ComboFix 14-08-05.01 - kubikz 13.08.2014 14:20:05.2.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.2046.1098 [GMT 2:00]
Spuštěný z: c:\users\kubikz\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\kubikz\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\kubikz\AppData\Local\Temp\_MEI46402\_ctypes.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\_elementtree.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\_hashlib.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\_multiprocessing.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\_socket.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\_ssl.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\hashobjs_ext.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\pyexpat.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\pysqlite2._sqlite.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\python27.dll
c:\users\kubikz\AppData\Local\Temp\_MEI46402\pythoncom27.dll
c:\users\kubikz\AppData\Local\Temp\_MEI46402\PyWinTypes27.dll
c:\users\kubikz\AppData\Local\Temp\_MEI46402\select.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\unicodedata.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\win32api.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\win32com.shell.shell.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\win32crypt.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\win32event.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\win32file.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\win32gui.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\win32inet.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\win32pdh.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\win32pipe.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\win32process.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\win32profile.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\win32security.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\win32ts.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\windows._lib_cacheinvalidation.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\wx._animate.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\wx._controls_.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\wx._core_.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\wx._gdi_.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\wx._html2.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\wx._misc_.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\wx._windows_.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\wx._wizard.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\wxbase294u_net_vc90.dll
c:\users\kubikz\AppData\Local\Temp\_MEI46402\wxbase294u_vc90.dll
c:\users\kubikz\AppData\Local\Temp\_MEI46402\wxmsw294u_adv_vc90.dll
c:\users\kubikz\AppData\Local\Temp\_MEI46402\wxmsw294u_core_vc90.dll
c:\users\kubikz\AppData\Local\Temp\_MEI46402\wxmsw294u_html_vc90.dll
c:\users\kubikz\AppData\Local\Temp\_MEI46402\wxmsw294u_webview_vc90.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-07-13 do 2014-08-13 )))))))))))))))))))))))))))))))
.
.
2014-08-13 12:32 . 2014-08-13 12:32 -------- d-----w- c:\users\zak\AppData\Local\temp
2014-08-13 12:32 . 2014-08-13 12:32 -------- d-----w- c:\users\Kubík\AppData\Local\temp
2014-08-13 12:32 . 2014-08-13 12:32 -------- d-----w- c:\users\havelv\AppData\Local\temp
2014-08-13 12:32 . 2014-08-13 12:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-13 12:32 . 2014-08-13 12:32 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-08-10 03:23 . 2014-08-10 03:23 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2EA26109-5B42-4058-BDC9-78C7E6D6BBF0}\offreg.dll
2014-08-09 06:21 . 2014-07-02 03:11 8217224 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2EA26109-5B42-4058-BDC9-78C7E6D6BBF0}\mpengine.dll
2014-08-06 05:47 . 2014-08-06 05:47 -------- d-----w- c:\users\kubikz\AppData\Local\CrashDumps
2014-08-05 15:35 . 2014-08-05 15:35 -------- d-----w- c:\program files\Common Files\Java
2014-08-05 15:35 . 2014-08-05 15:35 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-08-05 11:16 . 2014-08-05 11:16 -------- d-----w- c:\users\kubikz\AppData\Local\VirtualStore
2014-08-05 10:44 . 2014-08-05 10:44 -------- d-----w- c:\windows\ERUNT
2014-08-04 18:41 . 2014-08-05 10:50 29160 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-08-04 18:41 . 2014-08-04 18:41 -------- d-----w- c:\programdata\RogueKiller
2014-08-04 18:32 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-08-04 17:37 . 2014-08-04 17:36 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-08-04 17:36 . 2014-08-04 17:36 43152 ----a-w- c:\windows\avastSS.scr
2014-07-31 19:10 . 2014-07-31 20:16 -------- d-----w- c:\programdata\BlueStacksSetup
2014-07-30 08:16 . 2014-07-02 17:39 609240 ----a-w- c:\windows\system32\nvStreaming.exe
2014-07-30 08:10 . 2014-07-02 20:54 907552 ----a-w- c:\windows\system32\nvdispgenco3234052.dll
2014-07-30 08:10 . 2014-07-02 20:54 907096 ----a-w- c:\windows\system32\NvIFR.dll
2014-07-30 08:10 . 2014-07-02 20:54 869152 ----a-w- c:\windows\system32\NvFBC.dll
2014-07-30 08:10 . 2014-07-02 20:54 24198088 ----a-w- c:\windows\system32\nvoglv32.dll
2014-07-30 08:10 . 2014-07-02 20:54 11283344 ----a-w- c:\windows\system32\nvopencl.dll
2014-07-30 08:10 . 2014-07-02 20:54 10681176 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-07-30 08:10 . 2014-07-02 20:54 1054552 ----a-w- c:\windows\system32\nvdispco3234052.dll
2014-07-30 08:10 . 2014-07-02 20:54 3988952 ----a-w- c:\windows\system32\nvcuvid.dll
2014-07-30 08:10 . 2014-07-02 20:54 15296456 ----a-w- c:\windows\system32\nvcompiler.dll
2014-07-30 08:10 . 2014-07-02 20:54 11222048 ----a-w- c:\windows\system32\nvcuda.dll
2014-07-14 15:06 . 2014-06-03 09:29 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2014-07-14 15:06 . 2014-06-03 09:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-14 15:06 . 2014-06-03 09:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2014-07-14 15:06 . 2014-06-03 09:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2014-07-14 15:02 . 2014-06-06 09:44 509440 ----a-w- c:\windows\system32\qedit.dll
2014-07-14 15:02 . 2014-05-30 06:36 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-07-14 15:02 . 2014-05-30 07:52 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-07-14 15:02 . 2014-05-30 07:52 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-07-14 15:02 . 2014-05-30 07:52 247808 ----a-w- c:\windows\system32\schannel.dll
