Prosím o kontrolu logu

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: memphisto, Mods_senior, Security team

Uživatelský avatar
PECHY15
Level 3
Level 3
Příspěvky: 406
Registrován: červenec 07
Bydliště: Milín
Pohlaví: Muž

Prosím o kontrolu logu

Příspěvekod PECHY15 » 30 pro 2018 20:23

Počítač se občas chová zpomaleně, týká se to hlavně internetového připojení...
Díky za kontrolu

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:20:22, on 30.12.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.19203)
Boot mode: Normal

Running processes:
G:\Plex Media Server\Plex Media Server.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
G:\Plex Media Server\Plex Tuner Service.exe
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
G:\PokerStars\PokerStars.exe
G:\PokerStars\br\PokerStarsBr.exe
G:\PokerStars\br\PokerStarsBr.exe
G:\PokerStars\br\PokerStarsBr.exe
C:\Users\PECHY\Desktop\hijackthis.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Plex Media Server] "G:\Plex Media Server\Plex Media Server.exe"
O4 - HKUS\S-1-5-18\..\Run: [Plex Media Server] "G:\Plex Media Server\Plex Media Server.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Plex Media Server] "G:\Plex Media Server\Plex Media Server.exe" (User 'Default user')
O4 - Startup: GIGABYTE XTREME GAMING ENGINE.lnk = C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\autorun.exe
O4 - Global Startup: BackupRemind.lnk = G:\dr.fone toolkit for Android\Addins\AndroidBackupRestore\BackupRemind.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Služba %1!s! Update (avast) (avast) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba %1!s! Update (avastm) (avastm) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: EasyAntiCheat - Unknown owner - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\elevation_service.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Killer Service V2 - Rivet Networks - C:\Program Files\Killer Networking\Network Manager\KillerService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: Plex Update Service (PlexUpdateService) - Plex, Inc. - G:\Plex Media Server\Plex Update Service.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wondershare Application Framework Service (WsAppService) - Wondershare - C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe

--
End of file - 9980 bytes



Reklama
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 39704
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 30 pro 2018 22:52

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
http://www.geekstogo.com/forum/files/fi ... -oldtimer/
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode
http://www.bleepingcomputer.com/download/adwcleaner/
http://www.adlice.com/downloadprogress/

Ulož si ho na svojí plochu . Klikni na „Souhlasím“ k povrzení podmínek.
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Skenování“
Po skenu se objeví log , který se otevře. ( jinak je uložen systémovem disku jako C:\AdwCleaner [C?].txt ), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware na plochu , nainstaluj a spusť ho
-Pokud není program aktuální , klikni na možnost „Aktualizovat nyní“ či „Opravit nyní“.
- bude nalezena aktualizace a nainstaluje se.
- poté klikni na Spustit skenování
- po proběhnutí skenu se ti objeví hláška vpravo dole, tak klikni na Zobrazit zprávu a vyber Export a vyber Kopírovat do schránky a vlož sem celý log. Nebo klikni na „Textový soubor ( .txt)“ a log si ulož.
-jinak se log nachází v programu po kliknutí na „Zprávy“ , nebo je uložen zde: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs

- po té klikni na tlačítko Dokončit, a program zavři křížkem vpravo nahoře.
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.

zítra.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
PECHY15
Level 3
Level 3
Příspěvky: 406
Registrován: červenec 07
Bydliště: Milín
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod PECHY15 » 31 pro 2018 10:47

# -------------------------------
# Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build: 12-18-2018
# Database: 2018-12-21.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-31-2018
# Duration: 00:00:02
# OS: Windows 7 Ultimate
# Cleaned: 13
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\PECHY\AppData\Roaming\IObit\Advanced SystemCare V8
Deleted C:\Users\PECHY\AppData\Roaming\IObit\Advanced SystemCare

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted C:\Windows\System32\Tasks\Driver Booster Scheduler

***** [ Registry ] *****

Deleted HKLM\Software\Wow6432Node\IObit\RealTimeProtector
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0363E9FD-EDC6-4554-902C-3E770B6AA8FC}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted http://istart.webssearches.com/?type=hp ... XXZ1DCC40N
Deleted http://isearch.avg.com/?cid={8003CAA6-8C14-41D7-9355-567043CD6C0A}&mid=14d150ad52a947d09d9c192946dff020-0aa42a229be20f529290f5f4f4ef5f97ac4ab085&lang=cs&ds=st011&pr=sa&d=2013-01-12 10:31:22&v=13.3.0.17&sap=hp
Deleted AVG Secure Search
Deleted Metro Wiki (en)
Deleted http://search.zonealarm.com/?Source=Hom ... 1b11c68313
Deleted http://istart.webssearches.com/?type=hp ... XXZ1DCC40N
Deleted Softonic EN

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2608 octets] - [31/12/2018 10:38:24]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 31.12.18
Čas skenování: 10:42
Logovací soubor: 6d7244cc-0ce0-11e9-86cb-448a5b837fe2.json

-Informace o softwaru-
Verze: 3.6.1.2711
Verze komponentů: 1.0.508
Aktualizovat verzi balíku komponent: 1.0.8563
Licence: Bezplatný

-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x64
Systém souborů: NTFS
Uživatel: PECHY-PC\PECHY

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Spuštění skenování: Ruční
Výsledek: Dokončeno
Skenované objekty: 255088
Zjištěné hrozby: 0
Hrozby umístěné do karantény: 0
Uplynulý čas: 0 min, 59 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

WMI: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 39704
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 31 pro 2018 18:03

Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
https://downloads.malwarebytes.com/file/JRT-EOL
na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

Sophos Virus Removal Tool je praktický softwarový nástroj, který by mohl odstranit infekce, které antivirový program nedetekuje .
Stáhněte si ho zde z některého odkazu:
http://www.majorgeeks.com/files/details ... _tool.html
http://www.majorgeeks.com/mg/get/sophos ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,2.html

Viry mohou zpomalit počítač, nebo se snaží ukrást vaše data, a ani nevíte , že je máte. Co potřebujete, je rychlý a snadný způsob, jak je najít a zbavit se jich, pokud již máte antivirový program v počítači nainstalován , můžete nainstalovat i nástroj Sophos Virus Removal , který identifikuje a vyčistí zbylé infekce, které mohl Váš antivirový program přehlédnout.
K použití Sophos Virus Removal Tool na něj poklepejte a stiskněte tlačítko „Start scanning“ . Pak bude Sophos Virus Removal Tool vyhledávat a odstraňovat viry, které najde. Může být vyžadován restart.
Pokud byly nalezeny viry , tak po skenu klikni na „Details…“ a potom na „View log file“. Zkopíruj celý log a vlož ho sem. Potom zavři „threat detail“ a klikni na „Start cleanup“.
Jinak se log nachází zde:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.adlice.com/download/roguekil ... HlwZT14ODY
64bit.:
http://www.adlice.com/download/roguekil ... HlwZT14NjQ
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7,8,10 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“
- Program skenuje procesy PC. Po proskenování klikni na „Open Report “ , v okně pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
-pokud bude mít log více než 60.000 znaků , rozděl ho a vlož do více příspěvků

další odkazy:
http://www.adlice.com/download/roguekiller/
http://www.bleepingcomputer.com/download/roguekiller/
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
PECHY15
Level 3
Level 3
Příspěvky: 406
Registrován: červenec 07
Bydliště: Milín
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod PECHY15 » 01 led 2019 16:25

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Ultimate x64
Ran by PECHY (Administrator) on Łt 01.01.2019 at 14:27:30,44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 10

Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Windows\system32\Tasks\Driver Booster SkipUAC (PECHY) (Task)
Successfully deleted: C:\Users\PECHY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D867BSHL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\PECHY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FJ8MKH6P (Temporary Internet Files Folder)
Successfully deleted: C:\Users\PECHY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FKNIIOMS (Temporary Internet Files Folder)
Successfully deleted: C:\Users\PECHY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P26U0ZG8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D867BSHL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FJ8MKH6P (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FKNIIOMS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P26U0ZG8 (Temporary Internet Files Folder)



Registry: 2

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)


Sophos nic nenašel, log jsem asi neuložil...


