# AdwCleaner v4.203 - Log vytvořen 10/05/2015 v 15:45:20
# Aktualizováno 30/04/2015 by Xplode
# Databáze : 2015-05-09.1 [Server]
# Operační system : Windows 7 Ultimate Service Pack 1 (x64)
# Uživatelské jméno : GamingGTX770.i5.8gb - GAMINGGTX770I58
# Spuštěno z : C:\Users\GamingGTX770.i5.8gb\Desktop\adwcleaner_4.203.exe
# Nastavení : Čištění
***** [ Služby ] *****
***** [ Soubory / Složky ] *****
***** [ Naplánované úlohy ] *****
***** [ Zástupci ] *****
***** [ Registry ] *****
***** [ Prohlížeče ] *****
-\\ Internet Explorer v11.0.9600.17728
-\\ Google Chrome v42.0.2311.135
*************************
AdwCleaner[R0].txt - [2341 bytů] - [10/05/2015 12:40:31]
AdwCleaner[R1].txt - [2397 bytů] - [10/05/2015 12:43:44]
AdwCleaner[R2].txt - [965 bytů] - [10/05/2015 15:44:52]
AdwCleaner[S0].txt - [2023 bytů] - [10/05/2015 12:45:14]
AdwCleaner[S1].txt - [891 bytů] - [10/05/2015 15:45:20]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [948 bytů] ##########
Spouštění všech aplikací trvá 30 sec. Vyřešeno
-
- Level 1
- Příspěvky: 74
- Registrován: prosinec 10
- Pohlaví:
- Stav:
Offline
-
- Level 1
- Příspěvky: 74
- Registrován: prosinec 10
- Pohlaví:
- Stav:
Offline
Re: Spouštění všech aplikací trvá 30 sec.
Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 10.5.2015
Čas skenování: 15:50:15
Protokol: Mbam log.txt
Správce: Ano
Verze: 2.01.6.1022
Databáze malwaru: v2015.05.10.03
Databáze rootkitů: v2015.04.21.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto
OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: GamingGTX770.i5.8gb
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 384308
Uplynulý čas: 3 min, 12 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 2
PUP.Optional.DragonBranch.A, HKU\S-1-5-21-3002559689-705601799-426194015-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D640CE67-58E4-43C2-9ADC-6BB959D7C606}, Do karantény, [b546fd94cdbd65d149657dcccb38ce32],
PUP.Optional.DragonBranch.A, HKU\S-1-5-21-3002559689-705601799-426194015-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D640CE67-58E4-43C2-9ADC-6BB959D7C606}, Do karantény, [b546fd94cdbd65d149657dcccb38ce32],
Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 0
(Nenalezeny žádné škodlivé položky)
Soubory: 0
(Nenalezeny žádné škodlivé položky)
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
www.malwarebytes.org
Datum skenování: 10.5.2015
Čas skenování: 15:50:15
Protokol: Mbam log.txt
Správce: Ano
Verze: 2.01.6.1022
Databáze malwaru: v2015.05.10.03
Databáze rootkitů: v2015.04.21.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto
OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: GamingGTX770.i5.8gb
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 384308
Uplynulý čas: 3 min, 12 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 2
PUP.Optional.DragonBranch.A, HKU\S-1-5-21-3002559689-705601799-426194015-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D640CE67-58E4-43C2-9ADC-6BB959D7C606}, Do karantény, [b546fd94cdbd65d149657dcccb38ce32],
PUP.Optional.DragonBranch.A, HKU\S-1-5-21-3002559689-705601799-426194015-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D640CE67-58E4-43C2-9ADC-6BB959D7C606}, Do karantény, [b546fd94cdbd65d149657dcccb38ce32],
Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 0
(Nenalezeny žádné škodlivé položky)
Soubory: 0
(Nenalezeny žádné škodlivé položky)
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
-
- Level 1
- Příspěvky: 74
- Registrován: prosinec 10
- Pohlaví:
- Stav:
Offline
Re: Spouštění všech aplikací trvá 30 sec.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-05-2015
Ran by GamingGTX770.i5.8gb at 2015-05-10 15:56:36 Run:1
Running from C:\Users\GamingGTX770.i5.8gb\Desktop
Loaded Profiles: GamingGTX770.i5.8gb (Available profiles: GamingGTX770.i5.8gb)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
CloseProcesses:
HKU\S-1-5-21-3002559689-705601799-426194015-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-3002559689-705601799-426194015-1000\...\MountPoints2: {19792f9d-f282-11e4-8cc1-448a5b678e83} - F:\setup.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Dragon Branch -> {d640ce67-58e4-43c2-9adc-6bb959d7c606} -> C:\Program Files (x86)\Dragon Branch\Extensions\d640ce67-58e4-43c2-9adc-6bb959d7c606.dll [2015-05-10] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-05-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-05-02] (Google Inc.)