2014-07-14 15:02 . 2014-05-30 07:52 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-07-14 15:02 . 2014-05-30 07:52 17408 ----a-w- c:\windows\system32\credssp.dll
2014-07-14 15:02 . 2014-05-30 07:52 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-07-14 15:02 . 2014-05-30 07:52 220160 ----a-w- c:\windows\system32\ncrypt.dll
2014-07-14 15:01 . 2014-06-05 14:26 1059840 ----a-w- c:\windows\system32\lsasrv.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-13 12:33 . 2013-08-28 07:47 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2014-08-04 19:01 . 2014-04-15 14:24 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-04 17:37 . 2013-08-20 17:46 414520 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-08-04 17:36 . 2014-01-12 21:04 71944 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-08-04 17:36 . 2013-08-20 17:46 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-08-04 17:36 . 2013-08-20 17:46 779536 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-08-04 17:36 . 2013-08-20 17:46 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-08-04 17:36 . 2013-08-20 17:46 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-08-04 17:36 . 2013-08-20 17:46 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-08-04 17:36 . 2013-08-20 17:46 276432 ----a-w- c:\windows\system32\aswBoot.exe
2014-08-04 16:39 . 2014-04-15 13:24 47360 ----a-w- c:\users\kubikz\AppData\Roaming\pcouffin.sys
2014-07-25 13:50 . 2014-06-03 05:45 1291280 ----a-w- c:\windows\system32\nvspbridge.dll
2014-07-25 13:50 . 2013-10-30 13:02 1126480 ----a-w- c:\windows\system32\nvspcap.dll
2014-07-14 15:00 . 2013-09-19 06:09 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-14 15:00 . 2013-09-19 06:09 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-02 20:54 . 2014-02-18 21:35 16122344 ----a-w- c:\windows\system32\nvwgf2um.dll
2014-07-02 20:54 . 2013-11-28 12:25 61728 ----a-w- c:\windows\system32\OpenCL.dll
2014-07-02 20:54 . 2013-11-28 12:22 14498552 ----a-w- c:\windows\system32\nvd3dum.dll
2014-07-02 20:54 . 2013-11-28 12:22 2814656 ----a-w- c:\windows\system32\nvapi.dll
2014-07-02 19:42 . 2013-11-28 12:26 4389848 ----a-w- c:\windows\system32\nvcpl.dll
2014-07-02 19:42 . 2013-11-28 12:26 3063256 ----a-w- c:\windows\system32\nvsvc.dll
2014-07-02 19:42 . 2013-11-28 12:26 62936 ----a-w- c:\windows\system32\nvshext.dll
2014-07-02 19:42 . 2013-11-28 12:26 670552 ----a-w- c:\windows\system32\nvvsvc.exe
2014-07-02 19:42 . 2013-11-28 12:26 377288 ----a-w- c:\windows\system32\nvmctray.dll
2014-07-02 19:42 . 2013-11-28 12:26 2556360 ----a-w- c:\windows\system32\nvsvcr.dll
2014-05-28 11:46 . 2014-05-28 11:46 11211264 ----a-w- c:\program files\Common Files\lpuninstall.exe
2014-05-20 02:39 . 2014-05-28 05:11 908744 ----a-w- c:\windows\system32\nvdispgenco3233788.dll
2014-05-20 02:39 . 2014-05-28 05:11 1056200 ----a-w- c:\windows\system32\nvdispco3233788.dll
2014-05-18 18:30 . 2013-08-28 09:05 4341760 ----a-w- c:\windows\system32\gppref.dll
2014-05-18 18:30 . 2013-08-28 09:05 2549760 ----a-w- c:\windows\system32\propshts.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-04 17:36 578240 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-06-27 12:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-06-27 12:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-06-27 12:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-06-27 12:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-06-27 12:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2014-06-27 24477056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-04 4085896]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2014-07-25 1126480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Install LastPass FF RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe -q -name=LastPass -ffuuid support@lastpass.com [2014-5-28 11211264]
Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid support@lastpass.com [2014-5-28 11211264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1973792643-2327440624-1214680277-1207\Scripts\Logon\0\0]
"Script"=\\s1\netlogon\ls-mapovani_K.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1973792643-2327440624-1214680277-1207\Scripts\Logon\1\0]
"Script"=\\s1\netlogon\ls-mapovani_T.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1973792643-2327440624-1214680277-1230\Scripts\Logon\0\0]
"Script"=\\s1\netlogon\ls-mapovani_K.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1973792643-2327440624-1214680277-1230\Scripts\Logon\1\0]
"Script"=\\s1\netlogon\ls-mapovani_S.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1973792643-2327440624-1214680277-1230\Scripts\Logon\2\0]
"Script"=\\s1\netlogon\ls-mapovani_I.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1973792643-2327440624-1214680277-1230\Scripts\Logon\3\0]
"Script"=\\s1\netlogon\ls-mapovani_V.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1973792643-2327440624-1214680277-1230\Scripts\Logon\4\0]
"Script"=\\s1\netlogon\ls-mapovani_Z.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1973792643-2327440624-1214680277-2375\Scripts\Logon\0\0]
"Script"=\\s1\netlogon\ls-mapovani_K.cmd
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ActivSDK Flash Extension.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ActivSDK Flash Extension.lnk
backup=c:\windows\pss\ActivSDK Flash Extension.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\20131121]
2013-11-23 17:17 180184 ----a-w- c:\program files\AVAST Software\Avast\Setup\emupdate\1bf365f4-a6cf-4686-bf74-d3aa5daa3e62.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoKMS]
2013-09-16 11:50 615936 ----a-w- c:\windows\AutoKMS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert]
2010-11-20 12:19 152064 ----a-w- c:\windows\System32\mqrt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
2014-07-25 13:51 2403104 ----a-w- c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 02:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShadowPlay]
2014-07-25 13:50 1126480 ----a-w- c:\windows\System32\nvspcap.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-07-25 10:29 256896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSO ConvertXtoDVD 5]
2013-10-12 01:15 141824 ----a-w- c:\windows\System32\wscript.exe
.