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Łt 01.01.2019 at 14:29:35,14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
RogueKiller Anti-Malware V13.0.20.0 (x64) [Dec 31 2018] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits
Started in : Normal mode
User : PECHY [Administrator]
Started from : C:\Users\PECHY\Desktop\RogueKiller_portable64.exe
Mode : Standard Scan, Scan -- Date : 2019/01/01 16:10:56 (Duration : 00:06:11)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> XX - System Policies
[PUM.Policies (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -- 0 -> Found
[PUM.Policies (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -- 0 -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> Chrome Config
[PUP.Gen1 (Potentially Malicious)] session.startup_urls (C:\Users\PECHY\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences) -- http://search.zonealarm.com/?Source=Hom ... .com/?cid={8003CAA6-8C14-41D7-9355-567043CD6C0A}&mid=14d150ad52a947d09d9c192946dff020-0aa42a229be20f529290f5f4f4ef5f97ac4ab085&lang=cs&ds=st011&pr=sa&d=2013-01-12 10:31:22&v=13.3.0.17&sap=hp|http://www.google.com|https://www.google.com/|http://www.google.com/ -> Found

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 39704
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 01 led 2019 18:22

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“,
po jeho skončení - vše zatrhni (dej zatržítka vlevo od nálezů , do bílých políček)
- pak klikni na "Remove Selected"
- Počkej, dokud Status box nezobrazí " Removal finished, please review result "
- Klikni na "Open report " a pak na " Open TXT“ a zkopíruj ten log a vlož obsah té zprávy prosím sem. Log je možno nalézt v C:\ProgramData\RogueKiller\Logs - Zavři RogueKiller.

Vypni antivir i firewall.
Stáhni Zoek.exe
http://download.bleepingcomputer.com/smeenk/zoek.exe

Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
-pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log Zkopíruj sem celý obsah toho logu.
Pokud budou problémy , spusť zoek v nouz. režimu.

Stáhni si Zemana AntiMalware Free z tohoto odkazu:
https://www.zemana.com/Download/AntiMal ... .Setup.exe
a ulož si ho na plochu.
Poklepej na tento soubor na ploše a postupuj podle pokynů k instalaci programu.
Přijmi licenci k používání programu EULA , pokud se nabídne.
Pokud je k dispozici aktualizace programu , klepni na tlačítko „Update now“ ( aktualizovat nyní).
Můžeš si zatrhnout i vytvoření bodu obnovy:
Klikni na ozubené kolečko , poté na „Skenování“ a zatrhni „vytvářet body obnovy“.
Vrať se zpět ( klikni na domeček).
Zavři všechny otevřené soubory, složky a prohlížeče
Neměň žádné nastavení. Klikni na „Skenovat“.
Po skenu lze vidět , zda jsou nějaké nákazy. Klikni na „Další“. Nákazy budou přemístěny do karantény.
Když je skenování dokončeno, objeví se tisková zpráva , zkopíruj sem celý obsah té zprávy.
Jinak můžeš zprávy vidět , když klikneš vpravo nahoře na „ zprávy“.


Vlož nový log z HJT + informuj o problémech
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
PECHY15
Level 3
Level 3
Příspěvky: 406
Registrován: červenec 07
Bydliště: Milín
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod PECHY15 » 02 led 2019 11:20

RogueKiller Anti-Malware V13.0.20.0 (x64) [Dec 31 2018] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits
Started in : Normal mode
User : PECHY [Administrator]
Started from : C:\Users\PECHY\Desktop\RogueKiller_portable64.exe
Mode : Standard Scan, Delete -- Date : 2019/01/02 08:33:06 (Duration : 00:05:52)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUM.Policies (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -- -> Replaced (2)
[PUM.Policies (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -- -> Replaced (2)
[PUP.Gen1 (Potentially Malicious)] session.startup_urls -- http://search.zonealarm.com/?Source=Hom ... .com/?cid={8003CAA6-8C14-41D7-9355-567043CD6C0A}&mid=14d150ad52a947d09d9c192946dff020-0aa42a229be20f529290f5f4f4ef5f97ac4ab085&lang=cs&ds=st011&pr=sa&d=2013-01-12 10:31:22&v=13.3.0.17&sap=hp|http://www.google.com|https://www.google.com/|http://www.google.com/ -> Deleted

Running in: Normal Mode Internet Access Detected
Launched: C:\Users\PECHY\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

2.1.2019 8:35:12 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\COMMON~1\Nero deleted successfully
C:\Program Files\Common Files\AV deleted successfully
C:\Users\PECHY\AppData\Local\CrashDumps deleted successfully
C:\Users\PECHY\AppData\Local\Samsung deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Users\PECHY\AppData\Roaming\HandBrake deleted
C:\82ace7d6-0197-474d-bf4b-a2043e72329b deleted
C:\Users\PECHY\AppData\Roaming\Wondershare deleted
C:\Users\PECHY\AppData\Local\CrashRpt deleted
C:\windows\SysNative\Tasks\AvastUpdateTaskMachineCore deleted
C:\windows\SysNative\Tasks\AvastUpdateTaskMachineUA deleted
"C:\PROGRA~2\Wondershare\WAF\2.4.3.227\Newtonsoft.Json.dll" deleted
"C:\PROGRA~2\Wondershare\WAF\2.4.3.227\WsAppCollect.dll" deleted
"C:\PROGRA~2\Wondershare\WAF\2.4.3.227\WsAppCommon.dll" not deleted
"C:\PROGRA~2\Wondershare\WAF\2.4.3.227\WsAppService.exe" not deleted
"C:\Users\PECHY\AppData\Local\AVAST Software\APM\PECHYFfl2.dat" not deleted
"C:\Users\PECHY\AppData\Local\AVAST Software\APM\PECHY\kv_pam.db" not deleted
"C:\PROGRA~2\Wondershare" not deleted
"C:\PROGRA~3\Package Cache" deleted
"C:\Users\PECHY\AppData\Local\AVAST Software" not deleted
"C:\PROGRA~2\Wondershare\WAF" not deleted
"C:\PROGRA~2\Wondershare\WAF\2.4.3.227" not deleted
"C:\Users\PECHY\AppData\Local\AVAST Software\APM" not deleted
"C:\Users\PECHY\AppData\Local\AVAST Software\APM\PECHY" not deleted

==== Orphaned Tasks deleted from Registry ======================

AvastUpdateTaskMachineCore deleted
AvastUpdateTaskMachineUA deleted

==== Firefox XPI-files found: ======================

- __MSG_avastAppName__ - C:\Program Files\AVAST Software\Avast\SafePrice\FF\sp@avast.com.xpi
- Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF\wrc@avast.com.xpi

==== Chromium Look ======================

Google Chrome Version: 71.0.3578.98


Chrome Media Router - PECHY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Chromium Fix ======================

C:\Users\PECHY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"=""
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - No_Url_Value
HKLM\Wow6432Node\SearchScopes "DefaultScope"=""
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE10

==== Reset Google Chrome ======================

C:\Users\PECHY\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\PECHY\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\PECHY\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\PECHY\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\PECHY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\PECHY\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2196 folders=845 270610143 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\PECHY\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\PECHY\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~2\Wondershare\WAF\2.4.3.227\WsAppCommon.dll" not found
"C:\PROGRA~2\Wondershare\WAF\2.4.3.227\WsAppService.exe" not found
"C:\Users\PECHY\AppData\Local\AVAST Software\APM\PECHYFfl2.dat" not found
"C:\Users\PECHY\AppData\Local\AVAST Software\APM\PECHY\kv_pam.db" not found
"C:\PROGRA~2\Wondershare" not found
"C:\Users\PECHY\AppData\Local\AVAST Software" not found

==== EOF on st 02.01.2019 at 10:40:09,28 ======================

Zemana AntiMalware 2.74.2.150 (instalační verze)

-------------------------------------------------------
Scan Result : Dokončeno
Scan Date : 2019.1.2
Operating System : Windows 7 64-bit
Processor : 8X Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
BIOS Mode : Legacy
CUID : 122F62B226FF0CEABC8BD1
Scan Type : Skenování systému
Duration : 3m 28s
Scanned Objects : 69748
Detected Objects : 1
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Zapnuto
Detect All Extensions : Vypnuto
Scan Documents : Vypnuto
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Chrome Startup Url
Status : Skenováno
Object : http://search.zonealarm.com/?Source=Hom ... 1b11c68313
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Podezřelé nastavení prohlížeče
Cleaning Action : Opravit
Related Objects :
Nastavení prohlížeče - Chrome Startup Url


Cleaning Result
-------------------------------------------------------
Cleaned : 1
Reported as safe : 0
Failed : 0

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:16:39, on 2.1.2019
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.19203)
Boot mode: Normal

Running processes:
G:\Plex Media Server\Plex Media Server.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
G:\Plex Media Server\PlexScriptHost.exe
G:\Plex Media Server\Plex Tuner Service.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
C:\ProgramData\Battle.net\Agent\Agent.6525\Agent.exe
C:\Users\PECHY\Desktop\hijackthis.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Plex Media Server] "G:\Plex Media Server\Plex Media Server.exe"
O4 - HKUS\S-1-5-18\..\Run: [Plex Media Server] "G:\Plex Media Server\Plex Media Server.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Plex Media Server] "G:\Plex Media Server\Plex Media Server.exe" (User 'Default user')
O4 - Startup: GIGABYTE XTREME GAMING ENGINE.lnk = C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\autorun.exe
O4 - Global Startup: BackupRemind.lnk = G:\dr.fone toolkit for Android\Addins\AndroidBackupRestore\BackupRemind.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Služba %1!s! Update (avast) (avast) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba %1!s! Update (avastm) (avastm) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\elevation_service.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Killer Service V2 - Rivet Networks - C:\Program Files\Killer Networking\Network Manager\KillerService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: Plex Update Service (PlexUpdateService) - Plex, Inc. - G:\Plex Media Server\Plex Update Service.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wondershare Application Framework Service (WsAppService) - Unknown owner - C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe (file missing)
O23 - Service: ZAM Controller Service (ZAMSvc) - Copyright 2017. - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe

--
End of file - 9823 bytes

Momentálně vše pracuje lépe, akorát při spuštění heartstone, youtube nereaguje tak svižně jak by měl, ale znatelné zlepšení tam je, facebook dělal obdobné problémy.

