Prosim o kontrolu logu Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosim o kontrolu logu

Příspěvekod jaro3 » 31 pro 2014 16:40

Vlož nový log z HJT + info o problémech.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Reklama
bill.da
Level 2.5
Level 2.5
Příspěvky: 358
Registrován: říjen 09
Pohlaví: Muž
Stav:
Offline

Re: Prosim o kontrolu logu

Příspěvekod bill.da » 31 pro 2014 17:15

problem uz neni zadny pc jede pekne, akorat mam na plose jak jsou u 7 miniaplikace na plochu meric cpu a i kdyz nic nedelam tak mam prvni budik tak 10 procent ale ten druhy ten ma porad kolem 50 procent jestli je to tak dobre? Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:09:29, on 31.12.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.17183)


Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\CyberLink\PowerDVD13\PowerDVD13Agent.exe
C:\Program Files\Seznam.cz\bin\postak.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Users\top\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\bin\core.4.dll
O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
O4 - HKLM\..\Run: [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [PowerDVD13Agent] "C:\Program Files\CyberLink\PowerDVD13\PowerDVD13Agent.exe"
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files\Seznam.cz\bin\postak.exe" -s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: linkscanner - (no CLSID) - (no file)
O23 - Service: Služba Acronis Scheduler2 (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: CyberLink PowerDVD 13 Media Server Monitor Service - CyberLink - C:\Program Files\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe
O23 - Service: CyberLink PowerDVD 13 Media Server Service - CyberLink - C:\Program Files\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 6516 bytes

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosim o kontrolu logu

Příspěvekod jaro3 » 01 led 2015 11:08

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O18 - Protocol: linkscanner - (no CLSID) - (no file)


Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

bill.da
Level 2.5
Level 2.5
Příspěvky: 358
Registrován: říjen 09
Pohlaví: Muž
Stav:
Offline

