----a-w- d:\windows\SysWow64\nvwgf2um.dll
2014-09-13 23:48 . 2014-06-25 17:10 73872 ----a-w- d:\windows\system32\OpenCL.dll
2014-09-13 23:48 . 2014-06-25 17:10 60560 ----a-w- d:\windows\SysWow64\OpenCL.dll
2014-09-13 23:48 . 2014-06-25 17:04 3223120 ----a-w- d:\windows\system32\nvapi64.dll
2014-09-13 23:48 . 2014-06-25 17:04 20589536 ----a-w- d:\windows\system32\nvwgf2umx.dll
2014-09-13 23:48 . 2014-06-25 17:04 16875856 ----a-w- d:\windows\SysWow64\nvd3dum.dll
2014-09-13 21:53 . 2014-06-25 17:10 6890696 ----a-w- d:\windows\system32\nvcpl.dll
2014-09-13 21:53 . 2014-06-25 17:10 3529872 ----a-w- d:\windows\system32\nvsvc64.dll
2014-09-13 21:53 . 2014-06-25 17:10 934216 ----a-w- d:\windows\system32\nvvsvc.exe
2014-09-13 21:53 . 2014-06-25 17:10 62608 ----a-w- d:\windows\system32\nvshext.dll
2014-09-13 21:53 . 2014-06-25 17:10 385168 ----a-w- d:\windows\system32\nvmctray.dll
2014-09-13 21:53 . 2014-06-25 17:10 2557640 ----a-w- d:\windows\system32\nvsvcr.dll
2014-09-13 20:13 . 2014-10-03 14:50 613696 ----a-w- d:\windows\SysWow64\nvStreaming.exe
2014-09-11 15:37 . 2014-06-25 17:10 3961833 ----a-w- d:\windows\system32\nvcoproc.bin
2014-09-04 19:14 . 2014-09-21 15:00 38048 ----a-w- d:\windows\system32\drivers\nvvad64v.sys
2014-09-04 19:14 . 2014-09-21 15:00 34976 ----a-w- d:\windows\system32\nvaudcap64v.dll
2014-09-04 19:14 . 2014-09-21 15:00 32416 ----a-w- d:\windows\SysWow64\nvaudcap32v.dll
2014-09-02 15:26 . 2014-09-02 15:26 110080 ----a-r- d:\users\Ardis\AppData\Roaming\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconF7A21AF7.exe
2014-09-02 15:26 . 2014-09-02 15:26 110080 ----a-r- d:\users\Ardis\AppData\Roaming\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconD7F16134.exe
2014-08-23 02:07 . 2014-08-28 06:56 404480 ----a-w- d:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 06:56 311808 ----a-w- d:\windows\SysWow64\gdi32.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of d:\users\Ardis\AppData\Local\EmieBrowserModeList ----
.
2014-11-15 14:56 . 2014-11-15 14:56 0 --sha-w- d:\users\Ardis\AppData\Local\EmieBrowserModeList\container.dat
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-21 . E573BD9AB55C8E333C202B9E255F972E . 1008640 . . [6.1.7601.17514] .. d:\windows\system32\user32.dll
.
[-] 2014-10-08 . 2C9CC9F492CA596B1B9FC1AE5E916356 . 833024 . . [6.1.7601.17514] .. d:\windows\SysWOW64\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EADM"="d:\origin\Origin.exe" [2014-11-05 3618648]
"Skype"="d:\program files (x86)\Skype\Phone\Skype.exe" [2014-10-01 22065760]
"DAEMON Tools Lite"="d:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="d:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-31 4085896]
"Adobe ARM"="d:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"amd_dc_opt"="d:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"seznam-listicka-distribuce"="d:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"LogMeIn Hamachi Ui"="d:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-11-03 3835728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;d:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;d:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;d:\windows\system32\drivers\dmvsc.sys;d:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 esgiguard;esgiguard;d:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;d:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 GalaxyService;GalaxyService;d:\program files (x86)\GalaxyClient\GalaxyService.exe;d:\program files (x86)\GalaxyClient\GalaxyService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;d:\windows\system32\IEEtwCollector.exe;d:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Origin Client Service;Origin Client Service;d:\origin\OriginClientService.exe;d:\origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;d:\windows\system32\drivers\rdpvideominiport.sys;d:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Survarium Update Service;Survarium Update Service;d:\hry\Survarium\Survarium\game\binaries\x86\survarium_service.exe;d:\hry\Survarium\Survarium\game\binaries\x86\survarium_service.exe [x]
R3 TsUsbFlt;TsUsbFlt;d:\windows\system32\drivers\tsusbflt.sys;d:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;d:\windows\system32\drivers\TsUsbGD.sys;d:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;d:\windows\system32\Wat\WatAdminSvc.exe;d:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;d:\windows\system32\drivers\aswSnx.sys;d:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys;d:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;d:\windows\system32\DRIVERS\dtsoftbus01.sys;d:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 ndisrd;WinpkFilter LightWeight Filter;d:\windows\system32\DRIVERS\ndisrd.sys;d:\windows\SYSNATIVE\DRIVERS\ndisrd.sys [x]
S2 aswHwid;avast! HardwareID;d:\windows\system32\drivers\aswHwid.sys;d:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;d:\windows\system32\drivers\aswMonFlt.sys;d:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;d:\windows\system32\drivers\aswStm.sys;d:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;d:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;d:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;d:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 NvNetworkService;NVIDIA Network Service;d:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;d:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;d:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;d:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;d:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;d:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;d:\windows\system32\DRIVERS\MijXfilt.sys;d:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
S3 NvStreamKms;NvStreamKms;d:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;d:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);d:\windows\system32\drivers\nvvad64v.sys;d:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;d:\windows\system32\DRIVERS\Rt64win7.sys;d:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-28 09:53 1089352 ----a-w- d:\program files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-01 11:22 634872 ----a-w- d:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="d:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-10-04 2463552]
"ShadowPlay"="d:\windows\system32\nvspcap64.dll" [2014-10-04 2800296]
.
------- Doplňkový sken -------
.
uLocal Page = d:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = d:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - d:\windows\system32\GPhotos.scr/200
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Mafia Game - d:\windows\system32\MafiaSetup.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - d:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - d:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - d:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - d:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
AddRemove-{A9B7C1D3-2022-6541-9B04-351C1398996F}_is1 - d:\fraps\Fraps-full version 3.3.2. - 100%\unins000.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - d:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - d:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3482088778-2252776441-1584117637-1000\Software\SecuROM\License information*]
"datasecu"=hex:20,b6,e3,5f,a0,94,2f,4b,04,58,29,6c,8b,4e,e1,71,3c,de,b0,e1,39,
26,4c,e1,4a,c7,fb,35,25,f5,c7,e2,d3,ef,fd,f9,bb,34,9d,be,e2,6b,1c,84,cd,72,\
"rkeysecu"=hex:2a,5f,09,9b,e0,11,b0,ad,df,bb,ff,1d,b7,fb,27,29
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@d:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="d:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\program files\AVAST Software\Avast\AvastSvc.exe
d:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
.
**************************************************************************
.
Celkový čas: 2014-11-16 17:00:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-11-16 16:00
ComboFix2.txt 2014-11-15 15:30
ComboFix3.txt 2014-11-15 11:46
.
Před spuštěním: Volných bajtů: 96 412 774 400
Po spuštění: Volných bajtů: 96 808 042 496
.
- - End Of File - - A3557017DC07DD4921225AB031A7912E
A36C5E4F47E84449FF07ED3517B43A31