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 39704
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 02 led 2019 19:30

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
PECHY15
Level 3
Level 3
Příspěvky: 406
Registrován: červenec 07
Bydliště: Milín
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod PECHY15 » 03 led 2019 00:02

ComboFix 18-08-08.01 - PECHY 02.01.2019 23:29:00.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.8120.5967 [GMT 1:00]
Spuštěný z: c:\users\PECHY\Desktop\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\DEBUG.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2018-12-02 do 2019-01-02 )))))))))))))))))))))))))))))))
.
.
2019-01-02 22:32 . 2019-01-02 22:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2019-01-02 07:53 . 2014-02-13 22:59 24064 ----a-w- c:\windows\zoek-delete.exe
2019-01-02 07:53 . 2019-01-02 22:32 -------- d-----w- c:\users\PECHY\AppData\Local\Temp
2019-01-02 07:34 . 2019-01-02 07:50 -------- d-----w- C:\zoek_backup
2019-01-01 15:10 . 2019-01-01 15:21 -------- d-----w- c:\programdata\RogueKiller
2018-12-31 10:07 . 2018-12-31 10:07 -------- d-----w- c:\programdata\.mono
2018-12-30 18:11 . 2018-12-30 18:11 -------- d-----w- c:\windows\system32\appmgmt
2018-12-30 18:01 . 2018-12-30 18:01 -------- d-----w- c:\users\PECHY\ansel
2018-12-18 11:03 . 2018-12-18 11:03 -------- d-----w- c:\program files (x86)\Common Files\Java
2018-12-18 11:03 . 2018-12-18 11:03 -------- d-----w- c:\program files (x86)\Common Files\Oracle
2018-12-18 11:03 . 2018-12-18 11:03 110968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2018-12-18 11:03 . 2018-12-18 11:03 -------- d-----w- c:\programdata\Oracle
2018-12-18 11:03 . 2018-12-18 11:03 -------- d-----w- c:\program files\Java
2018-12-16 16:09 . 2018-12-16 16:09 -------- d-----w- c:\users\PECHY\AppData\Local\mbamtray
2018-12-15 13:29 . 2018-12-15 13:29 6155720 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-12-16 19:59 . 2015-05-09 17:51 137260640 -c--a-w- c:\windows\system32\MRT.exe
2018-12-15 13:32 . 2015-05-10 13:36 842240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2018-12-15 13:32 . 2015-05-10 13:36 175104 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2018-12-15 13:30 . 2015-02-19 23:18 36852448 ----a-w- c:\windows\system32\nvwgf2umx.dll
2018-12-15 13:30 . 2017-01-04 14:05 505696 ----a-w- c:\windows\system32\nvumdshimx.dll
2018-12-15 13:30 . 2015-02-19 23:18 4847696 ----a-w- c:\windows\system32\nvapi64.dll
2018-12-06 10:15 . 2018-05-27 11:44 2865136 ----a-w- c:\windows\system32\nvspcap64.dll
2018-12-06 10:15 . 2018-05-27 11:44 2265072 ----a-w- c:\windows\SysWow64\nvspcap.dll
2018-12-06 10:15 . 2018-05-27 11:44 1323504 ----a-w- c:\windows\system32\NvRtmpStreamer64.dll
2018-12-06 09:20 . 2017-04-07 10:59 1951 ----a-w- c:\windows\NvTelemetryContainerRecovery.bat
2018-11-27 02:20 . 2018-01-05 11:31 239840 ----a-w- c:\windows\system32\drivers\aswHdsKe.sys
2018-11-19 16:28 . 2018-11-19 16:28 378584 ----a-w- c:\windows\system32\aswBoot.exe
2018-11-19 16:28 . 2017-11-16 10:55 201240 ----a-w- c:\windows\system32\drivers\aswArPot.sys
2018-11-19 16:28 . 2015-05-09 17:08 87432 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2018-11-19 16:28 . 2015-05-09 17:08 469272 ----a-w- c:\windows\system32\drivers\aswSP.sys
2018-11-19 16:28 . 2015-05-09 17:08 46384 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2018-11-19 16:28 . 2015-05-09 17:08 380464 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2018-11-19 16:28 . 2015-05-09 17:08 208472 ----a-w- c:\windows\system32\drivers\aswStm.sys
2018-11-19 16:28 . 2015-05-09 17:08 163208 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2018-11-19 16:28 . 2015-05-09 17:08 111800 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2018-11-19 16:28 . 2018-10-21 09:41 42288 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2018-11-19 16:28 . 2015-05-09 17:08 1028680 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2018-11-19 16:28 . 2017-03-07 01:54 59496 ----a-w- c:\windows\system32\drivers\aswbuniva.sys
2018-11-19 16:28 . 2017-03-07 01:54 346592 ----a-w- c:\windows\system32\drivers\aswbloga.sys
2018-11-19 16:28 . 2017-03-07 01:54 230344 ----a-w- c:\windows\system32\drivers\aswbidsdrivera.sys
2018-11-19 16:28 . 2017-03-07 01:54 201768 ----a-w- c:\windows\system32\drivers\aswbidsha.sys
2018-11-16 15:46 . 2018-11-28 10:04 1468192 ----a-w- c:\windows\system32\nvdispgenco6441701.dll
2018-11-16 15:46 . 2018-11-28 10:04 2017536 ----a-w- c:\windows\system32\nvdispco6441701.dll
2018-11-15 23:24 . 2015-05-09 18:40 5338424 ----a-w- c:\windows\system32\nvcpl.dll
2018-11-15 23:24 . 2015-05-09 18:40 2620272 ----a-w- c:\windows\system32\nvsvc64.dll
2018-11-15 23:24 . 2015-12-22 15:22 82984 ----a-w- c:\windows\system32\nv3dappshextr.dll
2018-11-15 23:24 . 2015-12-22 15:22 651064 ----a-w- c:\windows\system32\nv3dappshext.dll
2018-11-15 23:24 . 2015-05-09 18:40 450416 ----a-w- c:\windows\system32\nvmctray.dll
2018-11-15 23:24 . 2015-05-09 18:40 1767736 ----a-w- c:\windows\system32\nvsvcr.dll
2018-11-15 23:24 . 2015-05-09 18:40 124784 ----a-w- c:\windows\system32\nvshext.dll
2018-11-14 05:56 . 2015-05-09 18:40 8416032 ----a-w- c:\windows\system32\nvcoproc.bin
2018-11-13 19:05 . 2018-11-16 11:02 1468032 ----a-w- c:\windows\system32\nvdispgenco6441694.dll
2018-11-13 19:05 . 2018-11-16 11:02 2017736 ----a-w- c:\windows\system32\nvdispco6441694.dll
2018-11-13 03:18 . 2018-11-16 11:02 47384 ----a-w- c:\windows\system32\nvhdap64.dll
2018-11-13 03:18 . 2018-11-16 11:02 227896 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2018-11-13 03:18 . 2017-01-04 14:26 1682896 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2018-11-11 16:58 . 2018-12-16 19:57 190464 ----a-w- c:\windows\system32\rpchttp.dll
2018-11-11 16:45 . 2018-12-16 19:57 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2018-11-11 16:44 . 2018-12-16 19:57 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2018-10-11 22:30 . 2018-10-14 20:40 1468456 ----a-w- c:\windows\system32\nvdispgenco6441634.dll
2018-10-11 22:30 . 2018-10-14 20:40 2017888 ----a-w- c:\windows\system32\nvdispco6441634.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-06-14 11:41 1741104 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-06-14 11:41 1741104 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-06-14 11:41 1741104 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2015-02-27 5583120]
"Plex Media Server"="g:\plex media server\Plex Media Server.exe" [2018-04-12 17786856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2018-10-06 601424]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Plex Media Server"="g:\plex media server\Plex Media Server.exe" [2018-04-12 17786856]
.
c:\users\PECHY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GIGABYTE XTREME GAMING ENGINE.lnk - c:\program files (x86)\GIGABYTE\XTREME GAMING ENGINE\autorun.exe /r [2017-3-10 172176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x]
R1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 avast;Služba %1!s! Update (avast);c:\program files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe;c:\program files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 WsAppService;Wondershare Application Framework Service;c:\program files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe;c:\program files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe [x]
R3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe [x]
R3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 avastm;Služba %1!s! Update (avastm);c:\program files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe;c:\program files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ETDSMBus;ETDSMBus;c:\windows\system32\DRIVERS\ETDSMBus.sys;c:\windows\SYSNATIVE\DRIVERS\ETDSMBus.sys [x]
R3 GoogleChromeElevationService;Google Chrome Elevation Service;c:\program files (x86)\Google\Chrome\Application\71.0.3578.98\elevation_service.exe;c:\program files (x86)\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Ke2200;NDIS Miniport Driver for Killer e2201/e2202 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\e22w7x64.sys;c:\windows\SYSNATIVE\DRIVERS\e22w7x64.sys [x]
R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 EasyAntiCheat;EasyAntiCheat;c:\program files (x86)\EasyAntiCheat\EasyAntiCheat.exe;c:\program files (x86)\EasyAntiCheat\EasyAntiCheat.exe [x]
S0 aswbidsh;aswbidsh;c:\windows\system32\drivers\aswbidsha.sys;c:\windows\SYSNATIVE\drivers\aswbidsha.sys [x]
S0 aswblog;aswblog;c:\windows\system32\drivers\aswbloga.sys;c:\windows\SYSNATIVE\drivers\aswbloga.sys [x]
S0 aswbuniv;aswbuniv;c:\windows\system32\drivers\aswbuniva.sys;c:\windows\SYSNATIVE\drivers\aswbuniva.sys [x]
S0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys;c:\windows\SYSNATIVE\drivers\aswRvrt.sys [x]
S0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys;c:\windows\SYSNATIVE\drivers\aswVmm.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S1 aswArPot;aswArPot;c:\windows\system32\drivers\aswArPot.sys;c:\windows\SYSNATIVE\drivers\aswArPot.sys [x]
S1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdrivera.sys;c:\windows\SYSNATIVE\drivers\aswbidsdrivera.sys [x]
S1 aswHdsKe;aswHdsKe;c:\windows\system32\drivers\aswHdsKe.sys;c:\windows\SYSNATIVE\drivers\aswHdsKe.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 BfLwf;Killer Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys;c:\windows\SYSNATIVE\DRIVERS\bflwfx64.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Killer Service V2;Killer Service V2;c:\program files\Killer Networking\Network Manager\KillerService.exe;c:\program files\Killer Networking\Network Manager\KillerService.exe [x]
S2 NvContainerLocalSystem;NVIDIA LocalSystem Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]
S2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [x]
S2 NvTelemetryContainer;NVIDIA Telemetry Container;c:\program files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe;c:\program files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [x]
S2 PlexUpdateService;Plex Update Service;g:\plex media server\Plex Update Service.exe;g:\plex media server\Plex Update Service.exe [x]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 KillerEth;NDIS Miniport Driver for Killer PCI-E Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\e2xw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\e2xw7x64.sys [x]
S3 NvContainerNetworkService;NVIDIA NetworkService Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]
S3 NvStreamKms;NVIDIA KMS;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 nvvhci;NVVHCI Enumerator Service;c:\windows\system32\DRIVERS\nvvhci.sys;c:\windows\SYSNATIVE\DRIVERS\nvvhci.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 XtuAcpiDriver;Intel(R) Extreme Tuning Utility Device Service;c:\windows\system32\DRIVERS\XtuAcpiDriver.sys;c:\windows\SYSNATIVE\DRIVERS\XtuAcpiDriver.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}]
2018-11-22 22:55 2567904 ----a-w- c:\program files (x86)\AVAST Software\Browser\Application\70.0.917.102\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-06-14 11:37 2348848 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-06-14 11:37 2348848 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-06-14 11:37 2348848 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2018-11-19 16:28 1847000 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2018-11-19 16:28 1847000 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2018-12-15 9270208]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2018-11-19 242392]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
TCP: DhcpNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BackupRemind.lnk - g:\dr.fone toolkit for android\Addins\AndroidBackupRestore\BackupRemind.exe
SafeBoot-MBAMService
HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe
AddRemove-{1d74549e-937e-4772-b801-e67975fd087a} - c:\programdata\Package Cache\{1d74549e-937e-4772-b801-e67975fd087a}\pms.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{c6c5a357-c7ca-4a5f-9789-3bb1af579253} - c:\programdata\Package Cache\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}\LauncherPrereqSetup_x64.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{cb7c3049-21de-415b-bd85-b65c14e547df} - c:\programdata\Package Cache\{cb7c3049-21de-415b-bd85-b65c14e547df}\VC_redist.x86.exe
AddRemove-{d6f233bd-3f8c-43f6-878b-07bd0568d595} - c:\programdata\Package Cache\{d6f233bd-3f8c-43f6-878b-07bd0568d595}\VC_redist.x64.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-50467274-3595313862-2648565765-1000\@*°p*]
@Allowed: (Read) (RestrictedCode)
"cl"=dword:00000003
.
[HKEY_USERS\S-1-5-21-50467274-3595313862-2648565765-1000\@*±p*]
@Allowed: (Read) (RestrictedCode)
"cl"=dword:00000003
.
[HKEY_USERS\S-1-5-21-50467274-3595313862-2648565765-1000\@*Íp*]
@Allowed: (Read) (RestrictedCode)
"cl"=dword:00000003
.
[HKEY_USERS\S-1-5-21-50467274-3595313862-2648565765-1000\@*Űp*]
@Allowed: (Read) (RestrictedCode)
"cl"=dword:00000003
.
[HKEY_USERS\S-1-5-21-50467274-3595313862-2648565765-1000\@*fr*]
@Allowed: (Read) (RestrictedCode)
"cl"=dword:00000003
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_32_0_0_101_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_32_0_0_101_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_32_0_0_101_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_32_0_0_101_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_32_0_0_101.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.32"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_32_0_0_101.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_32_0_0_101.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_32_0_0_101.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2019-01-02 23:33:15
ComboFix-quarantined-files.txt 2019-01-02 22:33
.
Před spuštěním: Volných bajtů: 18 467 053 568
Po spuštění: Volných bajtů: 18 405 105 664
.
- - End Of File - - 98CE4E0AE72E767BD111BD04D27D3D85
A36C5E4F47E84449FF07ED3517B43A31

