Kontrola logu - zpomalený počítač Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: memphisto, Mods_senior, Security team

SidoniusPetram
nováček
Příspěvky: 15
Registrován: květen 19
Pohlaví: Muž

Re: Kontrola logu - zpomalený počítač

Příspěvekod SidoniusPetram » 22 kvě 2019 00:25

Pro jistotu sem hodím znovu zprávu z Adwclear. Ty dva se znovu objevují + přibylo něco dalšího.

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-04-29.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-22-2019
# Duration: 00:00:01
# OS: Windows 7 Professional
# Cleaned: 8
# Failed: 2


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKU\S-1-5-21-1762638149-875449985-1971150987-1006\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Deleted HKU\S-1-5-21-1762638149-875449985-1971150987-1006\Software\Goobzo
Deleted HKU\S-1-5-21-1762638149-875449985-1971150987-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKU\S-1-5-21-1762638149-875449985-1971150987-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted HKU\S-1-5-21-1762638149-875449985-1971150987-1021\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKU\S-1-5-21-1762638149-875449985-1971150987-1021\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted HKU\S-1-5-21-1762638149-875449985-1971150987-1022\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKU\S-1-5-21-1762638149-875449985-1971150987-1022\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Not Deleted HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
Not Deleted HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1508 octets] - [21/05/2019 19:58:42]
AdwCleaner[S01].txt - [1569 octets] - [21/05/2019 21:50:05]
AdwCleaner[C01].txt - [1697 octets] - [21/05/2019 21:50:44]
AdwCleaner[S02].txt - [2908 octets] - [22/05/2019 00:09:10]
AdwCleaner[S03].txt - [2969 octets] - [22/05/2019 00:18:42]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C03].txt ##########



Reklama
SidoniusPetram
nováček
Příspěvky: 15
Registrován: květen 19
Pohlaví: Muž

Re: Kontrola logu - zpomalený počítač

Příspěvekod SidoniusPetram » 22 kvě 2019 00:47

RogueKiller Anti-Malware V13.2.0.0 (x64) [May 14 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits
Started in : Normal mode
User : ZDENEK [Administrator]
Started from : C:\Users\ZDENEK\Desktop\RogueKiller_portable64.exe
Signatures : 20190521_110536, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2019/05/22 00:45:23 (Duration : 00:13:58)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.Popcorn (Potentially Malicious)] HKEY_USERS\S-1-5-21-1762638149-875449985-1971150987-1000\Software\Popcorn Time -- -> Deleted
[PUP.Popcorn (Potentially Malicious)] HKEY_USERS\S-1-5-21-1762638149-875449985-1971150987-1000\Software\PopcornTime -- -> Deleted
[PUP.Slimware (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Avast Driver Updater -- -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{7F207AB6-D04F-49BA-A5B2-44B575B7FB18} -- [%programdata%\BlueStacksGameManager\OBS\HD-OBS.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{22E34949-E359-4292-A51D-AC94216D9B46} -- [%programdata%\BlueStacksGameManager\OBS\HD-OBS.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{547B69A7-34FC-4954-8AA8-C5E2204FAA90} -- [%programdata%\BlueStacksGameManager\OBS\HD-OBS.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{00960A11-A78A-401B-B939-428CD4A038EE} -- [%programdata%\BlueStacksGameManager\OBS\HD-OBS.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{825F0545-06CF-48E0-98FB-7F2F9FE40EA3} -- [%programdata%\BlueStacksGameManager\OBS\HD-OBS.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{EC803957-EF88-4DF7-A515-ED819129004E} -- [%programdata%\BlueStacksGameManager\OBS\HD-OBS.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{7F207AB6-D04F-49BA-A5B2-44B575B7FB18} -- [%programdata%\BlueStacksGameManager\OBS\HD-OBS.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{547B69A7-34FC-4954-8AA8-C5E2204FAA90} -- [%programdata%\BlueStacksGameManager\OBS\HD-OBS.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{22E34949-E359-4292-A51D-AC94216D9B46} -- [%programdata%\BlueStacksGameManager\OBS\HD-OBS.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{00960A11-A78A-401B-B939-428CD4A038EE} -- [%programdata%\BlueStacksGameManager\OBS\HD-OBS.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{825F0545-06CF-48E0-98FB-7F2F9FE40EA3} -- [%programdata%\BlueStacksGameManager\OBS\HD-OBS.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{EC803957-EF88-4DF7-A515-ED819129004E} -- [%programdata%\BlueStacksGameManager\OBS\HD-OBS.exe] -> Deleted
[Adw.Softcnapp (Malicious)] Clover -- %localappdata%\Clover -> Deleted
[PUP.Popcorn (Potentially Malicious)] PopcornTimeDesktop -- %localappdata%\PopcornTimeDesktop -> Deleted

SidoniusPetram
nováček
Příspěvky: 15
Registrován: květen 19
Pohlaví: Muž

Re: Kontrola logu - zpomalený počítač

Příspěvekod SidoniusPetram » 22 kvě 2019 01:24

Zoek.exe v5.0.0.2 Updated 03-May-2018(Online Version)
Tool run by ZDENEK on st 22.05.2019 at 0:50:34,44.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\ZDENEK\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