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys [2013-11-04 8192]
R3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [2013-11-04 7680]
R3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys [2013-11-04 15872]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-08-20 1343400]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-08-04 779536]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-08-04 414520]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [2012-05-10 21624]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-08-04 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-08-04 67824]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-08-04 71944]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-07-25 1720608]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-07-25 17536800]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-07-02 413128]
S2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-07-02 5037888]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-07-25 19232]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2014-03-31 34080]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-12 23:17 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-19 15:00]
.
2014-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-08-20 17:39]
.
2014-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-08-20 17:39]
.
.
------- Doplňkový sken -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: LastPass - file://c:\users\kubikz\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Vyplňování formulářů - file://c:\users\kubikz\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.83.8.10 10.83.9.10
FF - ProfilePath - c:\users\kubikz\AppData\Roaming\Mozilla\Firefox\Profiles\pwthnmfx.default\
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\conhost.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\TeamViewer\Version9\TeamViewer.exe
c:\program files\TeamViewer\Version9\tv_w32.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2014-08-13 14:38:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-08-13 12:38
ComboFix2.txt 2014-08-06 06:53
.
Před spuštěním: Volných bajtů: 417 395 904 512
Po spuštění: Volných bajtů: 417 085 759 488
.
- - End Of File - - 7781134BC6F84F639B86503029EC2C1B
A36C5E4F47E84449FF07ED3517B43A31
aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-08-13 14:40:18
-----------------------------
14:40:18.764 OS Version: Windows 6.1.7601 Service Pack 1
14:40:18.764 Number of processors: 4 586 0x203
14:40:18.764 ComputerName: PCA-ZASTUPCE UserName: kubikz
14:40:38.193 Initialize success
14:40:38.193 VM: initialized successfully
14:40:38.240 VM: Amd CPU BiosDisabled
14:40:49.790 VM: disk I/O nvstor.sys
14:40:54.021 AVAST engine defs: 14081203
14:41:02.513 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000067
14:41:02.513 Disk 0 Vendor: Hitachi_ GM4O Size: 476940MB BusType: 3
14:41:02.623 Disk 0 MBR read successfully
14:41:02.639 Disk 0 MBR scan
14:41:02.639 Disk 0 Windows 7 default MBR code
14:41:02.654 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:41:02.670 Disk 0 Boot: NTFS code=1
14:41:02.686 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
14:41:02.686 Disk 0 scanning sectors +976771072
14:41:02.764 Disk 0 scanning C:\Windows\system32\drivers
14:41:11.586 Service scanning
14:41:34.525 Modules scanning
14:41:54.252 Disk 0 trace - called modules:
14:41:54.268 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys
14:41:54.284 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85cecac8]
14:41:54.299 3 CLASSPNP.SYS[891c059e] -> nt!IofCallDriver -> [0x84cb5700]
14:41:54.299 5 ACPI.sys[88c193d4] -> nt!IofCallDriver -> \Device\00000067[0x855a6748]
14:41:55.052 AVAST engine scan C:\Windows
14:41:59.658 AVAST engine scan C:\Windows\system32
14:45:19.231 AVAST engine scan C:\Windows\system32\drivers
14:45:30.278 AVAST engine scan C:\Users\kubikz
14:54:43.003 AVAST engine scan C:\ProgramData
14:55:20.082 Scan finished successfully
14:56:43.251 Disk 0 MBR has been saved successfully to "C:\Users\kubikz\Desktop\MBR.dat"
14:56:43.266 The log file has been saved successfully to "C:\Users\kubikz\Desktop\aswMBR.txt"
Pomalý počítač, prosím o kontrolu Vyřešeno
Re: Pomalý počítač, prosím o kontrolu
MSI B75A-G43 + Intel Core i3-3225 + 8GB 1600MHz
------------------------------------------------------------
Lenovo ThinkPad Edgde E130 i3-3227U
------------------------------------------------------------
Lenovo ThinkPad Edgde E130 i3-3227U
-
Orcus
- člen Security týmu
-
Elite Level 10.5
- Příspěvky: 10645
- Registrován: duben 10
- Bydliště: Okolo rostou 3 růže =o)
- Pohlaví:
- Stav:
Offline
Re: Pomalý počítač, prosím o kontrolu
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
====================================================
Vyčisti systém CCleanerem
====================================================
Stáhni si zde DelFix
http://general-changelog-team.fr/fr/dow ... e/9-delfix
ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore) .
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci.
Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem. Jinak je zpráva zde:
v C: \ DelFix.txt
Co problémy? + nový log z HJT
Start-Spustit a zadej ComboFix /Uninstall
====================================================
Vyčisti systém CCleanerem
====================================================
Stáhni si zde DelFix
http://general-changelog-team.fr/fr/dow ... e/9-delfix
ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore) .
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci.
Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem. Jinak je zpráva zde:
v C: \ DelFix.txt
Co problémy? + nový log z HJT
Láska hřeje, ale uhlí je uhlí. 