Re: Prosim o kontrolu logu

Příspěvekod bill.da » 01 led 2015 16:26

ComboFix 14-12-30.01 - top 01.01.2015 16:15:18.11.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.2048.1209 [GMT 1:00]
Spuštěný z: c:\users\top\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-12-01 do 2015-01-01 )))))))))))))))))))))))))))))))
.
.
2015-01-01 15:22 . 2015-01-01 15:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-01-01 15:10 . 2015-01-01 15:10 -------- d-----w- c:\users\top\AppData\Local\ElevatedDiagnostics
2015-01-01 15:10 . 2015-01-01 15:10 -------- d-----w- c:\users\top\AppData\Local\Diagnostics
2014-12-31 16:50 . 2008-10-15 05:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2014-12-31 16:50 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2014-12-31 16:50 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2014-12-31 16:39 . 2014-12-31 16:39 -------- d-----w- c:\program files\Rebellion
2014-12-31 15:15 . 2014-12-31 15:15 -------- d-----w- C:\top
2014-12-31 12:32 . 2014-12-31 12:32 -------- d-sh--w- c:\users\top\AppData\Local\EmieUserList
2014-12-31 12:32 . 2014-12-31 12:32 -------- d-sh--w- c:\users\top\AppData\Local\EmieSiteList
2014-12-31 12:32 . 2014-12-31 12:32 -------- d-sh--w- c:\users\top\AppData\Local\EmieBrowserModeList
2014-12-31 12:30 . 2014-12-31 12:16 24064 ----a-w- c:\windows\zoek-delete.exe
2014-12-31 12:30 . 2015-01-01 15:22 -------- d-----w- c:\users\top\AppData\Local\Temp
2014-12-31 12:16 . 2014-12-31 12:28 -------- d-----w- C:\zoek_backup
2014-12-31 08:39 . 2014-12-31 12:07 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-12-31 08:39 . 2014-12-31 08:39 -------- d-----w- c:\programdata\RogueKiller
2014-12-30 15:34 . 2014-12-30 15:34 -------- d-----w- c:\users\top\AppData\Local\Cyberlink SoftDMA
2014-12-30 15:32 . 2014-12-30 15:32 -------- d-----w- c:\program files\CyberLink
2014-12-30 14:40 . 2014-12-30 14:40 -------- d-----w- C:\MediaServer
2014-12-30 14:40 . 2014-12-30 14:40 -------- d-----w- c:\users\top\AppData\Local\MediaServer
2014-12-30 12:34 . 2014-12-31 16:35 -------- d-----w- c:\users\top\AppData\Local\CrashDumps
2014-12-30 12:33 . 2014-12-30 12:33 -------- d-----w- c:\users\top\AppData\Local\Adobe
2014-12-30 10:24 . 2014-12-30 10:24 -------- d-----w- c:\users\top\AppData\Local\ESET
2014-12-30 10:24 . 2014-12-30 14:40 -------- d-----w- c:\users\top\AppData\Local\CyberLink
2014-12-30 10:20 . 2014-12-31 16:16 -------- d-----w- c:\users\top\AppData\Local\Google
2014-12-29 20:14 . 2014-12-29 20:14 -------- d-----w- c:\users\top\AppData\Local\Power2Go9
2014-12-28 17:58 . 2014-12-30 15:34 -------- d-----w- c:\users\top\AppData\Roaming\CyberLink
2014-12-28 17:58 . 2014-12-30 14:40 -------- d-----w- c:\users\Public\CyberLink
2014-12-28 17:58 . 2014-12-29 18:11 -------- d-----w- c:\programdata\PDVD
2014-12-28 17:58 . 2014-12-28 17:58 -------- d-----w- c:\program files\NSIS Uninstall Information
2014-12-28 17:55 . 2014-12-30 15:30 -------- d-----w- c:\programdata\CyberLink
2014-12-28 17:55 . 2014-12-30 14:39 -------- d-----w- c:\programdata\install_clap
2014-12-28 17:55 . 2014-12-30 13:51 -------- d-----w- c:\programdata\SUPPORTDIR
2014-12-28 17:14 . 2014-12-28 17:17 -------- d-----w- c:\users\top\AppData\Roaming\DivX
2014-12-28 17:13 . 2014-12-28 17:27 -------- d-----w- c:\program files\Common Files\DivX Shared
2014-12-25 14:25 . 2014-12-13 07:03 620176 ----a-w- c:\windows\system32\nvStreaming.exe
2014-12-23 07:36 . 2014-12-23 07:36 -------- d-----w- c:\users\top\AppData\Roaming\Specialbit
2014-12-22 11:27 . 2014-12-22 11:27 -------- d-----w- c:\users\top\AppData\Roaming\RainbowGames
2014-12-22 11:17 . 2014-12-22 11:17 -------- d-----w- c:\programdata\Total Gameplay
2014-12-21 16:20 . 2014-12-21 16:20 -------- d-----w- c:\users\top\AppData\Roaming\Anvate Games
2014-12-21 16:14 . 2014-12-21 16:14 -------- d-----w- c:\users\top\AppData\Roaming\Artogon
2014-12-21 16:11 . 2014-12-21 16:11 -------- d-----w- c:\program files\Zlodeji dusi
2014-12-21 16:08 . 2014-12-21 16:08 -------- d-----w- c:\program files\Rybičky - Adéla na lovu
2014-12-21 16:06 . 2014-12-21 16:06 -------- d-----w- c:\program files\Tucnaci
2014-12-21 16:03 . 2014-12-21 16:04 -------- d-----w- c:\program files\Stavomat
2014-12-21 16:00 . 2014-12-21 16:00 -------- d-----w- c:\users\top\AppData\Roaming\Absolutist
2014-12-21 16:00 . 2014-12-21 16:00 -------- d-----w- c:\programdata\Absolutist
2014-12-21 16:00 . 2014-12-21 16:00 -------- d-----w- c:\program files\Zeleny mesic
2014-12-21 15:58 . 2014-12-21 15:58 -------- d-----w- c:\program files\Tehdy na Zapade - Jak to zacalo
2014-12-21 15:55 . 2014-12-21 15:55 -------- d-----w- c:\program files\Putovani za zviraty
2014-12-21 15:54 . 2014-12-21 15:54 -------- d-----w- c:\program files\Cesta za dobrodružstvím - Kouzelné obrazy
2014-12-21 15:51 . 2014-12-21 15:51 -------- d-----w- c:\program files\Filipova dobrodružství - Na stopě rodinným pokladům
2014-12-13 13:03 . 2014-07-07 01:39 23040 ----a-w- c:\windows\system32\mfpmp.exe
2014-12-13 13:03 . 2014-07-07 01:37 2048 ----a-w- c:\windows\system32\mferror.dll
2014-12-13 13:02 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\system32\mf.dll
2014-12-13 13:02 . 2014-07-07 01:40 103424 ----a-w- c:\windows\system32\mfps.dll
2014-12-13 13:02 . 2014-07-07 01:39 50176 ----a-w- c:\windows\system32\rrinstaller.exe
2014-12-13 12:42 . 2014-11-11 01:32 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-12-13 12:42 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\system32\msi.dll
2014-12-13 12:42 . 2014-11-08 02:45 2048 ----a-w- c:\windows\system32\tzres.dll
2014-12-13 12:42 . 2014-10-30 01:45 155136 ----a-w- c:\windows\system32\charmap.exe
2014-12-13 12:42 . 2014-10-03 01:45 248832 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2014-12-13 12:42 . 2014-10-03 01:45 1177088 ----a-w- c:\windows\system32\WsmSvc.dll
2014-12-13 12:42 . 2014-10-03 01:45 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2014-12-13 12:42 . 2014-10-03 01:44 198656 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2014-12-13 12:42 . 2014-10-03 01:45 145920 ----a-w- c:\windows\system32\WsmAuto.dll
2014-12-13 09:42 . 2014-12-13 09:47 -------- d-----w- c:\users\top\AppData\Local\Windows Live
2014-12-13 09:42 . 2014-12-13 09:42 -------- d-----w- c:\program files\Common Files\Windows Live
2014-12-11 20:43 . 2014-11-02 04:17 8941456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CBB423AD-E6F9-4B6B-8F2F-B1B0E7289F41}\mpengine.dll
2014-12-11 16:30 . 2013-08-11 14:40 43520 ----a-w- c:\windows\system32\nircmdc.exe
2014-12-11 16:29 . 2014-12-11 17:06 -------- d-----w- c:\windows\system32\bitstreams
2014-12-11 16:29 . 2013-10-26 19:30 538126 ----a-w- c:\windows\system32\libcurl-4.dll
2014-12-11 16:29 . 2013-10-26 19:30 364544 ----a-w- c:\windows\system32\ssleay32.dll