22.5.2019 0:54:06 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Users\ZDENEK\AppData\Roaming\Samsung deleted successfully
C:\Users\Default\AppData\Local\Google deleted successfully
C:\Users\Maminka\AppData\Local\Google deleted successfully
C:\Users\Tata\AppData\Local\Google deleted successfully
C:\Users\Tata\AppData\Local\VirtualStore deleted successfully
C:\Users\ZDENEK\AppData\Local\Black_Tree_Gaming deleted successfully
C:\Users\ZDENEK\AppData\Local\Notepad++ deleted successfully
C:\Users\ZDENEK\AppData\Local\Razer deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1762638149-875449985-1971150987-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\ZDENEK\AppData\Roaming\Mozilla\Firefox\Profiles\kq73xhhf.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\ZDENEK\AppData\Roaming\Mozilla\Firefox\Profiles\kq73xhhf.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\PROGRA~3\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\ZDENEK\AppData\Local\cache deleted
"C:\Users\JIRKA\AppData\Local\AVAST Software\APM\kv_pam.db" not deleted
"C:\Users\Tata\AppData\Local\AVAST Software\APM\kv_pam.db" not deleted
"C:\Users\ZDENEK\AppData\Local\AVAST Software\APM\kv_pam.db" not deleted
"C:\Users\JIRKA\AppData\Local\AVAST Software" not deleted
"C:\Users\Tata\AppData\Local\AVAST Software" not deleted
"C:\Users\ZDENEK\AppData\Local\AVAST Software" not deleted
"C:\Users\JIRKA\AppData\Local\AVAST Software\APM" not deleted
"C:\Users\Tata\AppData\Local\AVAST Software\APM" not deleted
"C:\Users\ZDENEK\AppData\Local\AVAST Software\APM" not deleted

==== Orphaned Tasks deleted from Registry ======================

{09FF4C71-8BA8-40A2-99E5-322C1FB732E0} deleted
{49065A49-780A-4779-8F94-F6EE7C6E7E5A} deleted
{8BB98CEE-9A1B-497E-B085-87F0CF1D0750} deleted
{F38F528D-C592-428C-A0E4-1D0452214952} deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\ZDENEK\AppData\Roaming\Mozilla\Firefox\Profiles\kq73xhhf.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\ZDENEK\AppData\Roaming\Mozilla\Firefox\Profiles\kq73xhhf.default
- __MSG_avastAppName__ - %ProfilePath%\extensions\sp@avast.com.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\ZDENEK\AppData\Roaming\Mozilla\Firefox\Profiles\kq73xhhf.default
- C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll - [?]
- C:\Program Files\Java\jre1.8.0_181\bin\dtplugin\npdeployJava1.dll - [?]
F651A9401D130C314ED5B0C57909C4A0 - C:\Users\ZDENEK\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll - RocketLife Secure Plug-In Layer
- C:\Users\ZDENEK\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - [?]
- C:\Program Files x86\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll - [?]
81D6D6EE6226773449C5CBE9496EDAF6 - C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrlui.dll - Microsoft® Silverlight
FC18E6D133877BE07C753552705A5B8C - C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll - Silverlight Plug-In


==== Chromium Look ======================

Opera Browser Version: 48.0.2685.32
Opera Browser Version: 55.0.2994.44
Opera Browser Version: 55.0.2994.56
Opera Browser Version: 55.0.2994.61
Opera Browser Version: 56.0.3051.104
Opera Browser Version: 56.0.3051.116
Opera Browser Version: 56.0.3051.36
Opera Browser Version: 56.0.3051.43
Opera Browser Version: 56.0.3051.52
Opera Browser Version: 56.0.3051.99
Opera Browser Version: 57.0.3098.106
Opera Browser Version: 57.0.3098.116
Opera Browser Version: 58.0.3135.107
Opera Browser Version: 58.0.3135.118
Opera Browser Version: 58.0.3135.127
Opera Browser Version: 58.0.3135.132
Opera Browser Version: 58.0.3135.65
Opera Browser Version: 58.0.3135.68
Opera Browser Version: 58.0.3135.79
Opera Browser Version: 60.0.3255.84
Opera Browser Version: 60.0.3255.95

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eofcbnmajmjmplflapaojjnihcjkigck - No path found[]
gomekmidlodglbbmalcneegieacbdmki - No path found[]

Avast Online Security - JIRKA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Chrome Media Router - JIRKA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
Lyrics Here by Rob W - ZDENEK\Appdata\Roaming\Opera Software\Opera Stable\Extensions\lifkpflabnobkgbjpcmocmgcajlecbcp
undetermined - JIRKA\AppData\Local\Google\Chrome\User Data\Default\Extensions\HELP_DECRYPT.PNG

==== Chromium Fix ======================

C:\Users\ZDENEK\Appdata\Roaming\Opera Software\Opera Stable\Extensions\lifkpflabnobkgbjpcmocmgcajlecbcp deleted successfully
C:\Users\ZDENEK\Appdata\Roaming\Opera Software\Opera Stable\Local Extension Settings\lifkpflabnobkgbjpcmocmgcajlecbcp deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{13552D3B-38FC-4021-BF31-BB920428C6EF}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
HKCU\SearchScopes\{13552D3B-38FC-4021-BF31-BB920428C6EF} - http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1