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 39704
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 03 led 2019 18:29

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
RegLock::
[HKEY_USERS\S-1-5-21-50467274-3595313862-2648565765-1000\@*°p *]
@Allowed: (Read) (RestrictedCode)
"cl"=dword:00000003
.
[HKEY_USERS\S-1-5-21-50467274-3595313862-2648565765-1000\@*±p *]
@Allowed: (Read) (RestrictedCode)
"cl"=dword:00000003
.
[HKEY_USERS\S-1-5-21-50467274-3595313862-2648565765-1000\@*Íp *]
@Allowed: (Read) (RestrictedCode)
"cl"=dword:00000003
.
[HKEY_USERS\S-1-5-21-50467274-3595313862-2648565765-1000\@*Űp *]
@Allowed: (Read) (RestrictedCode)
"cl"=dword:00000003
.
[HKEY_USERS\S-1-5-21-50467274-3595313862-2648565765-1000\@*fr *]
@Allowed: (Read) (RestrictedCode)
"cl"=dword:00000003
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_32_0_0_101_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_32_0_0_101_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_32_0_0_101_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_32_0_0_101_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_32_0_0_101.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.32"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_32_0_0_101.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_32_0_0_101.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_32_0_0_101.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"



Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si Memtest:

Políčko , ve kterém je napsáno:
All unused RAM , změň na 2048.
-dej Start , nech nejméně 2h běžet , pokud bude po 2h stále 0 errors , jsou v pořádku.
V případě vyšších kapacit RAM je třeba Memtest spustit několikrát , pro 2GB ( jednotlivá největší kapacita RAM) 2x , pro 4GB 3x , pro 8Gb 4x ap.
poklepej na Memtest , pak znovu a znovu , do políček všech Memtestů napiš 2048 , pak dej u všech Memtestů "Start".

Ještě zkontrolovat HDD na chyby ,popř. zkusit jeho defragmentaci ..

Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
PECHY15
Level 3
Level 3
Příspěvky: 406
Registrován: červenec 07
Bydliště: Milín
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod PECHY15 » 04 led 2019 10:12

----------------------------------------------------------------------------
CrystalDiskInfo 7.0.5 (C) 2008-2016 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 7 Ultimate SP1 [6.1 Build 7601] (x64)
Date : 2019/01/04 10:11:36

-- Controller Map ----------------------------------------------------------
- DAEMON Tools Lite Virtual SCSI Bus [SCSI]
+ Intel(R) C220 series chipset SATA AHCI Controller [SCSI]
- ATA KINGSTON SV300S3 SCSI Disk Device
- ATA ST1000DM003-1CH1 SCSI Disk Device
- ATA Hitachi HDT72103 SCSI Disk Device

-- Disk List ---------------------------------------------------------------
(1) KINGSTON SV300S37A120G : 120,0 GB [0/0/0, pd1] - sf
(2) ST1000DM003-1CH162 : 1000,2 GB [1/0/0, pd1] - st
(3) Hitachi HDT721032SLA380 : 320,0 GB [2/0/0, pd1]

----------------------------------------------------------------------------
(1) KINGSTON SV300S37A120G
----------------------------------------------------------------------------
Model : KINGSTON SV300S37A120G
Firmware : 583ABBF0
Serial Number : 50026B7852013C41
Disk Size : 120,0 GB (8,4/120,0/120,0/120,0)
Buffer Size : Neznámy údaj
Queue Depth : 32
# of Sectors : 234441648
Rotation Rate : ---- (SSD)
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ACS-2 Revision 3
Transfer Mode : SATA/600 | SATA/600
Power On Hours : 10433 hod.
Power On Count : 2003 krát
Host Reads : 13637 GB
Host Writes : 5768 GB
Temperature : 29 C (84 F)
Health Status : Dobrý (96 %)
Features : S.M.A.R.T., APM, 48bit LBA, NCQ, TRIM
APM Level : 00FEh [ON]
AAM Level : ----
Drive Letter : C:

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr Raw Values (7) Attribute Name
01 _95 _95 _50 00000000AC7726 Raw Read Error Rate
05 100 100 __3 00000000000000 Retired Block Count
09 _89 _89 __0 120DC2000028C1 Power-on Hours
0C _99 _99 __0 000000000007D3 Power Cycle Count
AB 100 100 __0 00000000000000 Program Fail Count
AC 100 100 __0 00000000000000 Erase Fail Count
AE __0 __0 __0 00000000000030 Unexpected Power Loss Count
B1 __0 __0 __0 00000000000063 Wear Range Delta
B5 100 100 __0 00000000000000 Program Fail Count
B6 100 100 __0 00000000000000 Erase Fail Count
BB 100 100 __0 00000000000000 Reported Uncorrectable Errors
BD _29 _41 __0 0000120029001D Specifický pro výrobce
C2 _29 _41 __0 0000120029001D Temperature
C3 120 120 __0 00000000AC7726 On-the-Fly ECC Uncorrectable Error Count
C4 100 100 __3 00000000000000 Reallocation Event Count
C9 120 120 __0 00000000AC7726 Uncorrectable Soft Read Error Rate
CC 120 120 __0 00000000AC7726 Soft ECC Correction Rate
E6 100 100 __0 00000000000064 Life Curve Status
E7 _96 _96 _10 00000000000001 SSD Life Left
E9 __0 __0 __0 000000000031D2 Specifický pro výrobce
EA __0 __0 __0 00000000001688 Specifický pro výrobce
F1 __0 __0 __0 00000000001688 Lifetime Writes from Host
F2 __0 __0 __0 00000000003545 Lifetime Reads from Host

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0C5A 3FFF 738C 0010 0000 0000 003F 0000 0000 0000
010: 3530 3032 3642 3738 3532 3031 3343 3431 2020 2020
020: 0000 0000 0004 3538 3341 4242 4630 4B49 4E47 5354
030: 4F4E 2053 5633 3030 5333 3741 3132 3047 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8001 4000 2F00
050: 4001 0200 0200 0007 3FFF 0010 003F FC10 00FB 0101
060: 4BB0 0DF9 0000 0007 0003 0078 0078 0078 0078 0F08
070: 0000 0000 0000 0000 0000 001F 950E 0006 004C 0040
080: 01FC 0110 742B 7569 6163 7429 B449 6163 207F 0001
090: 0001 00FE FFFE 0000 0000 0000 0000 0000 0000 0000
100: 4BB0 0DF9 0000 0000 0000 0001 4000 0000 5002 6B78
110: 5201 3C41 0000 0000 0000 0000 0000 0000 0000 405A
120: 4018 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0001
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 0025 0000 0000 4000
210: 0000 0000 0100 0000 0000 0000 0000 0001 0000 0000
220: 0000 0000 103F 0000 0000 0000 0000 0000 0000 0000
230: 4BB0 0DF9 0000 0000 0002 0400 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 47A5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 0A 00 01 32 00 5F 5F 26 77 AC 00 00 00 00 05 33
010: 00 64 64 00 00 00 00 00 00 00 09 32 00 59 59 C1
020: 28 00 00 C2 0D 12 0C 32 00 63 63 D3 07 00 00 00
030: 00 00 AB 0A 00 64 64 00 00 00 00 00 00 00 AC 32
040: 00 64 64 00 00 00 00 00 00 00 AE 30 00 00 00 30
050: 00 00 00 00 00 00 B1 00 00 00 00 63 00 00 00 00
060: 00 00 B5 0A 00 64 64 00 00 00 00 00 00 00 B6 32
070: 00 64 64 00 00 00 00 00 00 00 BB 12 00 64 64 00
080: 00 00 00 00 00 00 BD 00 00 1D 29 1D 00 29 00 12
090: 00 00 C2 22 00 1D 29 1D 00 29 00 12 00 00 C3 1C
0A0: 00 78 78 26 77 AC 00 00 00 00 C4 33 00 64 64 00
0B0: 00 00 00 00 00 00 C9 1C 00 78 78 26 77 AC 00 00
0C0: 00 00 CC 1C 00 78 78 26 77 AC 00 00 00 00 E6 13
0D0: 00 64 64 64 00 00 00 00 00 00 E7 13 00 60 60 01
0E0: 00 00 00 00 00 00 E9 32 00 00 00 D2 31 00 00 00
0F0: 00 00 EA 32 00 00 00 88 16 00 00 00 00 00 F1 32
100: 00 00 00 88 16 00 00 00 00 00 F2 32 00 00 00 45
110: 35 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7D
170: 03 00 01 00 01 30 02 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 0A 00 01 32 00 00 00 00 00 00 00 00 00 00 05 03
010: 00 00 00 00 00 00 00 00 00 00 09 00 00 00 00 00
020: 00 00 00 00 00 00 0C 00 00 00 00 00 00 00 00 00
030: 00 00 AB 00 00 00 00 00 00 00 00 00 00 00 AC 00
040: 00 00 00 00 00 00 00 00 00 00 AE 00 00 00 00 00
050: 00 00 00 00 00 00 B1 00 00 00 00 00 00 00 00 00
060: 00 00 B5 00 00 00 00 00 00 00 00 00 00 00 B6 00
070: 00 00 00 00 00 00 00 00 00 00 BB 00 00 00 00 00
080: 00 00 00 00 00 00 BD 00 00 00 00 00 00 00 00 00
090: 00 00 C2 00 00 00 00 00 00 00 00 00 00 00 C3 00
0A0: 00 00 00 00 00 00 00 00 00 00 C4 03 00 00 00 00
0B0: 00 00 00 00 00 00 C9 00 00 00 00 00 00 00 00 00
0C0: 00 00 CC 00 00 00 00 00 00 00 00 00 00 00 E6 00
0D0: 00 00 00 00 00 00 00 00 00 00 E7 0A 00 00 00 00
0E0: 00 00 00 00 00 00 E9 00 00 00 00 00 00 00 00 00
0F0: 00 00 EA 00 00 00 00 00 00 00 00 00 00 00 F1 00
100: 00 00 00 00 00 00 00 00 00 00 F2 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9F

----------------------------------------------------------------------------
(2) ST1000DM003-1CH162
----------------------------------------------------------------------------
Model : ST1000DM003-1CH162
Firmware : CC49
Serial Number : Z1DCC40N
Disk Size : 1000,2 GB (8,4/137,4/1000,2/1000,2)
Buffer Size : Neznámy údaj
Queue Depth : 32
# of Sectors : 1953525168
Rotation Rate : 7200 RPM
Interface : Serial ATA
Major Version : ACS-2
Minor Version : ACS-3 Revision 3b
Transfer Mode : SATA/600 | SATA/600
Power On Hours : 12131 hod.
Power On Count : 2399 krát
Temperature : 29 C (84 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : 8080h [ON]
AAM Level : ----
Drive Letter : G:

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 116 _99 __6 000006CCCF90 Počet chyb čtení
03 _98 _97 __0 000000000000 Čas na roztočení ploten
04 _94 _94 _20 000000001910 Počet spuštění/zastavení
05 100 100 _10 000000000000 Počet přemapovaných sektorů
07 _79 _60 _30 000005E09DEF Počet chybných hledání
09 _87 _87 __0 000000002F63 Hodin v činnosti
0A 100 100 _97 000000000000 Počet opakovaných pokusů o roztočení ploten
0C _98 _98 _20 00000000095F Počet cyklů zapnutí zařízení
B7 100 100 __0 000000000000 Specifický pro výrobce
B8 100 100 _99 000000000000 Ukončovacích chyb
BB 100 100 __0 000000000000 Ohlášeno neopravitelných chyb
BC 100 _98 __0 000000000002 Časový limit příkazu
BD _99 _99 __0 000000000001 Vysoká rychlost zápisu
BE _71 _57 _45 00001D16001D Teplota toku vzduchu
BF 100 100 __0 000000000000 Počet udalostí zaznamenaných otřesovým senzorem
C0 100 100 __0 00000000003E Počet vypnutí disku
C1 _61 _61 __0 000000013165 Počet cyklů načítání/vymazání
C2 _29 _43 __0 00110000001D Teplota
C5 100 100 __0 000000000000 Počet podezřelých sektorů
C6 100 100 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
F0 100 253 __0 C43C000014C4 Čas nastavování hlaviček - v hodinách
F1 100 253 __0 00041EA66E34 Total Host Writes
F2 100 253 __0 0007B29D2404 Total Host Reads

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0C5A 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2020 2020 2020 2020 5A31 4443 4334 304E
020: 0000 0000 0004 4343 3439 2020 2020 5354 3130 3030
030: 444D 3030 332D 3143 4831 3632 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 850E 0006 004C 0040
080: 03F0 001F 346B 7D69 4163 3469 BC49 4163 207F 0033
090: 0033 8080 FFFE 0000 D000 0000 0000 0000 0000 0000
100: 6DB0 7470 0000 0000 0000 0000 6003 0000 5000 C500
110: 673B FD80 0000 0000 0000 0000 0000 0000 0000 401E
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 6DB0
130: 7470 6DB0 7470 2020 0002 0140 0100 5000 3C06 3C0A
140: 0000 003C 0000 0008 0000 0000 05FF 0280 0000 0000
150: 0008 0000 0000 0000 0000 0000 0000 0000 5800 8800
160: 0000 0000 0000 0000 0000 0000 0000 0000 0002 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 3085 0000 0000 4000
210: 0000 0000 0000 0000 0000 0000 0000 1C20 0000 0000
220: 0000 0000 107E 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
240: 0000 0000 0000 0003 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 D2A5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 0A 00 01 0F 00 74 63 90 CF CC 06 00 00 00 03 03
010: 00 62 61 00 00 00 00 00 00 00 04 32 00 5E 5E 10
020: 19 00 00 00 00 00 05 33 00 64 64 00 00 00 00 00
030: 00 00 07 0F 00 4F 3C EF 9D E0 05 00 00 00 09 32
040: 00 57 57 63 2F 00 00 00 00 00 0A 13 00 64 64 00
050: 00 00 00 00 00 00 0C 32 00 62 62 5F 09 00 00 00
060: 00 00 B7 32 00 64 64 00 00 00 00 00 00 00 B8 32
070: 00 64 64 00 00 00 00 00 00 00 BB 32 00 64 64 00
080: 00 00 00 00 00 00 BC 32 00 64 62 02 00 00 00 00
090: 00 00 BD 3A 00 63 63 01 00 00 00 00 00 00 BE 22
0A0: 00 47 39 1D 00 16 1D 00 00 00 BF 32 00 64 64 00
0B0: 00 00 00 00 00 00 C0 32 00 64 64 3E 00 00 00 00
0C0: 00 00 C1 32 00 3D 3D 65 31 01 00 00 00 00 C2 22
0D0: 00 1D 2B 1D 00 00 00 11 00 00 C5 12 00 64 64 00
0E0: 00 00 00 00 00 00 C6 10 00 64 64 00 00 00 00 00
0F0: 00 00 C7 3E 00 C8 C8 00 00 00 00 00 00 00 F0 00
100: 00 64 FD C4 14 00 00 3C C4 10 F1 00 00 64 FD 34
110: 6E A6 1E 04 00 00 F2 00 00 64 FD 04 24 9D B2 07
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 3F 02 00 73
170: 03 00 01 00 01 6A 02 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 70 00 00 00 02 03 03 03 01 03 03 03
190: 03 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 53 A1 7D 3D B8 27 00 00
1B0: 00 00 00 00 01 00 AF 05 34 6E A6 1E 04 00 00 00
1C0: 04 24 9D B2 07 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 3C 15 00 00 01 00 00 00
1E0: 00 00 00 00 E0 05 00 00 03 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 29

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 01 00 01 06 00 00 00 00 00 00 00 00 00 00 03 00
010: 00 00 00 00 00 00 00 00 00 00 04 14 00 00 00 00
020: 00 00 00 00 00 00 05 0A 00 00 00 00 00 00 00 00
030: 00 00 07 1E 00 00 00 00 00 00 00 00 00 00 09 00
040: 00 00 00 00 00 00 00 00 00 00 0A 61 00 00 00 00
050: 00 00 00 00 00 00 0C 14 00 00 00 00 00 00 00 00
060: 00 00 B7 00 00 00 00 00 00 00 00 00 00 00 B8 63
070: 00 00 00 00 00 00 00 00 00 00 BB 00 00 00 00 00
080: 00 00 00 00 00 00 BC 00 00 00 00 00 00 00 00 00
090: 00 00 BD 00 00 00 00 00 00 00 00 00 00 00 BE 2D
0A0: 00 00 00 00 00 00 00 00 00 00 BF 00 00 00 00 00
0B0: 00 00 00 00 00 00 C0 00 00 00 00 00 00 00 00 00
0C0: 00 00 C1 00 00 00 00 00 00 00 00 00 00 00 C2 00
0D0: 00 00 00 00 00 00 00 00 00 00 C5 00 00 00 00 00
0E0: 00 00 00 00 00 00 C6 00 00 00 00 00 00 00 00 00
0F0: 00 00 C7 00 00 00 00 00 00 00 00 00 00 00 F0 00
100: 00 00 00 00 00 00 00 00 00 00 F1 00 00 00 00 00
110: 00 00 00 00 00 00 F2 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FD

----------------------------------------------------------------------------
(3) Hitachi HDT721032SLA380
----------------------------------------------------------------------------
Model : Hitachi HDT721032SLA380
Firmware : ST2OA31B
Serial Number : STD207MT1VT14S
Disk Size : 320,0 GB (8,4/137,4/320,0/320,0)
Buffer Size : 7058 KB
Queue Depth : 32
# of Sectors : 625142448
Rotation Rate : 7200 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ATA8-ACS version 4
Transfer Mode : ---- | SATA/300
Power On Hours : 19858 hod.
Power On Count : 3718 krát
Temperature : 33 C (91 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, AAM, 48bit LBA, NCQ
APM Level : 0000h [OFF]
AAM Level : 8080h [ON]
Drive Letter : D:

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 100 _16 000000000000 Počet chyb čtení
02 100 100 _54 000000000000 Průchodnost disku
03 109 109 _24 000400E700E2 Čas na roztočení ploten
04 _98 _98 __0 0000000025B0 Počet spuštění/zastavení
05 100 100 __5 000000000000 Počet přemapovaných sektorů
07 100 100 _67 000000000000 Počet chybných hledání
08 100 100 _20 000000000000 Čas potřebný na vyhledání
09 _98 _98 __0 000000004D92 Hodin v činnosti
0A 100 100 _60 000000000000 Počet opakovaných pokusů o roztočení ploten
0C 100 100 __0 000000000E86 Počet cyklů zapnutí zařízení
C0 _92 _92 __0 000000002708 Počet vypnutí disku
C1 _92 _92 __0 000000002708 Počet cyklů načítání/vymazání
C2 181 181 __0 003400140021 Teplota
C4 100 100 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 100 100 __0 000000000000 Počet podezřelých sektorů
C6 100 100 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 00000000087C Počet chyb v kontrolním součtu UltraDMA