R2 Service Mgr DragonBranch; C:\ProgramData\b56dff5a-df23-4e43-acde-a4f08b8dcffb\plugincontainer.exe [556304 2015-05-10] ()
R2 Update Mgr DragonBranch; C:\Program Files (x86)\Common Files\b56dff5a-df23-4e43-acde-a4f08b8dcffb\updater.exe [478992 2015-05-10] ()
C:\ProgramData\b56dff5a-df23-4e43-acde-a4f08b8dcffb\plugincontainer.exe
C:\Program Files (x86)\Common Files\b56dff5a-df23-4e43-acde-a4f08b8dcffb\updater.exe
C:\ProgramData\b56dff5a-df23-4e43-acde-a4f08b8dcffb
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
E:\CDriver64.sys
E:\NTIOLib_X64.sys
C:\Program Files (x86)\Dragon Branch
C:\ProgramData\McAfee
C:\Windows\Tasks\*.job
Task: {3096D80D-4690-48DA-9A6D-7B326776E00D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {A1E3317E-7A88-4BE3-9170-8FD775C0D57C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-02] (Google Inc.)
Task: {DB634224-A504-4714-B634-CBB00EDB27B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-02] (Google Inc.)
CMD: bitsadmin /reset /allusers
Hosts:
EmptyTemp:
End
*****************
Processes closed successfully.
HKU\S-1-5-21-3002559689-705601799-426194015-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value deleted successfully.
"HKU\S-1-5-21-3002559689-705601799-426194015-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19792f9d-f282-11e4-8cc1-448a5b678e83}" => Key deleted successfully.
HKCR\CLSID\{19792f9d-f282-11e4-8cc1-448a5b678e83} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d640ce67-58e4-43c2-9adc-6bb959d7c606} => Key not found.
HKCR\Wow6432Node\CLSID\{d640ce67-58e4-43c2-9adc-6bb959d7c606} => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => Key deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll => Moved successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => Key deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll not found.
Service Mgr DragonBranch => Service not found.
Update Mgr DragonBranch => Service not found.
"C:\ProgramData\b56dff5a-df23-4e43-acde-a4f08b8dcffb\plugincontainer.exe" => File/Directory not found.
"C:\Program Files (x86)\Common Files\b56dff5a-df23-4e43-acde-a4f08b8dcffb\updater.exe" => File/Directory not found.
"C:\ProgramData\b56dff5a-df23-4e43-acde-a4f08b8dcffb" => File/Directory not found.
MSICDSetup => Service deleted successfully.
NTIOLib_1_0_C => Service deleted successfully.
"E:\CDriver64.sys" => File/Directory not found.
"E:\NTIOLib_X64.sys" => File/Directory not found.
"C:\Program Files (x86)\Dragon Branch" => File/Directory not found.
C:\ProgramData\McAfee => Moved successfully.
C:\Windows\Tasks\*.job => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3096D80D-4690-48DA-9A6D-7B326776E00D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3096D80D-4690-48DA-9A6D-7B326776E00D}" => Key deleted successfully.
C:\Windows\System32\Tasks\Adobe Acrobat Update Task => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A1E3317E-7A88-4BE3-9170-8FD775C0D57C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1E3317E-7A88-4BE3-9170-8FD775C0D57C}" => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DB634224-A504-4714-B634-CBB00EDB27B9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB634224-A504-4714-B634-CBB00EDB27B9}" => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => Key deleted successfully.
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
0 out of 0 jobs canceled.
========= End of CMD: =========
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 670.1 MB temporary data.
The system needed a reboot.
==== End of Fixlog 15:56:45 ====
Ran by GamingGTX770.i5.8gb at 2015-05-10 15:56:36 Run:1
Running from C:\Users\GamingGTX770.i5.8gb\Desktop
Loaded Profiles: GamingGTX770.i5.8gb (Available profiles: GamingGTX770.i5.8gb)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
CloseProcesses:
HKU\S-1-5-21-3002559689-705601799-426194015-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-3002559689-705601799-426194015-1000\...\MountPoints2: {19792f9d-f282-11e4-8cc1-448a5b678e83} - F:\setup.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Dragon Branch -> {d640ce67-58e4-43c2-9adc-6bb959d7c606} -> C:\Program Files (x86)\Dragon Branch\Extensions\d640ce67-58e4-43c2-9adc-6bb959d7c606.dll [2015-05-10] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-05-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-05-02] (Google Inc.)