2014-12-11 16:29 . 2013-10-26 19:30 192512 ----a-w- c:\windows\system32\libidn-11.dll
2014-12-11 16:29 . 2013-10-26 19:30 171008 ----a-w- c:\windows\system32\libssh2.dll
2014-12-11 16:29 . 2013-10-26 19:30 1704448 ----a-w- c:\windows\system32\libeay32.dll
2014-12-11 16:29 . 2013-10-26 19:30 133632 ----a-w- c:\windows\system32\librtmp.dll
2014-12-11 16:29 . 2013-06-12 14:15 119888 ----a-w- c:\windows\system32\pthreadGC2.dll
2014-12-11 16:29 . 2013-06-12 14:15 100864 ----a-w- c:\windows\system32\zlib1.dll
2014-12-11 16:29 . 2012-09-25 22:46 472424 ----a-w- c:\windows\system32\cudart32_50_35.dll
2014-12-11 16:29 . 2012-05-27 00:36 55808 ----a-w- c:\windows\system32\pthreadVC2.dll
2014-12-10 17:23 . 2014-11-11 02:44 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-12-03 06:31 . 2014-12-03 06:31 227048 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-25 16:18 . 2013-03-23 15:46 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-25 16:18 . 2013-03-23 15:46 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-12-13 10:02 . 2013-02-10 09:44 60560 ----a-w- c:\windows\system32\OpenCL.dll
2014-12-13 10:02 . 2012-10-10 20:14 16039176 ----a-w- c:\windows\system32\nvwgf2um.dll
2014-12-13 10:02 . 2012-10-10 20:14 14128496 ----a-w- c:\windows\system32\nvd3dum.dll
2014-12-13 10:02 . 2007-06-28 16:43 2897640 ----a-w- c:\windows\system32\nvapi.dll
2014-12-13 07:30 . 2013-02-10 09:44 3056784 ----a-w- c:\windows\system32\nvsvc.dll
2014-12-13 07:30 . 2007-06-28 16:43 4403016 ----a-w- c:\windows\system32\nvcpl.dll
2014-12-13 07:30 . 2013-02-10 09:44 669840 ----a-w- c:\windows\system32\nvvsvc.exe
2014-12-13 07:30 . 2013-02-10 09:44 62784 ----a-w- c:\windows\system32\nvshext.dll
2014-12-13 07:30 . 2013-02-10 09:44 2554000 ----a-w- c:\windows\system32\nvsvcr.dll
2014-12-13 07:30 . 2007-06-28 16:43 375112 ----a-w- c:\windows\system32\nvmctray.dll
2014-11-24 13:04 . 2013-09-03 15:33 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-11-23 12:00 . 2014-08-13 15:00 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-11-13 00:14 . 2014-11-18 17:42 906440 ----a-w- c:\windows\system32\nvdispgenco3234475.dll
2014-11-13 00:14 . 2014-11-18 17:42 1042064 ----a-w- c:\windows\system32\nvdispco3234475.dll
2014-11-11 02:44 . 2014-11-19 15:40 186880 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 02:44 . 2014-11-19 15:40 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-11-09 11:23 . 2014-11-09 11:23 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2014-10-30 04:49 . 2014-11-04 18:26 908608 ----a-w- c:\windows\system32\nvdispgenco3234460.dll
2014-10-30 04:49 . 2014-11-04 18:26 1043264 ----a-w- c:\windows\system32\nvdispco3234460.dll
2014-10-25 01:32 . 2014-11-12 17:17 67584 ----a-w- c:\windows\system32\packager.dll
2014-10-18 01:33 . 2014-11-12 17:18 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-16 16:38 . 2014-10-22 19:12 906440 ----a-w- c:\windows\system32\nvdispgenco3234448.dll
2014-10-16 16:38 . 2014-10-22 19:12 1041096 ----a-w- c:\windows\system32\nvdispco3234448.dll
2014-10-14 01:56 . 2014-11-12 17:17 136632 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 01:50 . 2014-11-12 17:17 523776 ----a-w- c:\windows\system32\termsrv.dll
2014-10-14 01:50 . 2014-11-12 17:17 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-14 01:47 . 2014-11-12 17:17 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-14 01:46 . 2014-11-12 17:17 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-10-10 00:45 . 2014-11-12 17:18 2379264 ----a-w- c:\windows\system32\win32k.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\erdnt\cache\user32.dll
[-] 2010-11-20 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-12-11 30877280]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"Seznam Postak"="c:\program files\Seznam.cz\bin\postak.exe" [2012-01-10 491040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2014-02-18 12017368]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-02-05 2234144]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2014-02-05 1048152]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-08 3076144]
"seznam-listicka-distribuce"="c:\program files\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"PowerDVD13Agent"="c:\program files\CyberLink\PowerDVD13\PowerDVD13Agent.exe" [2013-07-05 517144]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"QuickTime Plugin Install"=c:\program files\QuickTime\Plugins\DeleteMe1.exe
"Služba Acronis Scheduler2"="c:\program files\Common Files\Acronis\Plán2\schedhlp.exe"
"TrueImageMonitor.exe"=c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-12-11 315496]
R3 cpuz134;cpuz134;c:\users\top\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-02-10 1343400]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 50624]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [2013-05-19 911680]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2014-11-09 243128]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 33656]
S2 {09F57980-3432-4AFC-957D-27AC45FAE1F5};Power Control [2014/12/30 16:33];c:\program files\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [2013-07-05 23:48 76560]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2013-05-19 2480048]
S2 CyberLink PowerDVD 13 Media Server Monitor Service;CyberLink PowerDVD 13 Media Server Monitor Service;c:\program files\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [2013-07-05 77576]
S2 CyberLink PowerDVD 13 Media Server Service;CyberLink PowerDVD 13 Media Server Service;c:\program files\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [2013-07-05 327432]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 163424]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2011-09-08 974944]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-02-05 1593632]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-02-05 15904544]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-12-13 410768]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2013-05-19 160288]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2013-12-27 34080]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2015-01-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-23 16:18]
.
2015-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-12-10 17:33]
.
2015-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-12-10 17:33]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{09F57980-3432-4AFC-957D-27AC45FAE1F5}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD13\Common\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2015-01-01 16:23:51
ComboFix-quarantined-files.txt 2015-01-01 15:23
ComboFix2.txt 2014-12-29 08:35
.
Před spuštěním: Volných bajtů: 79 575 556 096
Po spuštění: Volných bajtů: 79 880 519 680
.
- - End Of File - - 5EC2AE779B3CC9EF0C49201C3B0C0174
A36C5E4F47E84449FF07ED3517B43A31