==== Reset Google Chrome ======================

C:\Users\JIRKA\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\JIRKA\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\ZDENEK\AppData\Local\Popcorn-Time\User Data\Default\Preferences was reset successfully
C:\Users\ZDENEK\AppData\Local\Popcorn-Time\User Data\Default\Secure Preferences was reset successfully
C:\Users\JIRKA\Appdata\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\JIRKA\Appdata\Roaming\Opera Software\Opera Stable\Preferences.backup was reset successfully
C:\Users\JIRKA\Appdata\Roaming\Opera Software\Opera Stable\Secure Preferences was reset successfully
C:\Users\JIRKA\Appdata\Roaming\Opera Software\Opera Stable\Secure Preferences.backup was reset successfully
C:\Users\Maminka\Appdata\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\Maminka\Appdata\Roaming\Opera Software\Opera Stable\Preferences.backup was reset successfully
C:\Users\Maminka\Appdata\Roaming\Opera Software\Opera Stable\Secure Preferences was reset successfully
C:\Users\Maminka\Appdata\Roaming\Opera Software\Opera Stable\Secure Preferences.backup was reset successfully
C:\Users\Tata\Appdata\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\Tata\Appdata\Roaming\Opera Software\Opera Stable\Preferences.backup was reset successfully
C:\Users\Tata\Appdata\Roaming\Opera Software\Opera Stable\Secure Preferences was reset successfully
C:\Users\Tata\Appdata\Roaming\Opera Software\Opera Stable\Secure Preferences.backup was reset successfully
C:\Users\ZDENEK\Appdata\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\ZDENEK\Appdata\Roaming\Opera Software\Opera Stable\Preferences.backup was reset successfully
C:\Users\ZDENEK\Appdata\Roaming\Opera Software\Opera Stable\Secure Preferences was reset successfully
C:\Users\ZDENEK\Appdata\Roaming\Opera Software\Opera Stable\Secure Preferences.backup was reset successfully
C:\Users\JIRKA\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\JIRKA\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\ZDENEK\AppData\Local\Popcorn-Time\User Data\Default\Web Data was reset successfully
C:\Users\ZDENEK\AppData\Local\Popcorn-Time\User Data\Default\Web Data-journal was reset successfully
C:\Users\JIRKA\Appdata\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
C:\Users\JIRKA\Appdata\Roaming\Opera Software\Opera Stable\Web Data-journal was reset successfully
C:\Users\Maminka\Appdata\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
C:\Users\Maminka\Appdata\Roaming\Opera Software\Opera Stable\Web Data-journal was reset successfully
C:\Users\Tata\Appdata\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
C:\Users\Tata\Appdata\Roaming\Opera Software\Opera Stable\Web Data-journal was reset successfully
C:\Users\ZDENEK\Appdata\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
C:\Users\ZDENEK\Appdata\Roaming\Opera Software\Opera Stable\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AllShareAgent deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Smart Cleaning deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZAM deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\ZDENEK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\JIRKA\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Maminka\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Tata\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\ZDENEK\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\JIRKA\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\ZDENEK\AppData\Local\Popcorn-Time\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=278 folders=56 73065039 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\JIRKA\AppData\Local\temp emptied successfully
C:\Users\Maminka\AppData\Local\temp emptied successfully
C:\Users\Tata\AppData\Local\temp emptied successfully
C:\Users\ZDENEK\AppData\Local\Temp will be emptied at reboot
C:\Users\PRZDNS~1\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\ZDENEK\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\JIRKA\AppData\Local\AVAST Software\APM\kv_pam.db" not found
"C:\Users\Tata\AppData\Local\AVAST Software\APM\kv_pam.db" not found
"C:\Users\ZDENEK\AppData\Local\AVAST Software\APM\kv_pam.db" not found
"C:\Users\JIRKA\AppData\Local\AVAST Software" not found
"C:\Users\Tata\AppData\Local\AVAST Software" not found
"C:\Users\ZDENEK\AppData\Local\AVAST Software" not found