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Re: Pomalý počítač, prosím o kontrolu
ComboFix 14-08-05.01 - kubikz 13.08.2014 14:20:05.2.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.2046.1098 [GMT 2:00]
Spuštěný z: c:\users\kubikz\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\kubikz\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\kubikz\AppData\Local\Temp\_MEI46402\_ctypes.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\_elementtree.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\_hashlib.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\_multiprocessing.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\_socket.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\_ssl.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\hashobjs_ext.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\pyexpat.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\pysqlite2._sqlite.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\python27.dll
c:\users\kubikz\AppData\Local\Temp\_MEI46402\pythoncom27.dll
c:\users\kubikz\AppData\Local\Temp\_MEI46402\PyWinTypes27.dll
c:\users\kubikz\AppData\Local\Temp\_MEI46402\select.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\unicodedata.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\win32api.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\win32com.shell.shell.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\win32crypt.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\win32event.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\win32file.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\win32gui.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\win32inet.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\win32pdh.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\win32pipe.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\win32process.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\win32profile.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\win32security.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\win32ts.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\windows._lib_cacheinvalidation.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\wx._animate.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\wx._controls_.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\wx._core_.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\wx._gdi_.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\wx._html2.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\wx._misc_.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\wx._windows_.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\wx._wizard.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\wxbase294u_net_vc90.dll
c:\users\kubikz\AppData\Local\Temp\_MEI46402\wxbase294u_vc90.dll
c:\users\kubikz\AppData\Local\Temp\_MEI46402\wxmsw294u_adv_vc90.dll
c:\users\kubikz\AppData\Local\Temp\_MEI46402\wxmsw294u_core_vc90.dll
c:\users\kubikz\AppData\Local\Temp\_MEI46402\wxmsw294u_html_vc90.dll
c:\users\kubikz\AppData\Local\Temp\_MEI46402\wxmsw294u_webview_vc90.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-07-13 do 2014-08-13 )))))))))))))))))))))))))))))))
.
.
2014-08-13 12:32 . 2014-08-13 12:32 -------- d-----w- c:\users\zak\AppData\Local\temp
2014-08-13 12:32 . 2014-08-13 12:32 -------- d-----w- c:\users\Kubík\AppData\Local\temp
2014-08-13 12:32 . 2014-08-13 12:32 -------- d-----w- c:\users\havelv\AppData\Local\temp
2014-08-13 12:32 . 2014-08-13 12:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-13 12:32 . 2014-08-13 12:32 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-08-10 03:23 . 2014-08-10 03:23 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2EA26109-5B42-4058-BDC9-78C7E6D6BBF0}\offreg.dll
2014-08-09 06:21 . 2014-07-02 03:11 8217224 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2EA26109-5B42-4058-BDC9-78C7E6D6BBF0}\mpengine.dll
2014-08-06 05:47 . 2014-08-06 05:47 -------- d-----w- c:\users\kubikz\AppData\Local\CrashDumps
2014-08-05 15:35 . 2014-08-05 15:35 -------- d-----w- c:\program files\Common Files\Java
2014-08-05 15:35 . 2014-08-05 15:35 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-08-05 11:16 . 2014-08-05 11:16 -------- d-----w- c:\users\kubikz\AppData\Local\VirtualStore
2014-08-05 10:44 . 2014-08-05 10:44 -------- d-----w- c:\windows\ERUNT
2014-08-04 18:41 . 2014-08-05 10:50 29160 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-08-04 18:41 . 2014-08-04 18:41 -------- d-----w- c:\programdata\RogueKiller
2014-08-04 18:32 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-08-04 17:37 . 2014-08-04 17:36 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-08-04 17:36 . 2014-08-04 17:36 43152 ----a-w- c:\windows\avastSS.scr
2014-07-31 19:10 . 2014-07-31 20:16 -------- d-----w- c:\programdata\BlueStacksSetup
2014-07-30 08:16 . 2014-07-02 17:39 609240 ----a-w- c:\windows\system32\nvStreaming.exe
2014-07-30 08:10 . 2014-07-02 20:54 907552 ----a-w- c:\windows\system32\nvdispgenco3234052.dll
2014-07-30 08:10 . 2014-07-02 20:54 907096 ----a-w- c:\windows\system32\NvIFR.dll
2014-07-30 08:10 . 2014-07-02 20:54 869152 ----a-w- c:\windows\system32\NvFBC.dll
2014-07-30 08:10 . 2014-07-02 20:54 24198088 ----a-w- c:\windows\system32\nvoglv32.dll
2014-07-30 08:10 . 2014-07-02 20:54 11283344 ----a-w- c:\windows\system32\nvopencl.dll
2014-07-30 08:10 . 2014-07-02 20:54 10681176 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-07-30 08:10 . 2014-07-02 20:54 1054552 ----a-w- c:\windows\system32\nvdispco3234052.dll
2014-07-30 08:10 . 2014-07-02 20:54 3988952 ----a-w- c:\windows\system32\nvcuvid.dll
2014-07-30 08:10 . 2014-07-02 20:54 15296456 ----a-w- c:\windows\system32\nvcompiler.dll
2014-07-30 08:10 . 2014-07-02 20:54 11222048 ----a-w- c:\windows\system32\nvcuda.dll
2014-07-14 15:06 . 2014-06-03 09:29 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2014-07-14 15:06 . 2014-06-03 09:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-14 15:06 . 2014-06-03 09:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2014-07-14 15:06 . 2014-06-03 09:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2014-07-14 15:02 . 2014-06-06 09:44 509440 ----a-w- c:\windows\system32\qedit.dll