Uživatelský avatar
Orcus
člen Security týmu
Elite Level 10.5
Elite Level 10.5
Příspěvky: 10645
Registrován: duben 10
Bydliště: Okolo rostou 3 růže =o)
Pohlaví: Muž
Stav:
Offline

Re: Prosim o kontrolu logu

Příspěvekod Orcus » 01 led 2015 22:54

Zůstal ti na Esetu běžet Firewall. Ještě jednou tedy jak psal jaro3.

FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
Láska hřeje, ale uhlí je uhlí. :fire:



Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.

Pár rad k bezpečnosti PC.

Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix

Pokud budete spokojeni , můžete podpořit naše fórum.

bill.da
Level 2.5
Level 2.5
Příspěvky: 358
Registrován: říjen 09
Pohlaví: Muž
Stav:
Offline

Re: Prosim o kontrolu logu

Příspěvekod bill.da » 02 led 2015 07:11

ComboFix 15-01-02.01 - top 02.01.2015 6:55.13.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.2048.1036 [GMT 1:00]
Spuštěný z: c:\users\top\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msdownld.tmp
.
Nakažená kopie c:\windows\system32\userinit.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\erdnt\cache\userinit.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-12-02 do 2015-01-02 )))))))))))))))))))))))))))))))
.
.
2015-01-02 06:03 . 2015-01-02 06:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-01-02 06:03 . 2015-01-02 06:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-01-01 18:52 . 2015-01-01 18:52 -------- d-----w- c:\program files\Microsoft Silverlight
2015-01-01 15:49 . 2015-01-01 15:59 -------- d-----w- c:\program files\FTruck2013
2015-01-01 15:10 . 2015-01-01 15:10 -------- d-----w- c:\users\top\AppData\Local\ElevatedDiagnostics
2015-01-01 15:10 . 2015-01-01 15:10 -------- d-----w- c:\users\top\AppData\Local\Diagnostics
2014-12-31 16:50 . 2008-10-15 05:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2014-12-31 16:50 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2014-12-31 16:50 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2014-12-31 16:39 . 2014-12-31 16:39 -------- d-----w- c:\program files\Rebellion
2014-12-31 15:15 . 2014-12-31 15:15 -------- d-----w- C:\top
2014-12-31 12:32 . 2015-01-01 21:03 -------- d-sh--w- c:\users\top\AppData\Local\EmieUserList
2014-12-31 12:32 . 2015-01-01 21:03 -------- d-sh--w- c:\users\top\AppData\Local\EmieSiteList
2014-12-31 12:32 . 2015-01-01 21:03 -------- d-sh--w- c:\users\top\AppData\Local\EmieBrowserModeList
2014-12-31 12:30 . 2014-12-31 12:16 24064 ----a-w- c:\windows\zoek-delete.exe
2014-12-31 12:30 . 2015-01-02 06:06 -------- d-----w- c:\users\top\AppData\Local\Temp
2014-12-31 12:16 . 2014-12-31 12:28 -------- d-----w- C:\zoek_backup
2014-12-31 08:39 . 2014-12-31 12:07 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-12-31 08:39 . 2014-12-31 08:39 -------- d-----w- c:\programdata\RogueKiller
2014-12-30 15:34 . 2014-12-30 15:34 -------- d-----w- c:\users\top\AppData\Local\Cyberlink SoftDMA
2014-12-30 15:32 . 2014-12-30 15:32 -------- d-----w- c:\program files\CyberLink
2014-12-30 14:40 . 2014-12-30 14:40 -------- d-----w- C:\MediaServer
2014-12-30 14:40 . 2014-12-30 14:40 -------- d-----w- c:\users\top\AppData\Local\MediaServer
2014-12-30 12:34 . 2014-12-31 16:35 -------- d-----w- c:\users\top\AppData\Local\CrashDumps
2014-12-30 12:33 . 2014-12-30 12:33 -------- d-----w- c:\users\top\AppData\Local\Adobe
2014-12-30 10:24 . 2014-12-30 10:24 -------- d-----w- c:\users\top\AppData\Local\ESET
2014-12-30 10:24 . 2014-12-30 14:40 -------- d-----w- c:\users\top\AppData\Local\CyberLink
2014-12-30 10:20 . 2015-01-01 17:54 -------- d-----w- c:\users\top\AppData\Local\Google
2014-12-29 20:14 . 2014-12-29 20:14 -------- d-----w- c:\users\top\AppData\Local\Power2Go9
2014-12-28 17:58 . 2014-12-30 15:34 -------- d-----w- c:\users\top\AppData\Roaming\CyberLink
2014-12-28 17:58 . 2014-12-30 14:40 -------- d-----w- c:\users\Public\CyberLink
2014-12-28 17:58 . 2014-12-29 18:11 -------- d-----w- c:\programdata\PDVD
2014-12-28 17:58 . 2014-12-28 17:58 -------- d-----w- c:\program files\NSIS Uninstall Information
2014-12-28 17:55 . 2015-01-01 18:33 -------- d-----w- c:\programdata\CyberLink
2014-12-28 17:55 . 2014-12-30 14:39 -------- d-----w- c:\programdata\install_clap
2014-12-28 17:55 . 2014-12-30 13:51 -------- d-----w- c:\programdata\SUPPORTDIR
2014-12-28 17:14 . 2014-12-28 17:17 -------- d-----w- c:\users\top\AppData\Roaming\DivX
2014-12-28 17:13 . 2014-12-28 17:27 -------- d-----w- c:\program files\Common Files\DivX Shared
2014-12-25 14:25 . 2014-12-13 07:03 620176 ----a-w- c:\windows\system32\nvStreaming.exe
2014-12-23 07:36 . 2014-12-23 07:36 -------- d-----w- c:\users\top\AppData\Roaming\Specialbit
2014-12-22 11:27 . 2014-12-22 11:27 -------- d-----w- c:\users\top\AppData\Roaming\RainbowGames
2014-12-22 11:17 . 2014-12-22 11:17 -------- d-----w- c:\programdata\Total Gameplay
2014-12-21 16:20 . 2014-12-21 16:20 -------- d-----w- c:\users\top\AppData\Roaming\Anvate Games
2014-12-21 16:14 . 2014-12-21 16:14 -------- d-----w- c:\users\top\AppData\Roaming\Artogon
2014-12-21 16:11 . 2014-12-21 16:11 -------- d-----w- c:\program files\Zlodeji dusi
2014-12-21 16:08 . 2014-12-21 16:08 -------- d-----w- c:\program files\Rybičky - Adéla na lovu
2014-12-21 16:06 . 2014-12-21 16:06 -------- d-----w- c:\program files\Tucnaci
2014-12-21 16:03 . 2014-12-21 16:04 -------- d-----w- c:\program files\Stavomat
2014-12-21 16:00 . 2014-12-21 16:00 -------- d-----w- c:\users\top\AppData\Roaming\Absolutist
2014-12-21 16:00 . 2014-12-21 16:00 -------- d-----w- c:\programdata\Absolutist
2014-12-21 16:00 . 2014-12-21 16:00 -------- d-----w- c:\program files\Zeleny mesic
2014-12-21 15:58 . 2014-12-21 15:58 -------- d-----w- c:\program files\Tehdy na Zapade - Jak to zacalo
2014-12-21 15:55 . 2014-12-21 15:55 -------- d-----w- c:\program files\Putovani za zviraty
2014-12-21 15:54 . 2014-12-21 15:54 -------- d-----w- c:\program files\Cesta za dobrodružstvím - Kouzelné obrazy
2014-12-21 15:51 . 2014-12-21 15:51 -------- d-----w- c:\program files\Filipova dobrodružství - Na stopě rodinným pokladům
2014-12-13 13:03 . 2014-07-07 01:39 23040 ----a-w- c:\windows\system32\mfpmp.exe
2014-12-13 13:03 . 2014-07-07 01:37 2048 ----a-w- c:\windows\system32\mferror.dll
2014-12-13 13:02 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\system32\mf.dll
2014-12-13 13:02 . 2014-07-07 01:40 103424 ----a-w- c:\windows\system32\mfps.dll
2014-12-13 13:02 . 2014-07-07 01:39 50176 ----a-w- c:\windows\system32\rrinstaller.exe
2014-12-13 12:42 . 2014-11-11 01:32 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-12-13 12:42 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\system32\msi.dll
2014-12-13 12:42 . 2014-11-08 02:45 2048 ----a-w- c:\windows\system32\tzres.dll
2014-12-13 12:42 . 2014-10-30 01:45 155136 ----a-w- c:\windows\system32\charmap.exe
2014-12-13 12:42 . 2014-10-03 01:45 248832 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2014-12-13 12:42 . 2014-10-03 01:45 1177088 ----a-w- c:\windows\system32\WsmSvc.dll
2014-12-13 12:42 . 2014-10-03 01:45 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2014-12-13 12:42 . 2014-10-03 01:44 198656 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2014-12-13 12:42 . 2014-10-03 01:45 145920 ----a-w- c:\windows\system32\WsmAuto.dll
2014-12-13 09:42 . 2014-12-13 09:47 -------- d-----w- c:\users\top\AppData\Local\Windows Live
2014-12-13 09:42 . 2014-12-13 09:42 -------- d-----w- c:\program files\Common Files\Windows Live