==== EOF on st 22.05.2019 at 1:20:51,68 ======================

SidoniusPetram
nováček
Příspěvky: 15
Registrován: květen 19
Pohlaví: Muž

Re: Kontrola logu - zpomalený počítač

Příspěvekod SidoniusPetram » 22 kvě 2019 01:41

ComboFix 18-08-08.01 - ZDENEK 22.05.2019 1:28.1.6 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8190.5775 [GMT 2:00]
Spuštěný z: c:\users\ZDENEK\Desktop\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2019-04-21 do 2019-05-21 )))))))))))))))))))))))))))))))
.
.
2019-05-21 23:38 . 2019-05-21 23:38 -------- d-----w- c:\users\Tata\AppData\Local\temp
2019-05-21 23:18 . 2014-02-13 21:59 24064 ----a-w- c:\windows\zoek-delete.exe
2019-05-21 23:18 . 2019-05-21 23:38 -------- d-----w- c:\users\ZDENEK\AppData\Local\Temp
2019-05-21 22:50 . 2019-05-21 23:15 -------- d-----w- C:\zoek_backup
2019-05-21 20:02 . 2019-05-21 20:02 -------- d-----w- c:\program files (x86)\Sophos
2019-05-21 18:00 . 2019-01-08 13:32 153328 ----a-w- c:\windows\system32\drivers\mbae64.sys
2019-05-21 17:57 . 2019-05-21 19:50 -------- d-----w- C:\AdwCleaner
2019-05-20 21:43 . 2019-05-20 21:43 -------- d-----w- c:\users\ZDENEK\AppData\Local\mbamtray
2019-05-06 19:45 . 2019-05-06 19:45 34784 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
2019-05-06 18:24 . 2019-05-06 18:24 223440 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
2019-05-06 16:32 . 2019-05-06 16:32 492648 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
2019-04-25 05:50 . 2019-04-25 05:50 362888 ----a-w- c:\windows\system32\aswBoot.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2019-05-21 23:18 . 2016-10-13 19:40 65536 ----a-w- c:\windows\system32\spu_storage.bin
2019-05-14 20:41 . 2015-12-22 23:04 842296 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2019-05-14 20:41 . 2015-12-22 23:04 175160 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2019-05-11 07:50 . 2015-01-25 15:30 4586016 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2019-05-05 15:29 . 2019-01-24 15:40 62223112 ----a-w- c:\users\Maminka\AppData\Roaming\Microsoft\Skype for Desktop\Skype-Setup.exe
2019-04-25 05:51 . 2018-09-14 20:46 385848 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2019-04-25 05:51 . 2018-09-14 20:46 476776 ----a-w- c:\windows\system32\drivers\aswSP.sys
2019-04-25 05:50 . 2018-09-14 20:46 220640 ----a-w- c:\windows\system32\drivers\aswStm.sys
2019-04-25 05:50 . 2019-02-16 22:34 257832 ----a-w- c:\windows\system32\drivers\aswHdsKe.sys
2019-04-25 05:50 . 2018-10-19 21:33 42288 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2019-04-25 05:50 . 2018-09-14 20:46 88160 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2019-04-25 05:50 . 2018-09-14 20:46 166848 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2019-04-25 05:50 . 2018-09-14 20:46 112520 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2019-04-25 05:50 . 2019-01-16 15:31 37104 ----a-w- c:\windows\system32\drivers\aswArDisk.sys
2019-04-25 05:50 . 2018-09-14 20:46 205400 ----a-w- c:\windows\system32\drivers\aswArPot.sys
2019-04-25 05:50 . 2018-09-14 20:46 1031000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2019-04-25 05:50 . 2019-01-20 18:24 254128 ----a-w- c:\windows\system32\drivers\aswbidsdriver.sys
2019-04-25 05:50 . 2019-01-16 15:31 57888 ----a-w- c:\windows\system32\drivers\aswbuniv.sys
2019-04-25 05:50 . 2019-01-16 15:31 320624 ----a-w- c:\windows\system32\drivers\aswblog.sys
2019-04-25 05:50 . 2019-01-16 15:31 196000 ----a-w- c:\windows\system32\drivers\aswbidsh.sys
2019-04-17 06:55 . 2015-01-19 16:36 110968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2019-04-16 03:43 . 2019-04-16 03:43 1578376 ----a-w- c:\windows\system32\coinst_18.50.dll
2019-04-16 03:42 . 2019-04-16 03:42 3730312 ----a-w- c:\windows\system32\amfrt64.dll
2019-04-16 03:42 . 2019-04-16 03:42 3358088 ----a-w- c:\windows\SysWow64\amfrt32.dll
2019-04-16 03:42 . 2019-04-16 03:42 22015368 ----a-w- c:\windows\system32\amdxc64.dll
2019-04-16 03:42 . 2019-04-16 03:42 18852232 ----a-w- c:\windows\SysWow64\amdxc32.dll
2019-04-16 03:42 . 2019-04-16 03:42 543624 ----a-w- c:\windows\system32\amdmcl64.dll
2019-04-16 03:42 . 2019-04-16 03:42 373640 ----a-w- c:\windows\SysWow64\amdmcl32.dll
2019-04-16 03:31 . 2019-04-16 03:31 156440 ----a-w- c:\windows\system32\amduve64.dll
2019-04-16 03:31 . 2019-04-16 03:31 134280 ----a-w- c:\windows\SysWow64\amduve32.dll
2019-04-16 03:31 . 2019-04-16 03:31 12253584 ----a-w- c:\windows\SysWow64\atiumdva.dll
2019-04-16 03:31 . 2019-04-16 03:31 12890112 ----a-w- c:\windows\system32\atiumd6a.dll
2019-04-16 03:30 . 2019-04-16 03:30 117072 ----a-w- c:\windows\system32\atimpc64.dll
2019-04-16 03:30 . 2019-04-16 03:30 117072 ----a-w- c:\windows\system32\amdpcom64.dll
2019-04-16 03:30 . 2019-04-16 03:30 96424 ----a-w- c:\windows\SysWow64\atimpc32.dll
2019-04-16 03:30 . 2019-04-16 03:30 96424 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2019-04-16 03:30 . 2019-04-16 03:30 178872 ----a-w- c:\windows\system32\amdhcp64.dll
2019-04-16 03:30 . 2019-04-16 03:30 156200 ----a-w- c:\windows\SysWow64\amdhcp32.dll
2019-04-16 03:30 . 2019-04-16 03:30 123240 ----a-w- c:\windows\system32\amdave64.dll
2019-04-16 03:30 . 2019-04-16 03:30 108296 ----a-w- c:\windows\SysWow64\amdave32.dll
2019-04-16 03:30 . 2019-04-16 03:30 149384 ----a-w- c:\windows\system32\atisamu64.dll
2019-04-16 03:30 . 2019-04-16 03:30 126344 ----a-w- c:\windows\SysWow64\atisamu32.dll
2019-04-16 03:30 . 2019-04-16 03:30 52879752 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2019-04-16 03:30 . 2019-04-16 03:30 60296 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2019-04-16 03:29 . 2019-04-16 03:29 17447304 ----a-w- c:\windows\system32\amdvlk64.dll