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 045A 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2020 5354 4432 3037 4D54 3156 5431 3453
020: 0003 3724 0038 5354 324F 4133 3142 4869 7461 6368
030: 6920 4844 5437 3231 3033 3253 4C41 3338 3020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 1706 0000 005E 0040
080: 01FC 0029 346B 7FE9 4773 3469 BE01 4763 207F 0036
090: 0000 0000 FFFE 0000 8080 0008 00CA 00F9 2710 0000
100: EAB0 2542 0000 0000 00CA 0000 0000 5A87 5000 CCA3
110: 5FDA 4362 0000 0000 0000 0000 0000 0000 0000 4014
120: 4014 0000 0000 0000 0000 0000 0000 0000 0009 000B
130: 0000 0000 2980 0DB1 FE20 0001 4000 0404 8531 0000
140: 0000 0406 0604 0404 0404 0404 0404 5CFF 268A 109A
150: 8000 0000 3250 4133 0000 A802 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 003D 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 1C20 0000 0000
220: 0000 0000 101F 0021 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 03E0 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 11A5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 0B 00 64 64 00 00 00 00 00 00 00 02 05
010: 00 64 64 00 00 00 00 00 00 00 03 07 00 6D 6D E2
020: 00 E7 00 04 00 00 04 12 00 62 62 B0 25 00 00 00
030: 00 00 05 33 00 64 64 00 00 00 00 00 00 00 07 0B
040: 00 64 64 00 00 00 00 00 00 00 08 05 00 64 64 00
050: 00 00 00 00 00 00 09 12 00 62 62 92 4D 00 00 00
060: 00 00 0A 13 00 64 64 00 00 00 00 00 00 00 0C 32
070: 00 64 64 86 0E 00 00 00 00 00 C0 32 00 5C 5C 08
080: 27 00 00 00 00 00 C1 12 00 5C 5C 08 27 00 00 00
090: 00 00 C2 02 00 B5 B5 21 00 14 00 34 00 00 C4 32
0A0: 00 64 64 00 00 00 00 00 00 00 C5 22 00 64 64 00
0B0: 00 00 00 00 00 00 C6 08 00 64 64 00 00 00 00 00
0C0: 00 00 C7 0A 00 C8 C8 7C 08 00 00 00 00 00 00 00
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 66 12 01 5B
170: 03 00 01 00 01 4F 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C7

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 10 00 00 00 00 00 00 00 00 00 00 02 36
010: 00 00 00 00 00 00 00 00 00 00 03 18 00 00 00 00
020: 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00
030: 00 00 05 05 00 00 00 00 00 00 00 00 00 00 07 43
040: 00 00 00 00 00 00 00 00 00 00 08 14 00 00 00 00
050: 00 00 00 00 00 00 09 00 00 00 00 00 00 00 00 00
060: 00 00 0A 3C 00 00 00 00 00 00 00 00 00 00 0C 00
070: 00 00 00 00 00 00 00 00 00 00 C0 00 00 00 00 00
080: 00 00 00 00 00 00 C1 00 00 00 00 00 00 00 00 00
090: 00 00 C2 00 00 00 00 00 00 00 00 00 00 00 C4 00
0A0: 00 00 00 00 00 00 00 00 00 00 C5 00 00 00 00 00
0B0: 00 00 00 00 00 00 C6 00 00 00 00 00 00 00 00 00
0C0: 00 00 C7 00 00 00 00 00 00 00 00 00 00 00 00 00
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 64