2014-12-11 20:43 . 2014-11-02 04:17 8941456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CBB423AD-E6F9-4B6B-8F2F-B1B0E7289F41}\mpengine.dll
2014-12-11 16:30 . 2013-08-11 14:40 43520 ----a-w- c:\windows\system32\nircmdc.exe
2014-12-11 16:29 . 2014-12-11 17:06 -------- d-----w- c:\windows\system32\bitstreams
2014-12-11 16:29 . 2013-10-26 19:30 538126 ----a-w- c:\windows\system32\libcurl-4.dll
2014-12-11 16:29 . 2013-10-26 19:30 364544 ----a-w- c:\windows\system32\ssleay32.dll
2014-12-11 16:29 . 2013-10-26 19:30 192512 ----a-w- c:\windows\system32\libidn-11.dll
2014-12-11 16:29 . 2013-10-26 19:30 171008 ----a-w- c:\windows\system32\libssh2.dll
2014-12-11 16:29 . 2013-10-26 19:30 1704448 ----a-w- c:\windows\system32\libeay32.dll
2014-12-11 16:29 . 2013-10-26 19:30 133632 ----a-w- c:\windows\system32\librtmp.dll
2014-12-11 16:29 . 2013-06-12 14:15 119888 ----a-w- c:\windows\system32\pthreadGC2.dll
2014-12-11 16:29 . 2013-06-12 14:15 100864 ----a-w- c:\windows\system32\zlib1.dll
2014-12-11 16:29 . 2012-09-25 22:46 472424 ----a-w- c:\windows\system32\cudart32_50_35.dll
2014-12-11 16:29 . 2012-05-27 00:36 55808 ----a-w- c:\windows\system32\pthreadVC2.dll
2014-12-10 17:23 . 2014-11-11 02:44 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-12-03 06:31 . 2014-12-03 06:31 227048 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-01 18:57 . 2013-03-23 15:46 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-01 18:57 . 2013-03-23 15:46 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-12-13 10:02 . 2013-02-10 09:44 60560 ----a-w- c:\windows\system32\OpenCL.dll
2014-12-13 10:02 . 2012-10-10 20:14 16039176 ----a-w- c:\windows\system32\nvwgf2um.dll
2014-12-13 10:02 . 2012-10-10 20:14 14128496 ----a-w- c:\windows\system32\nvd3dum.dll
2014-12-13 10:02 . 2007-06-28 16:43 2897640 ----a-w- c:\windows\system32\nvapi.dll
2014-12-13 07:30 . 2013-02-10 09:44 3056784 ----a-w- c:\windows\system32\nvsvc.dll
2014-12-13 07:30 . 2007-06-28 16:43 4403016 ----a-w- c:\windows\system32\nvcpl.dll
2014-12-13 07:30 . 2013-02-10 09:44 669840 ----a-w- c:\windows\system32\nvvsvc.exe
2014-12-13 07:30 . 2013-02-10 09:44 62784 ----a-w- c:\windows\system32\nvshext.dll
2014-12-13 07:30 . 2013-02-10 09:44 2554000 ----a-w- c:\windows\system32\nvsvcr.dll
2014-12-13 07:30 . 2007-06-28 16:43 375112 ----a-w- c:\windows\system32\nvmctray.dll
2014-11-24 13:04 . 2013-09-03 15:33 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-11-23 12:00 . 2014-08-13 15:00 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-11-13 00:14 . 2014-11-18 17:42 906440 ----a-w- c:\windows\system32\nvdispgenco3234475.dll
2014-11-13 00:14 . 2014-11-18 17:42 1042064 ----a-w- c:\windows\system32\nvdispco3234475.dll
2014-11-11 02:44 . 2014-11-19 15:40 186880 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 02:44 . 2014-11-19 15:40 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-11-09 11:23 . 2014-11-09 11:23 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2014-10-30 04:49 . 2014-11-04 18:26 908608 ----a-w- c:\windows\system32\nvdispgenco3234460.dll
2014-10-30 04:49 . 2014-11-04 18:26 1043264 ----a-w- c:\windows\system32\nvdispco3234460.dll
2014-10-25 01:32 . 2014-11-12 17:17 67584 ----a-w- c:\windows\system32\packager.dll
2014-10-18 01:33 . 2014-11-12 17:18 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-16 16:38 . 2014-10-22 19:12 906440 ----a-w- c:\windows\system32\nvdispgenco3234448.dll
2014-10-16 16:38 . 2014-10-22 19:12 1041096 ----a-w- c:\windows\system32\nvdispco3234448.dll
2014-10-14 01:56 . 2014-11-12 17:17 136632 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 01:50 . 2014-11-12 17:17 523776 ----a-w- c:\windows\system32\termsrv.dll
2014-10-14 01:50 . 2014-11-12 17:17 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-14 01:47 . 2014-11-12 17:17 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-14 01:46 . 2014-11-12 17:17 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-10-10 00:45 . 2014-11-12 17:18 2379264 ----a-w- c:\windows\system32\win32k.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\erdnt\cache\user32.dll
[-] 2010-11-20 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-12-11 30877280]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2014-02-18 12017368]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-02-05 2234144]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2014-02-05 1048152]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-08 3076144]
"seznam-listicka-distribuce"="c:\program files\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"PowerDVD13Agent"="c:\program files\CyberLink\PowerDVD13\PowerDVD13Agent.exe" [2013-07-05 517144]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"QuickTime Plugin Install"=c:\program files\QuickTime\Plugins\DeleteMe1.exe
"Služba Acronis Scheduler2"="c:\program files\Common Files\Acronis\Plán2\schedhlp.exe"
"TrueImageMonitor.exe"=c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-12-11 315496]
R3 cpuz134;cpuz134;c:\users\top\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-01-01 102912]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-02-10 1343400]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 50624]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [2013-05-19 911680]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2014-11-09 243128]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 33656]
S2 {09F57980-3432-4AFC-957D-27AC45FAE1F5};Power Control [2014/12/30 16:33];c:\program files\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [2013-07-05 23:48 76560]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2013-05-19 2480048]
S2 CyberLink PowerDVD 13 Media Server Monitor Service;CyberLink PowerDVD 13 Media Server Monitor Service;c:\program files\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [2013-07-05 77576]
S2 CyberLink PowerDVD 13 Media Server Service;CyberLink PowerDVD 13 Media Server Service;c:\program files\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [2013-07-05 327432]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 163424]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2011-09-08 974944]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-02-05 1593632]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-02-05 15904544]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-12-13 410768]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2013-05-19 160288]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2013-12-27 34080]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-01-01 19:39 1087816 ----a-w- c:\program files\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-01-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-23 18:57]
.
2015-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-12-10 17:33]
.
2015-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-12-10 17:33]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{09F57980-3432-4AFC-957D-27AC45FAE1F5}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD13\Common\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\AUDIODG.EXE
c:\program files\Common Files\Acronis\Plán2\schedul2.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2015-01-02 07:09:33 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-01-02 06:09
ComboFix2.txt 2015-01-01 15:23
ComboFix3.txt 2014-12-29 08:35
.
Před spuštěním: Volných bajtů: 74 839 949 312
Po spuštění: Volných bajtů: 75 166 855 168
.
- - End Of File - - D186BB2393FB2C24295461EDA66D4BAA
A36C5E4F47E84449FF07ED3517B43A31