2019-04-16 03:29 . 2019-04-16 03:29 15186824 ----a-w- c:\windows\SysWow64\amdvlk32.dll
2019-04-16 03:29 . 2019-04-16 03:29 139144 ----a-w- c:\windows\system32\amdmmcl6.dll
2019-04-16 03:29 . 2019-04-16 03:29 117128 ----a-w- c:\windows\SysWow64\amdmmcl.dll
2019-04-16 03:28 . 2019-01-27 16:45 1941448 ----a-w- c:\windows\system32\aticfx64.dll
2019-04-16 03:28 . 2019-04-16 03:28 1581400 ----a-w- c:\windows\SysWow64\aticfx32.dll
2019-04-16 03:28 . 2019-04-16 03:28 32467848 ----a-w- c:\windows\SysWow64\atioglxx.dll
2019-04-16 03:28 . 2019-04-16 03:28 39767432 ----a-w- c:\windows\system32\atio6axx.dll
2019-04-16 03:28 . 2019-01-27 16:45 17378304 ----a-w- c:\windows\system32\atidxx64.dll
2019-04-16 03:28 . 2019-04-16 03:28 14575680 ----a-w- c:\windows\SysWow64\atidxx32.dll
2019-04-16 03:28 . 2019-04-16 03:28 36744 ----a-w- c:\windows\system32\RapidFireServer64.dll
2019-04-16 03:28 . 2019-04-16 03:28 33672 ----a-w- c:\windows\SysWow64\RapidFireServer.dll
2019-04-16 03:28 . 2019-04-16 03:28 561544 ----a-w- c:\windows\system32\Rapidfire64.dll
2019-04-16 03:28 . 2019-04-16 03:28 472456 ----a-w- c:\windows\SysWow64\Rapidfire.dll
2019-04-16 03:28 . 2019-04-16 03:28 153480 ----a-w- c:\windows\system32\mantleaxl64.dll
2019-04-16 03:28 . 2019-04-16 03:28 128392 ----a-w- c:\windows\SysWow64\mantleaxl32.dll
2019-04-16 03:28 . 2019-04-16 03:28 174472 ----a-w- c:\windows\system32\mantle64.dll
2019-04-16 03:27 . 2019-04-16 03:27 142728 ----a-w- c:\windows\SysWow64\mantle32.dll
2019-04-16 03:27 . 2019-04-16 03:27 349064 ----a-w- c:\windows\system32\ATIODE.exe
2019-04-16 03:27 . 2019-04-16 03:27 67464 ----a-w- c:\windows\system32\ATIODCLI.exe
2019-04-16 03:27 . 2019-04-16 03:27 15761288 ----a-w- c:\windows\system32\amdmantle64.dll
2019-04-16 03:27 . 2019-04-16 03:27 331656 ----a-w- c:\windows\system32\clinfo.exe
2019-04-16 03:27 . 2019-04-16 03:27 168328 ----a-w- c:\windows\system32\OpenCL.dll
2019-04-16 03:27 . 2019-04-16 03:27 144776 ----a-w- c:\windows\SysWow64\OpenCL.dll
2019-04-16 03:27 . 2019-04-16 03:27 13332360 ----a-w- c:\windows\SysWow64\amdmantle32.dll
2019-04-16 03:27 . 2019-04-16 03:27 913288 ----a-w- c:\windows\system32\amdlvr64.dll
2019-04-16 03:27 . 2019-04-16 03:27 743304 ----a-w- c:\windows\SysWow64\amdlvr32.dll
2019-04-16 03:26 . 2019-04-16 03:26 56424328 ----a-w- c:\windows\system32\amdocl64.dll
2019-04-16 03:26 . 2019-04-16 03:26 26476936 ----a-w- c:\windows\system32\amdocl12cl64.dll
2019-04-16 03:26 . 2019-04-16 03:26 21245832 ----a-w- c:\windows\SysWow64\amdocl12cl.dll
2019-04-16 03:25 . 2019-04-16 03:25 46296968 ----a-w- c:\windows\SysWow64\amdocl.dll
2019-04-16 03:23 . 2019-04-16 03:23 9936 ----a-w- c:\windows\SysWow64\detoured.dll
2019-04-16 03:23 . 2019-04-16 03:23 9936 ----a-w- c:\windows\system32\detoured.dll
2019-04-16 03:23 . 2019-04-16 03:23 172656 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2019-04-16 03:23 . 2019-01-27 16:45 206664 ----a-w- c:\windows\system32\atiuxp64.dll
2019-04-16 03:23 . 2019-04-16 03:23 11063352 ----a-w- c:\windows\SysWow64\atiumdag.dll
2019-04-16 03:23 . 2019-04-16 03:23 13733664 ----a-w- c:\windows\system32\atiumd64.dll
2019-04-16 03:23 . 2019-04-16 03:23 155176 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2019-04-16 03:23 . 2019-04-16 03:23 190696 ----a-w- c:\windows\system32\atiu9p64.dll
2019-04-16 03:23 . 2019-04-16 03:23 470920 ----a-w- c:\windows\system32\GameManager64.dll
2019-04-16 03:23 . 2019-04-16 03:23 373128 ----a-w- c:\windows\SysWow64\GameManager32.dll
2019-04-16 03:22 . 2019-04-16 03:22 483208 ----a-w- c:\windows\system32\dgtrayicon.exe
2019-04-16 03:22 . 2019-04-16 03:22 493448 ----a-w- c:\windows\system32\atitmm64.dll
2019-04-16 03:22 . 2019-04-16 03:22 581512 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2019-04-16 03:22 . 2019-04-16 03:22 115592 ----a-w- c:\windows\system32\atimuixx.dll
2019-04-16 03:22 . 2019-04-16 03:22 135048 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2019-04-16 03:22 . 2019-04-16 03:22 135048 ----a-w- c:\windows\system32\atiglpxx.dll
2019-04-16 03:22 . 2019-04-16 03:22 202120 ----a-w- c:\windows\SysWow64\atigktxx.dll
2019-04-16 03:22 . 2019-04-16 03:22 230792 ----a-w- c:\windows\system32\atig6txx.dll
2019-04-16 03:22 . 2019-04-16 03:22 159624 ----a-w- c:\windows\system32\atig6pxx.dll
2019-04-16 03:22 . 2019-04-16 03:22 499592 ----a-w- c:\windows\system32\atiesrxx.exe
2019-04-16 03:22 . 2019-04-16 03:22 749960 ----a-w- c:\windows\system32\atieclxx.exe
2019-04-16 03:22 . 2019-04-16 03:22 430472 ----a-w- c:\windows\system32\atieah64.exe
2019-04-16 03:22 . 2019-04-16 03:22 343944 ----a-w- c:\windows\SysWow64\atieah32.exe
2019-04-16 03:22 . 2019-04-16 03:22 458632 ----a-w- c:\windows\system32\atidemgy.dll
2019-04-16 03:22 . 2019-04-16 03:22 1201032 ----a-w- c:\windows\SysWow64\atiadlxy.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2019-05-12 09:34 1286240 ----a-w- c:\users\ZDENEK\AppData\Local\Microsoft\OneDrive\19.062.0331.0006\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2019-05-12 09:34 1286240 ----a-w- c:\users\ZDENEK\AppData\Local\Microsoft\OneDrive\19.062.0331.0006\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2019-05-12 09:34 1286240 ----a-w- c:\users\ZDENEK\AppData\Local\Microsoft\OneDrive\19.062.0331.0006\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2019-05-12 09:34 1286240 ----a-w- c:\users\ZDENEK\AppData\Local\Microsoft\OneDrive\19.062.0331.0006\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2019-05-12 09:34 1286240 ----a-w- c:\users\ZDENEK\AppData\Local\Microsoft\OneDrive\19.062.0331.0006\FileSyncShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wargaming.net Game Center"="c:\programdata\Wargaming.net\GameCenter\wgc.exe" [2019-05-15 2541944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2019-04-01 645456]