HJT log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:03:07, on 16.11.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17420)
Boot mode: Normal

Running processes:
D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
D:\Users\Ardis\Downloads\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = D:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - d:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AvastUI.exe] "D:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [amd_dc_opt] D:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "D:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [EADM] "D:\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [Skype] "D:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://D:\Windows\system32\GPhotos.scr/200
O10 - Unknown file in Winsock LSP: d:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: d:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s ... wflash.cab
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - D:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - D:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - D:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - D:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GalaxyService - GOG.com - D:\Program Files (x86)\GalaxyClient\GalaxyService.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - D:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - D:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - D:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - D:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - D:\Origin\OriginClientService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - D:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - D:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - D:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - D:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - D:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - D:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Survarium Update Service - Unknown owner - D:\Hry\Survarium\Survarium\game\binaries\x86\survarium_service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - D:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - D:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - D:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - D:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - D:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - D:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - D:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7462 bytes

Virustotal:

https://www.virustotal.com/cs/file/8b23 ... 416154110/
https://www.virustotal.com/cs/file/8b23 ... 416154110/
https://www.virustotal.com/cs/file/2673 ... 416154463/
https://www.virustotal.com/cs/file/4009 ... 416154595/
https://www.virustotal.com/cs/file/6276 ... 416154724/

Příspěvekod **jaro3** » 17 lis 2014 11:02

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = D:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "D:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s ... wflash.cab

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Stáhni si program OTM (by OldTimer)
a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:

Kód: Vybrat vše

:Processes
explorer.exe

:Services

:Reg

:Files
C:\WINDOWS\System32\*.tmp 
C:\WINDOWS\*.tmp 
C:\WINDOWS\system32\*.tmp.dll 
d:\WINDOWS\System32\dllcache\*.tmp
d:\WINDOWS\system32\SET*.tmp
d:\WINDOWS\system32\DUMP*.tmp
d:\windows\Tasks\*.job /s
d:\*.tmp
d:\WINDOWS\System32\drivers\*.tmp
d:\Program Files\*.tmp
d:\Documents and Settings\All Users\Data aplikací\*.tmp
d:\Windows\SysNative\drivers\*.tmp
d:\Windows\SysWow64\drivers\*.tmp
d:\Program Files (x86)\*.tmp
d:\Windows\SysWow64\*.tmp
d:\Windows\SysNative\*.tmp
d:\Program Files (x86)\*.tmp
d:\windows\system32\drivers\ksecpkg.sys
D:\Users\Ardis\Desktop\zoek.exe
D:\Users\Ardis\Downloads\WinRAR.64.bit.cz-full.exe