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosim o kontrolu logu

Příspěvekod jaro3 » 02 led 2015 09:33

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\program files\Skype\Updater
c:\program files\Google\Update

Driver::
SkypeUpdate

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000



Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

bill.da
Level 2.5
Level 2.5
Příspěvky: 358
Registrován: říjen 09
Pohlaví: Muž
Stav:
Offline

Re: Prosim o kontrolu logu

Příspěvekod bill.da » 02 led 2015 10:13

ComboFix 15-01-02.01 - top 02.01.2015 9:56.14.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.2048.1090 [GMT 1:00]
Spuštěný z: c:\users\top\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\top\Desktop\CFScript.txt
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Update
c:\program files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.25.11\GoogleUpdate.exe
c:\program files\Google\Update\1.3.25.11\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.25.11\GoogleUpdateComRegisterShell64.exe
c:\program files\Google\Update\1.3.25.11\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.25.11\GoogleUpdateSetup.exe
c:\program files\Google\Update\1.3.25.11\goopdate.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_am.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_ar.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_bg.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_bn.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_ca.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_cs.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_da.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_de.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_el.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_en.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_es.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_et.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_fa.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_fi.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_fil.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_fr.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_gu.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_hi.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_hr.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_hu.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_id.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_is.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_it.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_iw.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_ja.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_kn.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_ko.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_lt.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_lv.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_ml.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_mr.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_ms.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_nl.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_no.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_pl.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_ro.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_ru.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_sk.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_sl.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_sr.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_sv.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_sw.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_ta.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_te.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_th.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_tr.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_uk.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_ur.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_vi.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.25.11\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.25.11\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.25.11\psmachine.dll
c:\program files\Google\Update\1.3.25.11\psmachine_64.dll
c:\program files\Google\Update\1.3.25.11\psuser.dll
c:\program files\Google\Update\1.3.25.11\psuser_64.dll
c:\program files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\39.0.2171.95\39.0.2171.95_chrome_installer.exe
c:\program files\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\39.0.2171.95\39.0.2171.95_chrome_installer.exe
c:\program files\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\0.0.0.0\googletoolbarinstaller_en_signed.exe
c:\program files\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\7.5.5111.1712\GoogleToolbarInstaller_updater_signed.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Google\Update\Install\{0FF31BC0-D189-4DE1-97E8-F5DF862FEECF}\googletoolbarinstaller_en_signed.exe
c:\program files\Skype\Updater
c:\program files\Skype\Updater\Updater.dll
c:\program files\Skype\Updater\Updater.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-12-02 do 2015-01-02 )))))))))))))))))))))))))))))))
.
.
2015-01-02 09:05 . 2015-01-02 09:05 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-01-02 09:05 . 2015-01-02 09:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-01-02 08:12 . 2015-01-02 08:12 -------- d-----w- c:\program files\McAfee Security Scan
2015-01-02 08:11 . 2015-01-02 08:12 -------- d-----w- c:\programdata\McAfee Security Scan
2015-01-02 08:11 . 2015-01-02 08:11 -------- d-----w- c:\programdata\McAfee
2015-01-01 18:52 . 2015-01-02 08:25 -------- d-----w- c:\program files\Microsoft Silverlight
2015-01-01 15:49 . 2015-01-01 15:59 -------- d-----w- c:\program files\FTruck2013
2015-01-01 15:10 . 2015-01-01 15:10 -------- d-----w- c:\users\top\AppData\Local\ElevatedDiagnostics
2015-01-01 15:10 . 2015-01-01 15:10 -------- d-----w- c:\users\top\AppData\Local\Diagnostics
2014-12-31 16:50 . 2008-10-15 05:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2014-12-31 16:50 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2014-12-31 16:50 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2014-12-31 16:39 . 2014-12-31 16:39 -------- d-----w- c:\program files\Rebellion
2014-12-31 15:15 . 2014-12-31 15:15 -------- d-----w- C:\top
2014-12-31 12:32 . 2015-01-01 21:03 -------- d-sh--w- c:\users\top\AppData\Local\EmieUserList
2014-12-31 12:32 . 2015-01-01 21:03 -------- d-sh--w- c:\users\top\AppData\Local\EmieSiteList
2014-12-31 12:32 . 2015-01-01 21:03 -------- d-sh--w- c:\users\top\AppData\Local\EmieBrowserModeList
2014-12-31 12:30 . 2014-12-31 12:16 24064 ----a-w- c:\windows\zoek-delete.exe
2014-12-31 12:30 . 2015-01-02 09:08 -------- d-----w- c:\users\top\AppData\Local\Temp
2014-12-31 12:16 . 2014-12-31 12:28 -------- d-----w- C:\zoek_backup
2014-12-31 08:39 . 2014-12-31 12:07 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-12-31 08:39 . 2014-12-31 08:39 -------- d-----w- c:\programdata\RogueKiller
2014-12-30 15:34 . 2014-12-30 15:34 -------- d-----w- c:\users\top\AppData\Local\Cyberlink SoftDMA
2014-12-30 15:32 . 2014-12-30 15:32 -------- d-----w- c:\program files\CyberLink
2014-12-30 14:40 . 2014-12-30 14:40 -------- d-----w- C:\MediaServer
2014-12-30 14:40 . 2014-12-30 14:40 -------- d-----w- c:\users\top\AppData\Local\MediaServer
2014-12-30 12:34 . 2015-01-02 07:41 -------- d-----w- c:\users\top\AppData\Local\CrashDumps
2014-12-30 12:33 . 2015-01-02 08:11 -------- d-----w- c:\users\top\AppData\Local\Adobe
2014-12-30 10:24 . 2014-12-30 10:24 -------- d-----w- c:\users\top\AppData\Local\ESET
2014-12-30 10:24 . 2014-12-30 14:40 -------- d-----w- c:\users\top\AppData\Local\CyberLink
2014-12-30 10:20 . 2015-01-02 07:52 -------- d-----w- c:\users\top\AppData\Local\Google
2014-12-29 20:14 . 2014-12-29 20:14 -------- d-----w- c:\users\top\AppData\Local\Power2Go9
2014-12-28 17:58 . 2014-12-30 15:34 -------- d-----w- c:\users\top\AppData\Roaming\CyberLink
2014-12-28 17:58 . 2014-12-30 14:40 -------- d-----w- c:\users\Public\CyberLink
2014-12-28 17:58 . 2014-12-29 18:11 -------- d-----w- c:\programdata\PDVD
2014-12-28 17:58 . 2014-12-28 17:58 -------- d-----w- c:\program files\NSIS Uninstall Information
2014-12-28 17:55 . 2015-01-01 18:33 -------- d-----w- c:\programdata\CyberLink
2014-12-28 17:55 . 2014-12-30 14:39 -------- d-----w- c:\programdata\install_clap
2014-12-28 17:55 . 2014-12-30 13:51 -------- d-----w- c:\programdata\SUPPORTDIR
2014-12-28 17:14 . 2014-12-28 17:17 -------- d-----w- c:\users\top\AppData\Roaming\DivX
2014-12-28 17:13 . 2014-12-28 17:27 -------- d-----w- c:\program files\Common Files\DivX Shared
2014-12-25 14:25 . 2014-12-13 07:03 620176 ----a-w- c:\windows\system32\nvStreaming.exe
2014-12-23 07:36 . 2014-12-23 07:36 -------- d-----w- c:\users\top\AppData\Roaming\Specialbit
2014-12-22 11:27 . 2014-12-22 11:27 -------- d-----w- c:\users\top\AppData\Roaming\RainbowGames
2014-12-22 11:17 . 2014-12-22 11:17 -------- d-----w- c:\programdata\Total Gameplay
2014-12-21 16:20 . 2014-12-21 16:20 -------- d-----w- c:\users\top\AppData\Roaming\Anvate Games
2014-12-21 16:14 . 2014-12-21 16:14 -------- d-----w- c:\users\top\AppData\Roaming\Artogon
2014-12-21 16:11 . 2014-12-21 16:11 -------- d-----w- c:\program files\Zlodeji dusi
2014-12-21 16:08 . 2014-12-21 16:08 -------- d-----w- c:\program files\Rybičky - Adéla na lovu