.
c:\users\Maminka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Poslat do aplikace OneNote.lnk - c:\program files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE /tsr [2017-10-17 179184]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *????????? ????????
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"VICTORY Gaming Keyboard"="c:\program files (x86)\Gaming Keyboard\Monitor.exe"
"DeathTaker"=c:\program files (x86)\Genius\DeathTaker\mousehid.exe
.
R1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x]
R1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x]
R2 AODDriver4.2;AODDriver4.2;c:\program files (x86)\GIGABYTE\ET6\amd64\AODDriver2.sys;c:\program files (x86)\GIGABYTE\ET6\amd64\AODDriver2.sys [x]
R2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe;c:\windows\SysWOW64\ASGT.exe [x]
R2 avast;Služba %1!s! Update (avast);c:\program files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe;c:\program files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\aswidsagent.exe;c:\program files\AVAST Software\Avast\aswidsagent.exe [x]
R3 avastm;Služba %1!s! Update (avastm);c:\program files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe;c:\program files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 BRDriver64_1_3_3_E02B25FC;BRDriver64_1_3_3_E02B25FC;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [x]
R3 BRSptStub;BitRaider Mini-Support Service Stub Loader;c:\programdata\BitRaider\BRSptStub.exe;c:\programdata\BitRaider\BRSptStub.exe [x]
R3 CorsairVBusDriver;Corsair Bus;c:\windows\system32\DRIVERS\CorsairVBusDriver.sys;c:\windows\SYSNATIVE\DRIVERS\CorsairVBusDriver.sys [x]
R3 CorsairVHidDriver;Corsair virtual device;c:\windows\system32\DRIVERS\CorsairVHidDriver.sys;c:\windows\SYSNATIVE\DRIVERS\CorsairVHidDriver.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\program files (x86)\EasyAntiCheat\EasyAntiCheat.exe;c:\program files (x86)\EasyAntiCheat\EasyAntiCheat.exe [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 ew_usbccgpfilter;HwHandSet_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbccgpfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbccgpfilter.sys [x]
R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 HnGService;Heroes & Generals Service;c:\program files (x86)\Heroes & Generals\live\hngservice.exe;c:\program files (x86)\Heroes & Generals\live\hngservice.exe [x]
R3 HnGSteamService;Heroes & Generals Steam Service;c:\program files (x86)\Steam\steamapps\common\Heroes & Generals\hngservice.exe;c:\program files (x86)\Steam\steamapps\common\Heroes & Generals\hngservice.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 XSplit_Dummy;XSplit Stream Audio Renderer;c:\windows\system32\drivers\xspltspk.sys;c:\windows\SYSNATIVE\drivers\xspltspk.sys [x]
R4 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 amdide64;amdide64;c:\windows\system32\DRIVERS\amdide64.sys;c:\windows\SYSNATIVE\DRIVERS\amdide64.sys [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 aswArDisk;aswArDisk;c:\windows\system32\drivers\aswArDisk.sys;c:\windows\SYSNATIVE\drivers\aswArDisk.sys [x]
S0 aswbidsh;aswbidsh;c:\windows\system32\drivers\aswbidsh.sys;c:\windows\SYSNATIVE\drivers\aswbidsh.sys [x]
S0 aswblog;aswblog;c:\windows\system32\drivers\aswblog.sys;c:\windows\SYSNATIVE\drivers\aswblog.sys [x]
S0 aswbuniv;aswbuniv;c:\windows\system32\drivers\aswbuniv.sys;c:\windows\SYSNATIVE\drivers\aswbuniv.sys [x]
S0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys;c:\windows\SYSNATIVE\drivers\aswRvrt.sys [x]
S0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys;c:\windows\SYSNATIVE\drivers\aswVmm.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 aswArPot;aswArPot;c:\windows\system32\drivers\aswArPot.sys;c:\windows\SYSNATIVE\drivers\aswArPot.sys [x]
S1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdriver.sys;c:\windows\SYSNATIVE\drivers\aswbidsdriver.sys [x]
S1 aswHdsKe;aswHdsKe;c:\windows\system32\drivers\aswHdsKe.sys;c:\windows\SYSNATIVE\drivers\aswHdsKe.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.3.0;AODDriver4.3.0;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [x]
S2 AODDriver4.3;AODDriver4.3;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 AUEPLauncher;AMD User Experience Program Launcher;c:\program files\AMD\Performance Profile Client\AUEPLauncher.exe;c:\program files\AMD\Performance Profile Client\AUEPLauncher.exe [x]
S2 ClickToRunSvc;Služba Microsoft Office Klikni a spusť;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 FoxitReaderService;Foxit Reader Service;c:\program files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [x]
S2 HuaweiHiSuiteService64.exe;HuaweiHiSuiteService64.exe;c:\program files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe;c:\program files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [x]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C63x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C63x64.sys [x]
S3 VBAudioVACMME;VB-Audio Virtual Cable (WDM);c:\windows\system32\DRIVERS\vbaudio_cable64_win7.sys;c:\windows\SYSNATIVE\DRIVERS\vbaudio_cable64_win7.sys [x]
S4 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys;c:\windows\SYSNATIVE\drivers\IOMap64.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ESPROTECTIONDRIVER