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.
C:\_OTMoveIt\MovedFiles\********_******.log

Ardis · Příspěvekod **Ardis** » 17 lis 2014 11:41

OTM log:

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File/Folder C:\WINDOWS\System32\*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder d:\WINDOWS\System32\dllcache\*.tmp not found.
File/Folder d:\WINDOWS\system32\SET*.tmp not found.
File/Folder d:\WINDOWS\system32\DUMP*.tmp not found.
File/Folder d:\windows\Tasks\*.job not found.
File/Folder d:\*.tmp not found.
File/Folder d:\WINDOWS\System32\drivers\*.tmp not found.
File/Folder d:\Program Files\*.tmp not found.
File/Folder d:\Documents and Settings\All Users\Data aplikací\*.tmp not found.
File/Folder d:\Windows\SysNative\drivers\*.tmp not found.
File/Folder d:\Windows\SysWow64\drivers\*.tmp not found.
File/Folder d:\Program Files (x86)\*.tmp not found.
File/Folder d:\Windows\SysWow64\*.tmp not found.
File/Folder d:\Windows\SysNative\*.tmp not found.
File/Folder d:\Program Files (x86)\*.tmp not found.
File/Folder d:\windows\system32\drivers\ksecpkg.sys not found.
D:\Users\Ardis\Desktop\zoek.exe moved successfully.
File/Folder D:\Users\Ardis\Downloads\WinRAR.64.bit.cz-full.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Ardis
->Temp folder emptied: 1410678 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Google Chrome cache emptied: 7094369 bytes
->Flash cache emptied: 740 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1778 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 382072481 bytes

Total Files Cleaned = 372.00 mb

OTM by OldTimer - Version 3.1.21.0 log created on 11172014_113650

Files moved on Reboot...
File move failed. D:\Users\Ardis\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\ff25a4f67ecc2f28d6a304bc5c26dbf_fce8395f8fd8a848_6229ccd76215aea1_0_0.bin scheduled to be moved on reboot.
File move failed. D:\Users\Ardis\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\ff25a4f67ecc2f28d6a304bc5c26dbf_fce8395f8fd8a848_6229ccd76215aea1_0_0.toc scheduled to be moved on reboot.
D:\Users\Ardis\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
D:\Users\Ardis\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. D:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Příspěvekod **Orcus** » 18 lis 2014 07:57

Co problémy?

Ardis · Příspěvekod **Ardis** » 18 lis 2014 14:30

Tak download už je normální, upload už docela taky, když takhle půjde ještě pár dní, tak dám vlákno jako vyřešené....

Příspěvekod **jaro3** » 18 lis 2014 20:00

Podívej se , zda tam ještě máš tyto soubory.

d:\windows\system32\drivers\ksecpkg.sys
D:\Users\Ardis\Downloads\WinRAR.64.bit.cz-full.exe

Ardis · Příspěvekod **Ardis** » 18 lis 2014 22:16

Ještě mám, mám to normálně smazat nebo zase pomocí nějakého programu?

Příspěvekod **jaro3** » 19 lis 2014 10:29

Smaž to oboje.

Spusť OTM a klikni na Clean Up!

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

Ardis · Příspěvekod **Ardis** » 19 lis 2014 16:10

Tak už to zase jede špatně, WinRAR už jsem smazal, ale ksecpkg.sys musím zase přes TrustedInstaller

Příspěvekod **jaro3** » 19 lis 2014 18:41

moc nerozumím.

Stáhni si OTL by OldTimer
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť “LOP“ a Kontrola na havěť “ Purity“ . Klikni na Prohledat. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.

Od středy zpomalenej net - důvod? Vyřešeno

Re: Od středy zpomalenej net - důvod?

Re: Od středy zpomalenej net - důvod?

Re: Od středy zpomalenej net - důvod?

Re: Od středy zpomalenej net - důvod?

Re: Od středy zpomalenej net - důvod?

Re: Od středy zpomalenej net - důvod?

Re: Od středy zpomalenej net - důvod?

Re: Od středy zpomalenej net - důvod?

Re: Od středy zpomalenej net - důvod?

Re: Od středy zpomalenej net - důvod?

Re: Od středy zpomalenej net - důvod?

Re: Od středy zpomalenej net - důvod?

Kdo je online