2014-12-21 16:06 . 2014-12-21 16:06 -------- d-----w- c:\program files\Tucnaci
2014-12-21 16:03 . 2014-12-21 16:04 -------- d-----w- c:\program files\Stavomat
2014-12-21 16:00 . 2014-12-21 16:00 -------- d-----w- c:\users\top\AppData\Roaming\Absolutist
2014-12-21 16:00 . 2014-12-21 16:00 -------- d-----w- c:\programdata\Absolutist
2014-12-21 16:00 . 2014-12-21 16:00 -------- d-----w- c:\program files\Zeleny mesic
2014-12-21 15:58 . 2014-12-21 15:58 -------- d-----w- c:\program files\Tehdy na Zapade - Jak to zacalo
2014-12-21 15:55 . 2014-12-21 15:55 -------- d-----w- c:\program files\Putovani za zviraty
2014-12-21 15:54 . 2014-12-21 15:54 -------- d-----w- c:\program files\Cesta za dobrodružstvím - Kouzelné obrazy
2014-12-21 15:51 . 2014-12-21 15:51 -------- d-----w- c:\program files\Filipova dobrodružství - Na stopě rodinným pokladům
2014-12-13 13:03 . 2014-07-07 01:39 23040 ----a-w- c:\windows\system32\mfpmp.exe
2014-12-13 13:03 . 2014-07-07 01:37 2048 ----a-w- c:\windows\system32\mferror.dll
2014-12-13 13:02 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\system32\mf.dll
2014-12-13 13:02 . 2014-07-07 01:40 103424 ----a-w- c:\windows\system32\mfps.dll
2014-12-13 13:02 . 2014-07-07 01:39 50176 ----a-w- c:\windows\system32\rrinstaller.exe
2014-12-13 12:42 . 2014-11-11 01:32 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-12-13 12:42 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\system32\msi.dll
2014-12-13 12:42 . 2014-11-08 02:45 2048 ----a-w- c:\windows\system32\tzres.dll
2014-12-13 12:42 . 2014-10-30 01:45 155136 ----a-w- c:\windows\system32\charmap.exe
2014-12-13 12:42 . 2014-10-03 01:45 248832 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2014-12-13 12:42 . 2014-10-03 01:45 1177088 ----a-w- c:\windows\system32\WsmSvc.dll
2014-12-13 12:42 . 2014-10-03 01:45 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2014-12-13 12:42 . 2014-10-03 01:44 198656 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2014-12-13 12:42 . 2014-10-03 01:45 145920 ----a-w- c:\windows\system32\WsmAuto.dll
2014-12-13 09:42 . 2014-12-13 09:47 -------- d-----w- c:\users\top\AppData\Local\Windows Live
2014-12-13 09:42 . 2014-12-13 09:42 -------- d-----w- c:\program files\Common Files\Windows Live
2014-12-11 20:43 . 2014-11-02 04:17 8941456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CBB423AD-E6F9-4B6B-8F2F-B1B0E7289F41}\mpengine.dll
2014-12-11 16:30 . 2013-08-11 14:40 43520 ----a-w- c:\windows\system32\nircmdc.exe
2014-12-11 16:29 . 2014-12-11 17:06 -------- d-----w- c:\windows\system32\bitstreams
2014-12-11 16:29 . 2013-10-26 19:30 538126 ----a-w- c:\windows\system32\libcurl-4.dll
2014-12-11 16:29 . 2013-10-26 19:30 364544 ----a-w- c:\windows\system32\ssleay32.dll
2014-12-11 16:29 . 2013-10-26 19:30 192512 ----a-w- c:\windows\system32\libidn-11.dll
2014-12-11 16:29 . 2013-10-26 19:30 171008 ----a-w- c:\windows\system32\libssh2.dll
2014-12-11 16:29 . 2013-10-26 19:30 1704448 ----a-w- c:\windows\system32\libeay32.dll
2014-12-11 16:29 . 2013-10-26 19:30 133632 ----a-w- c:\windows\system32\librtmp.dll
2014-12-11 16:29 . 2013-06-12 14:15 119888 ----a-w- c:\windows\system32\pthreadGC2.dll
2014-12-11 16:29 . 2013-06-12 14:15 100864 ----a-w- c:\windows\system32\zlib1.dll
2014-12-11 16:29 . 2012-09-25 22:46 472424 ----a-w- c:\windows\system32\cudart32_50_35.dll
2014-12-11 16:29 . 2012-05-27 00:36 55808 ----a-w- c:\windows\system32\pthreadVC2.dll
2014-12-10 17:23 . 2014-11-11 02:44 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-02 08:11 . 2013-03-23 15:46 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-02 08:11 . 2013-03-23 15:46 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-12-13 10:02 . 2013-02-10 09:44 60560 ----a-w- c:\windows\system32\OpenCL.dll
2014-12-13 10:02 . 2012-10-10 20:14 16039176 ----a-w- c:\windows\system32\nvwgf2um.dll
2014-12-13 10:02 . 2012-10-10 20:14 14128496 ----a-w- c:\windows\system32\nvd3dum.dll
2014-12-13 10:02 . 2007-06-28 16:43 2897640 ----a-w- c:\windows\system32\nvapi.dll
2014-12-13 07:30 . 2013-02-10 09:44 3056784 ----a-w- c:\windows\system32\nvsvc.dll
2014-12-13 07:30 . 2007-06-28 16:43 4403016 ----a-w- c:\windows\system32\nvcpl.dll
2014-12-13 07:30 . 2013-02-10 09:44 669840 ----a-w- c:\windows\system32\nvvsvc.exe
2014-12-13 07:30 . 2013-02-10 09:44 62784 ----a-w- c:\windows\system32\nvshext.dll
2014-12-13 07:30 . 2013-02-10 09:44 2554000 ----a-w- c:\windows\system32\nvsvcr.dll
2014-12-13 07:30 . 2007-06-28 16:43 375112 ----a-w- c:\windows\system32\nvmctray.dll
2014-11-24 13:04 . 2013-09-03 15:33 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-11-23 12:00 . 2014-08-13 15:00 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-11-13 00:14 . 2014-11-18 17:42 906440 ----a-w- c:\windows\system32\nvdispgenco3234475.dll
2014-11-13 00:14 . 2014-11-18 17:42 1042064 ----a-w- c:\windows\system32\nvdispco3234475.dll
2014-11-11 02:44 . 2014-11-19 15:40 186880 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 02:44 . 2014-11-19 15:40 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-11-09 11:23 . 2014-11-09 11:23 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2014-10-30 04:49 . 2014-11-04 18:26 908608 ----a-w- c:\windows\system32\nvdispgenco3234460.dll
2014-10-30 04:49 . 2014-11-04 18:26 1043264 ----a-w- c:\windows\system32\nvdispco3234460.dll
2014-10-25 01:32 . 2014-11-12 17:17 67584 ----a-w- c:\windows\system32\packager.dll
2014-10-18 01:33 . 2014-11-12 17:18 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-16 16:38 . 2014-10-22 19:12 906440 ----a-w- c:\windows\system32\nvdispgenco3234448.dll
2014-10-16 16:38 . 2014-10-22 19:12 1041096 ----a-w- c:\windows\system32\nvdispco3234448.dll
2014-10-14 01:56 . 2014-11-12 17:17 136632 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 01:50 . 2014-11-12 17:17 523776 ----a-w- c:\windows\system32\termsrv.dll
2014-10-14 01:50 . 2014-11-12 17:17 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-14 01:47 . 2014-11-12 17:17 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-14 01:46 . 2014-11-12 17:17 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-10-10 00:45 . 2014-11-12 17:18 2379264 ----a-w- c:\windows\system32\win32k.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\erdnt\cache\user32.dll
[-] 2010-11-20 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-12-11 30877280]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2014-02-18 12017368]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-02-05 2234144]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2014-02-05 1048152]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-08 3076144]
"PowerDVD13Agent"="c:\program files\CyberLink\PowerDVD13\PowerDVD13Agent.exe" [2013-07-05 517144]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 279456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"QuickTime Plugin Install"=c:\program files\QuickTime\Plugins\DeleteMe1.exe
"Služba Acronis Scheduler2"="c:\program files\Common Files\Acronis\Plán2\schedhlp.exe"
"TrueImageMonitor.exe"=c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
R3 cpuz134;cpuz134;c:\users\top\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-04-09 235696]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-02-10 1343400]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 50624]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [2013-05-19 911680]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2014-11-09 243128]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 33656]
S2 {09F57980-3432-4AFC-957D-27AC45FAE1F5};Power Control [2014/12/30 16:33];c:\program files\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [2013-07-05 23:48 76560]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2013-05-19 2480048]
S2 CyberLink PowerDVD 13 Media Server Monitor Service;CyberLink PowerDVD 13 Media Server Monitor Service;c:\program files\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [2013-07-05 77576]
S2 CyberLink PowerDVD 13 Media Server Service;CyberLink PowerDVD 13 Media Server Service;c:\program files\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [2013-07-05 327432]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 163424]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2011-09-08 974944]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-02-05 1593632]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-02-05 15904544]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-12-13 410768]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2013-05-19 160288]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2013-12-27 34080]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-01-01 19:39 1087816 ----a-w- c:\program files\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-01-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-23 08:11]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{09F57980-3432-4AFC-957D-27AC45FAE1F5}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD13\Common\NavFilter\000.fcl"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\AUDIODG.EXE
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Acronis\Plán2\schedul2.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2015-01-02 10:11:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-01-02 09:11
ComboFix2.txt 2015-01-01 15:23
ComboFix3.txt 2014-12-29 08:35
.
Před spuštěním: Volných bajtů: 75 093 749 760
Po spuštění: Volných bajtů: 75 500 859 392
.
- - End Of File - - 69A77EDEC0C5A420F8E75A55854AA9EF
A36C5E4F47E84449FF07ED3517B43A31