2014-07-14 15:02 . 2014-05-30 06:36 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-07-14 15:02 . 2014-05-30 07:52 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-07-14 15:02 . 2014-05-30 07:52 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-07-14 15:02 . 2014-05-30 07:52 247808 ----a-w- c:\windows\system32\schannel.dll
2014-07-14 15:02 . 2014-05-30 07:52 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-07-14 15:02 . 2014-05-30 07:52 17408 ----a-w- c:\windows\system32\credssp.dll
2014-07-14 15:02 . 2014-05-30 07:52 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-07-14 15:02 . 2014-05-30 07:52 220160 ----a-w- c:\windows\system32\ncrypt.dll
2014-07-14 15:01 . 2014-06-05 14:26 1059840 ----a-w- c:\windows\system32\lsasrv.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-13 12:33 . 2013-08-28 07:47 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2014-08-04 19:01 . 2014-04-15 14:24 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-04 17:37 . 2013-08-20 17:46 414520 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-08-04 17:36 . 2014-01-12 21:04 71944 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-08-04 17:36 . 2013-08-20 17:46 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-08-04 17:36 . 2013-08-20 17:46 779536 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-08-04 17:36 . 2013-08-20 17:46 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-08-04 17:36 . 2013-08-20 17:46 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-08-04 17:36 . 2013-08-20 17:46 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-08-04 17:36 . 2013-08-20 17:46 276432 ----a-w- c:\windows\system32\aswBoot.exe
2014-08-04 16:39 . 2014-04-15 13:24 47360 ----a-w- c:\users\kubikz\AppData\Roaming\pcouffin.sys
2014-07-25 13:50 . 2014-06-03 05:45 1291280 ----a-w- c:\windows\system32\nvspbridge.dll
2014-07-25 13:50 . 2013-10-30 13:02 1126480 ----a-w- c:\windows\system32\nvspcap.dll
2014-07-14 15:00 . 2013-09-19 06:09 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-14 15:00 . 2013-09-19 06:09 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-02 20:54 . 2014-02-18 21:35 16122344 ----a-w- c:\windows\system32\nvwgf2um.dll
2014-07-02 20:54 . 2013-11-28 12:25 61728 ----a-w- c:\windows\system32\OpenCL.dll
2014-07-02 20:54 . 2013-11-28 12:22 14498552 ----a-w- c:\windows\system32\nvd3dum.dll
2014-07-02 20:54 . 2013-11-28 12:22 2814656 ----a-w- c:\windows\system32\nvapi.dll
2014-07-02 19:42 . 2013-11-28 12:26 4389848 ----a-w- c:\windows\system32\nvcpl.dll
2014-07-02 19:42 . 2013-11-28 12:26 3063256 ----a-w- c:\windows\system32\nvsvc.dll
2014-07-02 19:42 . 2013-11-28 12:26 62936 ----a-w- c:\windows\system32\nvshext.dll
2014-07-02 19:42 . 2013-11-28 12:26 670552 ----a-w- c:\windows\system32\nvvsvc.exe
2014-07-02 19:42 . 2013-11-28 12:26 377288 ----a-w- c:\windows\system32\nvmctray.dll
2014-07-02 19:42 . 2013-11-28 12:26 2556360 ----a-w- c:\windows\system32\nvsvcr.dll
2014-05-28 11:46 . 2014-05-28 11:46 11211264 ----a-w- c:\program files\Common Files\lpuninstall.exe
2014-05-20 02:39 . 2014-05-28 05:11 908744 ----a-w- c:\windows\system32\nvdispgenco3233788.dll
2014-05-20 02:39 . 2014-05-28 05:11 1056200 ----a-w- c:\windows\system32\nvdispco3233788.dll
2014-05-18 18:30 . 2013-08-28 09:05 4341760 ----a-w- c:\windows\system32\gppref.dll
2014-05-18 18:30 . 2013-08-28 09:05 2549760 ----a-w- c:\windows\system32\propshts.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-04 17:36 578240 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-06-27 12:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-06-27 12:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-06-27 12:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-06-27 12:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-06-27 12:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2014-06-27 24477056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-04 4085896]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2014-07-25 1126480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Install LastPass FF RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe -q -name=LastPass -ffuuid support@lastpass.com [2014-5-28 11211264]
Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid support@lastpass.com [2014-5-28 11211264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1973792643-2327440624-1214680277-1207\Scripts\Logon\0\0]
"Script"=\\s1\netlogon\ls-mapovani_K.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1973792643-2327440624-1214680277-1207\Scripts\Logon\1\0]
"Script"=\\s1\netlogon\ls-mapovani_T.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1973792643-2327440624-1214680277-1230\Scripts\Logon\0\0]
"Script"=\\s1\netlogon\ls-mapovani_K.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1973792643-2327440624-1214680277-1230\Scripts\Logon\1\0]
"Script"=\\s1\netlogon\ls-mapovani_S.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1973792643-2327440624-1214680277-1230\Scripts\Logon\2\0]
"Script"=\\s1\netlogon\ls-mapovani_I.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1973792643-2327440624-1214680277-1230\Scripts\Logon\3\0]
"Script"=\\s1\netlogon\ls-mapovani_V.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1973792643-2327440624-1214680277-1230\Scripts\Logon\4\0]
"Script"=\\s1\netlogon\ls-mapovani_Z.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1973792643-2327440624-1214680277-2375\Scripts\Logon\0\0]
"Script"=\\s1\netlogon\ls-mapovani_K.cmd
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ActivSDK Flash Extension.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ActivSDK Flash Extension.lnk
backup=c:\windows\pss\ActivSDK Flash Extension.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\20131121]
2013-11-23 17:17 180184 ----a-w- c:\program files\AVAST Software\Avast\Setup\emupdate\1bf365f4-a6cf-4686-bf74-d3aa5daa3e62.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoKMS]
2013-09-16 11:50 615936 ----a-w- c:\windows\AutoKMS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert]
2010-11-20 12:19 152064 ----a-w- c:\windows\System32\mqrt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
2014-07-25 13:51 2403104 ----a-w- c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 02:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShadowPlay]
2014-07-25 13:50 1126480 ----a-w- c:\windows\System32\nvspcap.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-07-25 10:29 256896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSO ConvertXtoDVD 5]
2013-10-12 01:15 141824 ----a-w- c:\windows\System32\wscript.exe
.