*NewlyCreated* - MBAMPROTECTION
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBPROTECTION
*Deregistered* - ESProtectionDriver
*Deregistered* - MBAMProtection
*Deregistered* - MBAMSwissArmy
*Deregistered* - MBAMWebProtection
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2019-05-12 09:34 1463904 ----a-w- c:\users\ZDENEK\AppData\Local\Microsoft\OneDrive\19.062.0331.0006\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2019-05-12 09:34 1463904 ----a-w- c:\users\ZDENEK\AppData\Local\Microsoft\OneDrive\19.062.0331.0006\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2019-05-12 09:34 1463904 ----a-w- c:\users\ZDENEK\AppData\Local\Microsoft\OneDrive\19.062.0331.0006\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2019-05-12 09:34 1463904 ----a-w- c:\users\ZDENEK\AppData\Local\Microsoft\OneDrive\19.062.0331.0006\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2019-05-12 09:34 1463904 ----a-w- c:\users\ZDENEK\AppData\Local\Microsoft\OneDrive\19.062.0331.0006\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2019-04-25 05:50 1557384 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2019-04-30 18391120]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2007-12-10 323584]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2019-04-25 261000]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSOXMLMF.DLL
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-OODefragTray - c:\program files\OO Software\Defrag\oodtray.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-swtor_swtor - c:\program files (x86)\electronic arts\bioware\star wars - the old republic\BitRaider\bin\brwc.exe
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{80586c77-db42-44bb-bfc8-7aebbb220c00} - c:\programdata\Package Cache\{80586c77-db42-44bb-bfc8-7aebbb220c00}\VC_redist.x64.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{d992c12e-cab2-426f-bde3-fb8c53950b0d} - c:\programdata\Package Cache\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\VC_redist.x64.exe
AddRemove-{e2803110-78b3-4664-a479-3611a381656a} - c:\programdata\Package Cache\{e2803110-78b3-4664-a479-3611a381656a}\VC_redist.x86.exe
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1762638149-875449985-1971150987-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:f1,24,55,61,26,4a,53,c1,c5,66,15,f7,ea,37,43,89,d8,b0,90,b6,ba,e7,8d,
05,19,ea,78,f4,d7,34,f8,80,f4,d1,31,c2,56,59,5b,a6,5e,56,fc,6c,77,15,b3,03,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
.
[HKEY_USERS\S-1-5-21-1762638149-875449985-1971150987-1000\Software\SecuROM\License information*]
"datasecu"=hex:fe,4f,dd,1f,32,35,ee,ea,d2,5f,20,e3,fa,cc,f7,01,51,b3,c4,03,9b,
cf,fa,dd,a9,ed,42,d6,0e,5a,6f,35,d7,c8,8f,a2,5d,46,dd,7d,9c,25,69,88,cc,5a,\
"rkeysecu"=hex:b5,c9,e5,f9,35,0d,12,cd,ec,89,f0,74,71,cf,e1,9d
.
[HKEY_USERS\S-1-5-21-1762638149-875449985-1971150987-1000\Control Panel\Desktop*]
@Allowed: (Read) (RestrictedCode)
"WheelScrollLines"="7"
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG22.00.00.01PROFESSIONAL"="E91A3ADCE822EDFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6171C11EC38DE3DA2D97226D213B5559DB7CE019D40AA5C5D575E7D6A3B98086146723F097C467C520632F3530EB8C371642812D4F9B17F24FC1D7B996D27DBC81621DD293CECF4BA085F8E556620A3F3E997C69EF09517309296A3A414EC482B6DC3FC2A2A9AADEC144487A88194CF9FC1A7CAF06E89217E19A2675D36A3A9CB29E2A59549E10861DAEAE361C7FE3A459681BF88DDE339D8CAAE22C96833EB8E3C4B9359715D5A37A320DA73F6C643DDA0937904027EF0B1F8E8E85190876A7A2A8B34C4CF29EFAEC7F35ABA1F5AC3833010826671BA4B9A074401C06A0F77BF0D79AD0FE1E48430B6BC037625AB857429EC98979377BFCD6FF766C7033F57AD11AB5552FCB5CBC3F113A7C64230491481E42EE2281F3BA5BB80C6FBBF0F42B8797FB78AC8C46C179054D23403614069C674E577C1999DA10E1B83D4D479E57A99159418BFBE7D7D3C2140A8C73D121F95DF9CE844563A67994BB4AECD7E64AF5CCFDF43B3D3106CB2DFDFF045C45904A2AB5D2E6AC8D9BD285AA4CB8A22513A3E58BE334739247D46B8D641847E260BB5A3EAA4C067B890935051CDBBEB371D501A8F75F1A6B16E5F197DAFE2F3FA4C29D33A092BAB06EFCEFEEC3EEA67900239C660FC805920217532613690B14F01EB1075005D15E68F5CF7DF8A70A4D0B6AFD0751E1213D01C18F8C1B392C98C0802EEF9916227F2C7D412C2017C36DC2A0371C5121A969289E9A613E9C0D3936682C8D82718E5351565E964D811B48CF293A3FC7660ACADB5A038FD7FC866374019BC5713AF5F2E95CC5EC82705BC2CC9D7A9F9CC0323DA9306EEDF7FAB22BC6305AC7086AE20538EE091A46B046B7F0C5806517B6DCA48B97A50C8D63EA6613C19BFD098EEBA8AE7886B63848BE6393831814AC967F61960ED25FD59A819D25E3C5F59C620C6312C4196A3366F5483F51528E0660781E166677B753E682535816A399FEEC1DE170D9A03B72A56E07B8D4949C263B7462D4E01A25E1DCCF69E00B2BEEED4292180DC39E2A5ECBA3DB0EA277A55343A26F9BDE9B119F6FBC11A58B828C22003B0A415D42E28EDEA9B2A9F1B9230B3A18639FC6380382C6E39A72EB36FCEDB4A3330D0BAA02F810B33DF60A72F1D9F56CED0FBC5AC060571183848EDD076F6535443504AB75BE010C03F0660AF1D9893EC1C4C7817FE2A241CB511C750D34641C1F075F7B784294604A78DEFB76423E8CFE623FAE552AB7D8778973433347F8EAFC14B4BA6B4D84CBF7097132FD7AA3AEDF55ADE81E5FA449DD10F3A839A408A54B2FBE2512AD4933C62E91B44157B40BE7C70CC96D1EE96AA03CEF5903B85D569B2576C4557E5E4C4B96DECE46BC606BF2707"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\AVAST Software]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Alias]
@=""
"0"="ActionsPane Schema for Add-Ins"
.
Celkový čas: 2019-05-22 01:40:42
ComboFix-quarantined-files.txt 2019-05-21 23:40
.
Před spuštěním: Volných bajtů: 163 144 376 320
Po spuštění: Volných bajtů: 162 650 308 608
.
- - End Of File - - 8F87256D20A0AF2CD5E16D959643C962
A36C5E4F47E84449FF07ED3517B43A31