bill.da
Level 2.5
Level 2.5
Příspěvky: 358
Registrován: říjen 09
Pohlaví: Muž
Stav:
Offline

Re: Prosim o kontrolu logu

Příspěvekod bill.da » 02 led 2015 10:18

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-01-02 10:14:45
-----------------------------
10:14:45.863 OS Version: Windows 6.1.7601 Service Pack 1
10:14:45.863 Number of processors: 2 586 0x6B02
10:14:45.863 ComputerName: TOP-PC UserName: top
10:15:10.128 Initialize success
10:15:10.175 VM: initialized successfully
10:15:10.175 VM: Amd CPU virtualization not supported
10:16:22.653 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000067
10:16:22.653 Disk 0 Vendor: SAMSUNG_ CT10 Size: 381553MB BusType: 3
10:16:22.793 Disk 0 MBR read successfully
10:16:22.793 Disk 0 MBR scan
10:16:22.793 Disk 0 Windows 7 default MBR code
10:16:22.793 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 120134 MB offset 63
10:16:22.793 Disk 0 Boot: NTFS code=1
10:16:22.809 Disk 0 Partition - 00 05 Extended 261409 MB offset 246051533
10:16:22.825 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 225388 MB offset 246051596
10:16:22.825 Disk 0 Partition - 00 05 Extended 36012 MB offset 707663250
10:16:22.856 Disk 0 scanning sectors +781417665
10:16:22.903 Disk 0 scanning C:\Windows\system32\drivers
10:16:28.153 Service scanning
10:16:40.622 Modules scanning
10:16:40.622 Disk 0 trace - called modules:
10:16:40.700 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys
10:16:40.700 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x867b78e0]
10:16:40.715 3 CLASSPNP.SYS[8920459e] -> nt!IofCallDriver -> [0x8600cbf0]
10:16:40.715 5 ACPI.sys[892413d4] -> nt!IofCallDriver -> \Device\00000067[0x86018698]
10:16:40.715 Disk 0 statistics 81815/0/0 @ 8,36 MB/s
10:16:40.731 Scan finished successfully
10:17:21.778 Disk 0 MBR has been saved successfully to "C:\Users\top\Documents\MBR.dat"
10:17:21.793 The log file has been saved successfully to "C:\Users\top\Documents\aswMBR.txt"

Uživatelský avatar
Orcus
člen Security týmu
Elite Level 10.5
Elite Level 10.5
Příspěvky: 10645
Registrován: duben 10
Bydliště: Okolo rostou 3 růže =o)
Pohlaví: Muž
Stav:
Offline

Re: Prosim o kontrolu logu

Příspěvekod Orcus » 02 led 2015 13:14

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

====================================================

Vyčisti systém CCleanerem

====================================================

Stáhni si zde DelFix
http://general-changelog-team.fr/fr/dow ... e/9-delfix

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore) .
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci.

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem. Jinak je zpráva zde:
v C: \ DelFix.txt

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku. Ten pohyb u měřičů je normální, počítač je od toho aby zdroje využíval + tam běží sys. aplikace na pozadí.
Láska hřeje, ale uhlí je uhlí. :fire:



Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.

Pár rad k bezpečnosti PC.

Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix

Pokud budete spokojeni , můžete podpořit naše fórum.

bill.da
Level 2.5
Level 2.5
Příspěvky: 358
Registrován: říjen 09
Pohlaví: Muž
Stav:
Offline

Re: Prosim o kontrolu logu

Příspěvekod bill.da » 02 led 2015 14:19

moc diky a nashledanou # DelFix v10.8 - Logfile created 02/01/2015 at 14:17:25
# Updated 29/07/2014 by Xplode
# Username : top - TOP-PC
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\Combofix
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\ComboFix.txt
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR
Deleted : HKLM\SYSTEM\CurrentControlSet\Services\aswMBR

~ Cleaning system restore ...


New restore point created !

########## - EOF - ##########


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 125 hostů