ComboFix 18-08-08.01 - PECHY 04.01.2019 10:00:32.2.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.8120.5992 [GMT 1:00]
Spuštěný z: c:\users\PECHY\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\PECHY\Desktop\CFScript.txt
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2018-12-04 do 2019-01-04 )))))))))))))))))))))))))))))))
.
.
2019-01-04 09:03 . 2019-01-04 09:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2019-01-04 09:03 . 2019-01-04 09:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2019-01-03 20:10 . 2019-01-03 20:10 -------- d-----w- c:\programdata\Package Cache
2019-01-02 07:53 . 2014-02-13 22:59 24064 ----a-w- c:\windows\zoek-delete.exe
2019-01-02 07:53 . 2019-01-04 09:04 -------- d-----w- c:\users\PECHY\AppData\Local\Temp
2019-01-02 07:34 . 2019-01-02 07:50 -------- d-----w- C:\zoek_backup
2019-01-01 15:10 . 2019-01-01 15:21 -------- d-----w- c:\programdata\RogueKiller
2018-12-31 10:07 . 2018-12-31 10:07 -------- d-----w- c:\programdata\.mono
2018-12-30 18:11 . 2018-12-30 18:11 -------- d-----w- c:\windows\system32\appmgmt
2018-12-30 18:01 . 2018-12-30 18:01 -------- d-----w- c:\users\PECHY\ansel
2018-12-18 11:03 . 2018-12-18 11:03 -------- d-----w- c:\program files (x86)\Common Files\Java
2018-12-18 11:03 . 2018-12-18 11:03 -------- d-----w- c:\program files (x86)\Common Files\Oracle
2018-12-18 11:03 . 2018-12-18 11:03 110968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2018-12-18 11:03 . 2018-12-18 11:03 -------- d-----w- c:\programdata\Oracle
2018-12-18 11:03 . 2018-12-18 11:03 -------- d-----w- c:\program files\Java
2018-12-16 16:09 . 2018-12-16 16:09 -------- d-----w- c:\users\PECHY\AppData\Local\mbamtray
2018-12-15 13:29 . 2018-12-15 13:29 6155720 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-12-16 19:59 . 2015-05-09 17:51 137260640 -c--a-w- c:\windows\system32\MRT.exe
2018-12-15 13:32 . 2015-05-10 13:36 842240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2018-12-15 13:32 . 2015-05-10 13:36 175104 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2018-12-15 13:30 . 2015-02-19 23:18 36852448 ----a-w- c:\windows\system32\nvwgf2umx.dll
2018-12-15 13:30 . 2017-01-04 14:05 505696 ----a-w- c:\windows\system32\nvumdshimx.dll
2018-12-15 13:30 . 2015-02-19 23:18 4847696 ----a-w- c:\windows\system32\nvapi64.dll
2018-12-06 10:15 . 2018-05-27 11:44 2865136 ----a-w- c:\windows\system32\nvspcap64.dll
2018-12-06 10:15 . 2018-05-27 11:44 2265072 ----a-w- c:\windows\SysWow64\nvspcap.dll
2018-12-06 10:15 . 2018-05-27 11:44 1323504 ----a-w- c:\windows\system32\NvRtmpStreamer64.dll
2018-12-06 09:20 . 2017-04-07 10:59 1951 ----a-w- c:\windows\NvTelemetryContainerRecovery.bat
2018-11-27 02:20 . 2018-01-05 11:31 239840 ----a-w- c:\windows\system32\drivers\aswHdsKe.sys
2018-11-19 16:28 . 2018-11-19 16:28 378584 ----a-w- c:\windows\system32\aswBoot.exe
2018-11-19 16:28 . 2017-11-16 10:55 201240 ----a-w- c:\windows\system32\drivers\aswArPot.sys
2018-11-19 16:28 . 2015-05-09 17:08 87432 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2018-11-19 16:28 . 2015-05-09 17:08 469272 ----a-w- c:\windows\system32\drivers\aswSP.sys
2018-11-19 16:28 . 2015-05-09 17:08 46384 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2018-11-19 16:28 . 2015-05-09 17:08 380464 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2018-11-19 16:28 . 2015-05-09 17:08 208472 ----a-w- c:\windows\system32\drivers\aswStm.sys
2018-11-19 16:28 . 2015-05-09 17:08 163208 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2018-11-19 16:28 . 2015-05-09 17:08 111800 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2018-11-19 16:28 . 2018-10-21 09:41 42288 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2018-11-19 16:28 . 2015-05-09 17:08 1028680 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2018-11-19 16:28 . 2017-03-07 01:54 59496 ----a-w- c:\windows\system32\drivers\aswbuniva.sys
2018-11-19 16:28 . 2017-03-07 01:54 346592 ----a-w- c:\windows\system32\drivers\aswbloga.sys
2018-11-19 16:28 . 2017-03-07 01:54 230344 ----a-w- c:\windows\system32\drivers\aswbidsdrivera.sys
2018-11-19 16:28 . 2017-03-07 01:54 201768 ----a-w- c:\windows\system32\drivers\aswbidsha.sys
2018-11-16 15:46 . 2018-11-28 10:04 1468192 ----a-w- c:\windows\system32\nvdispgenco6441701.dll
2018-11-16 15:46 . 2018-11-28 10:04 2017536 ----a-w- c:\windows\system32\nvdispco6441701.dll
2018-11-15 23:24 . 2015-05-09 18:40 5338424 ----a-w- c:\windows\system32\nvcpl.dll
2018-11-15 23:24 . 2015-05-09 18:40 2620272 ----a-w- c:\windows\system32\nvsvc64.dll
2018-11-15 23:24 . 2015-12-22 15:22 82984 ----a-w- c:\windows\system32\nv3dappshextr.dll
2018-11-15 23:24 . 2015-12-22 15:22 651064 ----a-w- c:\windows\system32\nv3dappshext.dll
2018-11-15 23:24 . 2015-05-09 18:40 450416 ----a-w- c:\windows\system32\nvmctray.dll
2018-11-15 23:24 . 2015-05-09 18:40 1767736 ----a-w- c:\windows\system32\nvsvcr.dll
2018-11-15 23:24 . 2015-05-09 18:40 124784 ----a-w- c:\windows\system32\nvshext.dll
2018-11-14 05:56 . 2015-05-09 18:40 8416032 ----a-w- c:\windows\system32\nvcoproc.bin
2018-11-13 19:05 . 2018-11-16 11:02 1468032 ----a-w- c:\windows\system32\nvdispgenco6441694.dll
2018-11-13 19:05 . 2018-11-16 11:02 2017736 ----a-w- c:\windows\system32\nvdispco6441694.dll
2018-11-13 03:18 . 2018-11-16 11:02 47384 ----a-w- c:\windows\system32\nvhdap64.dll
2018-11-13 03:18 . 2018-11-16 11:02 227896 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2018-11-13 03:18 . 2017-01-04 14:26 1682896 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2018-11-11 16:58 . 2018-12-16 19:57 190464 ----a-w- c:\windows\system32\rpchttp.dll
2018-11-11 16:45 . 2018-12-16 19:57 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2018-11-11 16:44 . 2018-12-16 19:57 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2018-10-11 22:30 . 2018-10-14 20:40 1468456 ----a-w- c:\windows\system32\nvdispgenco6441634.dll
2018-10-11 22:30 . 2018-10-14 20:40 2017888 ----a-w- c:\windows\system32\nvdispco6441634.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-06-14 11:41 1741104 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-06-14 11:41 1741104 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-06-14 11:41 1741104 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2015-02-27 5583120]
"Plex Media Server"="g:\plex media server\Plex Media Server.exe" [2018-12-14 18666984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2018-10-06 601424]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Plex Media Server"="g:\plex media server\Plex Media Server.exe" [2018-12-14 18666984]
.
c:\users\PECHY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GIGABYTE XTREME GAMING ENGINE.lnk - c:\program files (x86)\GIGABYTE\XTREME GAMING ENGINE\autorun.exe /r [2017-3-10 172176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x]
R1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x]
R2 avast;Služba %1!s! Update (avast);c:\program files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe;c:\program files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 WsAppService;Wondershare Application Framework Service;c:\program files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe;c:\program files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe [x]
R3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe [x]
R3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 avastm;Služba %1!s! Update (avastm);c:\program files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe;c:\program files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ETDSMBus;ETDSMBus;c:\windows\system32\DRIVERS\ETDSMBus.sys;c:\windows\SYSNATIVE\DRIVERS\ETDSMBus.sys [x]
R3 GoogleChromeElevationService;Google Chrome Elevation Service;c:\program files (x86)\Google\Chrome\Application\71.0.3578.98\elevation_service.exe;c:\program files (x86)\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Ke2200;NDIS Miniport Driver for Killer e2201/e2202 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\e22w7x64.sys;c:\windows\SYSNATIVE\DRIVERS\e22w7x64.sys [x]
R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
R3 NvContainerNetworkService;NVIDIA NetworkService Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]
R3 NvStreamKms;NVIDIA KMS;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 EasyAntiCheat;EasyAntiCheat;c:\program files (x86)\EasyAntiCheat\EasyAntiCheat.exe;c:\program files (x86)\EasyAntiCheat\EasyAntiCheat.exe [x]
S0 aswbidsh;aswbidsh;c:\windows\system32\drivers\aswbidsha.sys;c:\windows\SYSNATIVE\drivers\aswbidsha.sys [x]
S0 aswblog;aswblog;c:\windows\system32\drivers\aswbloga.sys;c:\windows\SYSNATIVE\drivers\aswbloga.sys [x]
S0 aswbuniv;aswbuniv;c:\windows\system32\drivers\aswbuniva.sys;c:\windows\SYSNATIVE\drivers\aswbuniva.sys [x]
S0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys;c:\windows\SYSNATIVE\drivers\aswRvrt.sys [x]
S0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys;c:\windows\SYSNATIVE\drivers\aswVmm.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S1 aswArPot;aswArPot;c:\windows\system32\drivers\aswArPot.sys;c:\windows\SYSNATIVE\drivers\aswArPot.sys [x]
S1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdrivera.sys;c:\windows\SYSNATIVE\drivers\aswbidsdrivera.sys [x]
S1 aswHdsKe;aswHdsKe;c:\windows\system32\drivers\aswHdsKe.sys;c:\windows\SYSNATIVE\drivers\aswHdsKe.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 BfLwf;Killer Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys;c:\windows\SYSNATIVE\DRIVERS\bflwfx64.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Killer Service V2;Killer Service V2;c:\program files\Killer Networking\Network Manager\KillerService.exe;c:\program files\Killer Networking\Network Manager\KillerService.exe [x]
S2 NvContainerLocalSystem;NVIDIA LocalSystem Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]
S2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [x]
S2 NvTelemetryContainer;NVIDIA Telemetry Container;c:\program files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe;c:\program files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [x]
S2 PlexUpdateService;Plex Update Service;g:\plex media server\Plex Update Service.exe;g:\plex media server\Plex Update Service.exe [x]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 KillerEth;NDIS Miniport Driver for Killer PCI-E Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\e2xw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\e2xw7x64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 nvvhci;NVVHCI Enumerator Service;c:\windows\system32\DRIVERS\nvvhci.sys;c:\windows\SYSNATIVE\DRIVERS\nvvhci.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 XtuAcpiDriver;Intel(R) Extreme Tuning Utility Device Service;c:\windows\system32\DRIVERS\XtuAcpiDriver.sys;c:\windows\SYSNATIVE\DRIVERS\XtuAcpiDriver.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}]
2019-01-04 08:40 2569952 ----a-w- c:\program files (x86)\AVAST Software\Browser\Application\70.1.973.110\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-06-14 11:37 2348848 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-06-14 11:37 2348848 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-06-14 11:37 2348848 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2018-11-19 16:28 1847000 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2018-11-19 16:28 1847000 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2018-12-15 9270208]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2018-11-19 242392]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
TCP: DhcpNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{1d74549e-937e-4772-b801-e67975fd087a} - c:\programdata\Package Cache\{1d74549e-937e-4772-b801-e67975fd087a}\pms.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{c6c5a357-c7ca-4a5f-9789-3bb1af579253} - c:\programdata\Package Cache\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}\LauncherPrereqSetup_x64.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{cb7c3049-21de-415b-bd85-b65c14e547df} - c:\programdata\Package Cache\{cb7c3049-21de-415b-bd85-b65c14e547df}\VC_redist.x86.exe
AddRemove-{d6f233bd-3f8c-43f6-878b-07bd0568d595} - c:\programdata\Package Cache\{d6f233bd-3f8c-43f6-878b-07bd0568d595}\VC_redist.x64.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-50467274-3595313862-2648565765-1000\@*°p*]
@Allowed: (Read) (RestrictedCode)
"cl"=dword:00000003
.
[HKEY_USERS\S-1-5-21-50467274-3595313862-2648565765-1000\@*±p*]
@Allowed: (Read) (RestrictedCode)
"cl"=dword:00000003
.
[HKEY_USERS\S-1-5-21-50467274-3595313862-2648565765-1000\@*Íp*]
@Allowed: (Read) (RestrictedCode)
"cl"=dword:00000003
.
[HKEY_USERS\S-1-5-21-50467274-3595313862-2648565765-1000\@*Űp*]
@Allowed: (Read) (RestrictedCode)
"cl"=dword:00000003
.
[HKEY_USERS\S-1-5-21-50467274-3595313862-2648565765-1000\@*fr*]
@Allowed: (Read) (RestrictedCode)
"cl"=dword:00000003
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_32_0_0_101_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_32_0_0_101_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\AVAST Software\Avast\AvastUI.exe
g:\plex media server\PlexScriptHost.exe
g:\plex media server\Plex Tuner Service.exe
g:\plex media server\PlexScriptHost.exe
.
**************************************************************************
.
Celkový čas: 2019-01-04 10:06:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2019-01-04 09:06
ComboFix2.txt 2019-01-02 22:33
.
Před spuštěním: Volných bajtů: 19 341 783 040
Po spuštění: Volných bajtů: 18 920 480 768
.
- - End Of File - - 208508D8A256EDF911D4C977D343B982
A36C5E4F47E84449FF07ED3517B43A31

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 39704
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 04 led 2019 19:23

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.


ještě nový HJT.

co Memtest?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: CommonCrawl [Bot] a 10 hostů