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys [2013-11-04 8192]
R3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [2013-11-04 7680]
R3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys [2013-11-04 15872]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-08-20 1343400]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-08-04 779536]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-08-04 414520]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [2012-05-10 21624]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-08-04 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-08-04 67824]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-08-04 71944]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-07-25 1720608]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-07-25 17536800]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-07-02 413128]
S2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-07-02 5037888]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-07-25 19232]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2014-03-31 34080]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-12 23:17 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-19 15:00]
.
2014-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-08-20 17:39]
.
2014-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-08-20 17:39]
.
.
------- Doplňkový sken -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: LastPass - file://c:\users\kubikz\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Vyplňování formulářů - file://c:\users\kubikz\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.83.8.10 10.83.9.10
FF - ProfilePath - c:\users\kubikz\AppData\Roaming\Mozilla\Firefox\Profiles\pwthnmfx.default\
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\conhost.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\TeamViewer\Version9\TeamViewer.exe
c:\program files\TeamViewer\Version9\tv_w32.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2014-08-13 14:38:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-08-13 12:38
ComboFix2.txt 2014-08-06 06:53
.
Před spuštěním: Volných bajtů: 417 395 904 512
Po spuštění: Volných bajtů: 417 085 759 488
.
- - End Of File - - 7781134BC6F84F639B86503029EC2C1B
A36C5E4F47E84449FF07ED3517B43A31
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:09:55, on 15.8.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16563)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\kubikz\Downloads\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
O4 - HKLM\..\Run: [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O4 - Global Startup: Install LastPass FF RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe
O4 - Global Startup: Install LastPass IE RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: LastPass - file://C:\Users\kubikz\AppData\LocalLow\LastPass\context.html?cmd=lastpass
O8 - Extra context menu item: LastPass Vyplňování formulářů - file://C:\Users\kubikz\AppData\LocalLow\LastPass\context.html?cmd=fillforms
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - (no file)
O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - (no file)
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = zskkho.local
O17 - HKLM\Software\..\Telephony: DomainName = zskkho.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = zskkho.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = zskkho.local
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
--
End of file - 5961 bytes
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.2046.1098 [GMT 2:00]
Spuštěný z: c:\users\kubikz\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\kubikz\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\kubikz\AppData\Local\Temp\_MEI46402\_ctypes.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\_elementtree.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\_hashlib.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\_multiprocessing.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\_socket.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\_ssl.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\hashobjs_ext.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\pyexpat.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\pysqlite2._sqlite.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\python27.dll
c:\users\kubikz\AppData\Local\Temp\_MEI46402\pythoncom27.dll
c:\users\kubikz\AppData\Local\Temp\_MEI46402\PyWinTypes27.dll
c:\users\kubikz\AppData\Local\Temp\_MEI46402\select.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\unicodedata.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\win32api.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\win32com.shell.shell.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\win32crypt.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\win32event.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\win32file.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\win32gui.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\win32inet.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\win32pdh.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\win32pipe.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\win32process.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\win32profile.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\win32security.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\win32ts.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\windows._lib_cacheinvalidation.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\wx._animate.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\wx._controls_.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\wx._core_.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\wx._gdi_.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\wx._html2.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\wx._misc_.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\wx._windows_.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\wx._wizard.pyd
c:\users\kubikz\AppData\Local\Temp\_MEI46402\wxbase294u_net_vc90.dll
c:\users\kubikz\AppData\Local\Temp\_MEI46402\wxbase294u_vc90.dll
c:\users\kubikz\AppData\Local\Temp\_MEI46402\wxmsw294u_adv_vc90.dll
c:\users\kubikz\AppData\Local\Temp\_MEI46402\wxmsw294u_core_vc90.dll
c:\users\kubikz\AppData\Local\Temp\_MEI46402\wxmsw294u_html_vc90.dll
c:\users\kubikz\AppData\Local\Temp\_MEI46402\wxmsw294u_webview_vc90.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-07-13 do 2014-08-13 )))))))))))))))))))))))))))))))
.
.