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 39709
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Kontrola logu - zpomalený počítač

Příspěvekod jaro3 » 22 kvě 2019 18:17

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

zkus ještě jednou adwcleaner.

+Vlož nový log z HJT + informuj o problémech
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

SidoniusPetram
nováček
Příspěvky: 15
Registrován: květen 19
Pohlaví: Muž

Re: Kontrola logu - zpomalený počítač

Příspěvekod SidoniusPetram » 22 kvě 2019 19:33

Kromě těch dvou klíčů v registru asi nic. Počítač zatím není zpomalený, ale to musí pár hodin běžet, takže pokud by něco nastalo, tak se ozvu. :)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:30:50, on 22.5.2019
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18739)
Boot mode: Normal

Running processes:
C:\Windows\Pixart\Pac7302\Monitor.exe
C:\Users\ZDENEK\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AODService - Unknown owner - C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: ASGT - Unknown owner - C:\Windows\SysWOW64\ASGT.exe
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: AMD User Experience Program Launcher (AUEPLauncher) - AMD - C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: BitRaider Mini-Support Service Stub Loader (BRSptStub) - BitRaider, LLC - C:\ProgramData\BitRaider\BRSptStub.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: Foxit Reader Service (FoxitReaderService) - Foxit Software Inc. - C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: Heroes & Generals Service (HnGService) - Reto-Moto ApS - C:\Program Files (x86)\Heroes & Generals\live\hngservice.exe
O23 - Service: Heroes & Generals Steam Service (HnGSteamService) - Reto-Moto ApS - C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngservice.exe
O23 - Service: HuaweiHiSuiteService64.exe - Unknown owner - C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Unknown owner - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 9664 bytes

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 39709
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Kontrola logu - zpomalený počítač

Příspěvekod jaro3 » 22 kvě 2019 19:39

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost


Stáhni si zde DelFix
Další odkazy:
https://toolslib.net/downloads/viewdownload/2-delfix/
http://ccm.net/download/download-24087-delfix
https://www.bleepingcomputer.com/download/delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7, 8 a10 musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt

Dej pak vědět.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

SidoniusPetram
nováček
Příspěvky: 15
Registrován: květen 19
Pohlaví: Muž

Re: Kontrola logu - zpomalený počítač

Příspěvekod SidoniusPetram » 22 kvě 2019 19:55

# DelFix v1.013 - Logfile created 22/05/2019 at 19:53:08
# Updated 17/04/2016 by Xplode
# Username : ZDENEK - ZDENEK-PC
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : C:\Users\ZDENEK\Desktop\AdwCleaner.exe
Deleted : C:\Users\ZDENEK\Desktop\AdwCleaner[C01].txt
Deleted : C:\Users\ZDENEK\Desktop\AdwCleaner[C03].txt
Deleted : C:\Users\ZDENEK\Desktop\AdwCleaner[S00].txt
Deleted : C:\Users\ZDENEK\Desktop\JRT.exe
Deleted : C:\Users\ZDENEK\Desktop\JRT.txt
Deleted : C:\Users\ZDENEK\Desktop\hijackthis.exe
Deleted : C:\Users\ZDENEK\Desktop\hijackthis.log
Deleted : C:\Users\ZDENEK\Desktop\RogueKiller_portable64.exe
Deleted : C:\Users\ZDENEK\Desktop\TFC.exe
Deleted : C:\Users\ZDENEK\Desktop\zoek-results.txt
Deleted : C:\Users\ZDENEK\Desktop\zoek.exe
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Cleaning system restore ...

Deleted : RP #702 [ComboFix created restore point | 05/22/2019 16:47:17]

New restore point created !

########## - EOF - ##########

SidoniusPetram
nováček
Příspěvky: 15
Registrován: květen 19
Pohlaví: Muž

Re: Kontrola logu - zpomalený počítač  Vyřešeno

Příspěvekod SidoniusPetram » 23 kvě 2019 22:57

Nezaznamenal jsem žádné zpomalení, tak snad už to bude v pohodě. Děkuji moc za vyřešení problému.


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: CommonCrawl [Bot] a 7 hostů