2014-08-13 12:32 . 2014-08-13 12:32 -------- d-----w- c:\users\zak\AppData\Local\temp
2014-08-13 12:32 . 2014-08-13 12:32 -------- d-----w- c:\users\Kubík\AppData\Local\temp
2014-08-13 12:32 . 2014-08-13 12:32 -------- d-----w- c:\users\havelv\AppData\Local\temp
2014-08-13 12:32 . 2014-08-13 12:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-13 12:32 . 2014-08-13 12:32 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-08-10 03:23 . 2014-08-10 03:23 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2EA26109-5B42-4058-BDC9-78C7E6D6BBF0}\offreg.dll
2014-08-09 06:21 . 2014-07-02 03:11 8217224 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2EA26109-5B42-4058-BDC9-78C7E6D6BBF0}\mpengine.dll
2014-08-06 05:47 . 2014-08-06 05:47 -------- d-----w- c:\users\kubikz\AppData\Local\CrashDumps
2014-08-05 15:35 . 2014-08-05 15:35 -------- d-----w- c:\program files\Common Files\Java
2014-08-05 15:35 . 2014-08-05 15:35 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-08-05 11:16 . 2014-08-05 11:16 -------- d-----w- c:\users\kubikz\AppData\Local\VirtualStore
2014-08-05 10:44 . 2014-08-05 10:44 -------- d-----w- c:\windows\ERUNT
2014-08-04 18:41 . 2014-08-05 10:50 29160 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-08-04 18:41 . 2014-08-04 18:41 -------- d-----w- c:\programdata\RogueKiller
2014-08-04 18:32 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-08-04 17:37 . 2014-08-04 17:36 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-08-04 17:36 . 2014-08-04 17:36 43152 ----a-w- c:\windows\avastSS.scr
2014-07-31 19:10 . 2014-07-31 20:16 -------- d-----w- c:\programdata\BlueStacksSetup
2014-07-30 08:16 . 2014-07-02 17:39 609240 ----a-w- c:\windows\system32\nvStreaming.exe
2014-07-30 08:10 . 2014-07-02 20:54 907552 ----a-w- c:\windows\system32\nvdispgenco3234052.dll
2014-07-30 08:10 . 2014-07-02 20:54 907096 ----a-w- c:\windows\system32\NvIFR.dll
2014-07-30 08:10 . 2014-07-02 20:54 869152 ----a-w- c:\windows\system32\NvFBC.dll
2014-07-30 08:10 . 2014-07-02 20:54 24198088 ----a-w- c:\windows\system32\nvoglv32.dll
2014-07-30 08:10 . 2014-07-02 20:54 11283344 ----a-w- c:\windows\system32\nvopencl.dll
2014-07-30 08:10 . 2014-07-02 20:54 10681176 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-07-30 08:10 . 2014-07-02 20:54 1054552 ----a-w- c:\windows\system32\nvdispco3234052.dll
2014-07-30 08:10 . 2014-07-02 20:54 3988952 ----a-w- c:\windows\system32\nvcuvid.dll
2014-07-30 08:10 . 2014-07-02 20:54 15296456 ----a-w- c:\windows\system32\nvcompiler.dll
2014-07-30 08:10 . 2014-07-02 20:54 11222048 ----a-w- c:\windows\system32\nvcuda.dll
2014-07-14 15:06 . 2014-06-03 09:29 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2014-07-14 15:06 . 2014-06-03 09:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-14 15:06 . 2014-06-03 09:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2014-07-14 15:06 . 2014-06-03 09:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2014-07-14 15:02 . 2014-06-06 09:44 509440 ----a-w- c:\windows\system32\qedit.dll
2014-07-14 15:02 . 2014-05-30 06:36 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-07-14 15:02 . 2014-05-30 07:52 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-07-14 15:02 . 2014-05-30 07:52 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-07-14 15:02 . 2014-05-30 07:52 247808 ----a-w- c:\windows\system32\schannel.dll
2014-07-14 15:02 . 2014-05-30 07:52 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-07-14 15:02 . 2014-05-30 07:52 17408 ----a-w- c:\windows\system32\credssp.dll
2014-07-14 15:02 . 2014-05-30 07:52 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-07-14 15:02 . 2014-05-30 07:52 220160 ----a-w- c:\windows\system32\ncrypt.dll
2014-07-14 15:01 . 2014-06-05 14:26 1059840 ----a-w- c:\windows\system32\lsasrv.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-13 12:33 . 2013-08-28 07:47 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2014-08-04 19:01 . 2014-04-15 14:24 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-04 17:37 . 2013-08-20 17:46 414520 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-08-04 17:36 . 2014-01-12 21:04 71944 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-08-04 17:36 . 2013-08-20 17:46 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-08-04 17:36 . 2013-08-20 17:46 779536 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-08-04 17:36 . 2013-08-20 17:46 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-08-04 17:36 . 2013-08-20 17:46 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-08-04 17:36 . 2013-08-20 17:46 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-08-04 17:36 . 2013-08-20 17:46 276432 ----a-w- c:\windows\system32\aswBoot.exe
2014-08-04 16:39 . 2014-04-15 13:24 47360 ----a-w- c:\users\kubikz\AppData\Roaming\pcouffin.sys
2014-07-25 13:50 . 2014-06-03 05:45 1291280 ----a-w- c:\windows\system32\nvspbridge.dll
2014-07-25 13:50 . 2013-10-30 13:02 1126480 ----a-w- c:\windows\system32\nvspcap.dll
2014-07-14 15:00 . 2013-09-19 06:09 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-14 15:00 . 2013-09-19 06:09 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-02 20:54 . 2014-02-18 21:35 16122344 ----a-w- c:\windows\system32\nvwgf2um.dll
2014-07-02 20:54 . 2013-11-28 12:25 61728 ----a-w- c:\windows\system32\OpenCL.dll
2014-07-02 20:54 . 2013-11-28 12:22 14498552 ----a-w- c:\windows\system32\nvd3dum.dll
2014-07-02 20:54 . 2013-11-28 12:22 2814656 ----a-w- c:\windows\system32\nvapi.dll
2014-07-02 19:42 . 2013-11-28 12:26 4389848 ----a-w- c:\windows\system32\nvcpl.dll
2014-07-02 19:42 . 2013-11-28 12:26 3063256 ----a-w- c:\windows\system32\nvsvc.dll
2014-07-02 19:42 . 2013-11-28 12:26 62936 ----a-w- c:\windows\system32\nvshext.dll
2014-07-02 19:42 . 2013-11-28 12:26 670552 ----a-w- c:\windows\system32\nvvsvc.exe
2014-07-02 19:42 . 2013-11-28 12:26 377288 ----a-w- c:\windows\system32\nvmctray.dll
2014-07-02 19:42 . 2013-11-28 12:26 2556360 ----a-w- c:\windows\system32\nvsvcr.dll
2014-05-28 11:46 . 2014-05-28 11:46 11211264 ----a-w- c:\program files\Common Files\lpuninstall.exe
2014-05-20 02:39 . 2014-05-28 05:11 908744 ----a-w- c:\windows\system32\nvdispgenco3233788.dll
2014-05-20 02:39 . 2014-05-28 05:11 1056200 ----a-w- c:\windows\system32\nvdispco3233788.dll
2014-05-18 18:30 . 2013-08-28 09:05 4341760 ----a-w- c:\windows\system32\gppref.dll
2014-05-18 18:30 . 2013-08-28 09:05 2549760 ----a-w- c:\windows\system32\propshts.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-04 17:36 578240 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-06-27 12:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-06-27 12:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-06-27 12:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-06-27 12:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-06-27 12:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2014-06-27 24477056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-04 4085896]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2014-07-25 1126480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Install LastPass FF RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe -q -name=LastPass -ffuuid support@lastpass.com [2014-5-28 11211264]
Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid support@lastpass.com [2014-5-28 11211264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1973792643-2327440624-1214680277-1207\Scripts\Logon\0\0]
"Script"=\\s1\netlogon\ls-mapovani_K.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1973792643-2327440624-1214680277-1207\Scripts\Logon\1\0]
"Script"=\\s1\netlogon\ls-mapovani_T.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1973792643-2327440624-1214680277-1230\Scripts\Logon\0\0]
"Script"=\\s1\netlogon\ls-mapovani_K.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1973792643-2327440624-1214680277-1230\Scripts\Logon\1\0]
"Script"=\\s1\netlogon\ls-mapovani_S.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1973792643-2327440624-1214680277-1230\Scripts\Logon\2\0]
"Script"=\\s1\netlogon\ls-mapovani_I.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1973792643-2327440624-1214680277-1230\Scripts\Logon\3\0]
"Script"=\\s1\netlogon\ls-mapovani_V.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1973792643-2327440624-1214680277-1230\Scripts\Logon\4\0]
"Script"=\\s1\netlogon\ls-mapovani_Z.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1973792643-2327440624-1214680277-2375\Scripts\Logon\0\0]
"Script"=\\s1\netlogon\ls-mapovani_K.cmd
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ActivSDK Flash Extension.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ActivSDK Flash Extension.lnk
backup=c:\windows\pss\ActivSDK Flash Extension.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\20131121]
2013-11-23 17:17 180184 ----a-w- c:\program files\AVAST Software\Avast\Setup\emupdate\1bf365f4-a6cf-4686-bf74-d3aa5daa3e62.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoKMS]
2013-09-16 11:50 615936 ----a-w- c:\windows\AutoKMS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert]
2010-11-20 12:19 152064 ----a-w- c:\windows\System32\mqrt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
2014-07-25 13:51 2403104 ----a-w- c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 02:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShadowPlay]
2014-07-25 13:50 1126480 ----a-w- c:\windows\System32\nvspcap.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-07-25 10:29 256896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSO ConvertXtoDVD 5]
2013-10-12 01:15 141824 ----a-w- c:\windows\System32\wscript.exe
.
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys [2013-11-04 8192]
R3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [2013-11-04 7680]
R3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys [2013-11-04 15872]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-08-20 1343400]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-08-04 779536]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-08-04 414520]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [2012-05-10 21624]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-08-04 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-08-04 67824]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-08-04 71944]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-07-25 1720608]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-07-25 17536800]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-07-02 413128]
S2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-07-02 5037888]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-07-25 19232]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2014-03-31 34080]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-12 23:17 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-19 15:00]
.
2014-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-08-20 17:39]
.
2014-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-08-20 17:39]
.
.
------- Doplňkový sken -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: LastPass - file://c:\users\kubikz\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Vyplňování formulářů - file://c:\users\kubikz\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.83.8.10 10.83.9.10
FF - ProfilePath - c:\users\kubikz\AppData\Roaming\Mozilla\Firefox\Profiles\pwthnmfx.default\
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\conhost.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\TeamViewer\Version9\TeamViewer.exe
c:\program files\TeamViewer\Version9\tv_w32.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2014-08-13 14:38:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-08-13 12:38
ComboFix2.txt 2014-08-06 06:53
.
Před spuštěním: Volných bajtů: 417 395 904 512
Po spuštění: Volných bajtů: 417 085 759 488
.
- - End Of File - - 7781134BC6F84F639B86503029EC2C1B
A36C5E4F47E84449FF07ED3517B43A31
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:09:55, on 15.8.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16563)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\kubikz\Downloads\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
O4 - HKLM\..\Run: [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O4 - Global Startup: Install LastPass FF RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe
O4 - Global Startup: Install LastPass IE RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: LastPass - file://C:\Users\kubikz\AppData\LocalLow\LastPass\context.html?cmd=lastpass
O8 - Extra context menu item: LastPass Vyplňování formulářů - file://C:\Users\kubikz\AppData\LocalLow\LastPass\context.html?cmd=fillforms
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - (no file)
O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - (no file)
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = zskkho.local
O17 - HKLM\Software\..\Telephony: DomainName = zskkho.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = zskkho.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = zskkho.local
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
--
End of file - 5961 bytes
MSI B75A-G43 + Intel Core i3-3225 + 8GB 1600MHz
------------------------------------------------------------
Lenovo ThinkPad Edgde E130 i3-3227U
------------------------------------------------------------
Lenovo ThinkPad Edgde E130 i3-3227U
Re: Pomalý počítač, prosím o kontrolu
Jo, určitě se to zlepšilo, teď ten komp ale používám jen málo, takže to neumím úplně posoudit. Jestli se nepletu, tak mi tam běžel nějakej bitcoin miner, ne?
Každopádně díky moc
Každopádně díky moc
MSI B75A-G43 + Intel Core i3-3225 + 8GB 1600MHz
------------------------------------------------------------
Lenovo ThinkPad Edgde E130 i3-3227U
------------------------------------------------------------
Lenovo ThinkPad Edgde E130 i3-3227U
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Pomalý počítač, prosím o kontrolu Vyřešeno
Stáhni si zde DelFix
ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci
Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt
Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 136 hostů