R2 Service Mgr DragonBranch; C:\ProgramData\b56dff5a-df23-4e43-acde-a4f08b8dcffb\plugincontainer.exe [556304 2015-05-10] ()
R2 Update Mgr DragonBranch; C:\Program Files (x86)\Common Files\b56dff5a-df23-4e43-acde-a4f08b8dcffb\updater.exe [478992 2015-05-10] ()
C:\ProgramData\b56dff5a-df23-4e43-acde-a4f08b8dcffb\plugincontainer.exe
C:\Program Files (x86)\Common Files\b56dff5a-df23-4e43-acde-a4f08b8dcffb\updater.exe
C:\ProgramData\b56dff5a-df23-4e43-acde-a4f08b8dcffb
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
E:\CDriver64.sys
E:\NTIOLib_X64.sys
C:\Program Files (x86)\Dragon Branch
C:\ProgramData\McAfee
C:\Windows\Tasks\*.job
Task: {3096D80D-4690-48DA-9A6D-7B326776E00D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {A1E3317E-7A88-4BE3-9170-8FD775C0D57C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-02] (Google Inc.)
Task: {DB634224-A504-4714-B634-CBB00EDB27B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-02] (Google Inc.)
CMD: bitsadmin /reset /allusers
Hosts:
EmptyTemp:
End
*****************
Processes closed successfully.
HKU\S-1-5-21-3002559689-705601799-426194015-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value deleted successfully.
"HKU\S-1-5-21-3002559689-705601799-426194015-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19792f9d-f282-11e4-8cc1-448a5b678e83}" => Key deleted successfully.
HKCR\CLSID\{19792f9d-f282-11e4-8cc1-448a5b678e83} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d640ce67-58e4-43c2-9adc-6bb959d7c606} => Key not found.
HKCR\Wow6432Node\CLSID\{d640ce67-58e4-43c2-9adc-6bb959d7c606} => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => Key deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll => Moved successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => Key deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll not found.
Service Mgr DragonBranch => Service not found.
Update Mgr DragonBranch => Service not found.
"C:\ProgramData\b56dff5a-df23-4e43-acde-a4f08b8dcffb\plugincontainer.exe" => File/Directory not found.
"C:\Program Files (x86)\Common Files\b56dff5a-df23-4e43-acde-a4f08b8dcffb\updater.exe" => File/Directory not found.
"C:\ProgramData\b56dff5a-df23-4e43-acde-a4f08b8dcffb" => File/Directory not found.
MSICDSetup => Service deleted successfully.
NTIOLib_1_0_C => Service deleted successfully.
"E:\CDriver64.sys" => File/Directory not found.
"E:\NTIOLib_X64.sys" => File/Directory not found.
"C:\Program Files (x86)\Dragon Branch" => File/Directory not found.
C:\ProgramData\McAfee => Moved successfully.
C:\Windows\Tasks\*.job => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3096D80D-4690-48DA-9A6D-7B326776E00D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3096D80D-4690-48DA-9A6D-7B326776E00D}" => Key deleted successfully.
C:\Windows\System32\Tasks\Adobe Acrobat Update Task => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A1E3317E-7A88-4BE3-9170-8FD775C0D57C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1E3317E-7A88-4BE3-9170-8FD775C0D57C}" => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DB634224-A504-4714-B634-CBB00EDB27B9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB634224-A504-4714-B634-CBB00EDB27B9}" => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => Key deleted successfully.
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
0 out of 0 jobs canceled.
========= End of CMD: =========
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 670.1 MB temporary data.
The system needed a reboot.
==== End of Fixlog 15:56:45 ====
-
- Level 1
- Příspěvky: 74
- Registrován: prosinec 10
- Pohlaví:
- Stav:
Offline
Re: Spouštění všech aplikací trvá 30 sec.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.0 (05.09.2015:1)
OS: Windows 7 Ultimate x64
Ran by GamingGTX770.i5.8gb on ne 10.05.2015 at 15:59:48,14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 10.05.2015 at 16:01:28,26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.0 (05.09.2015:1)
OS: Windows 7 Ultimate x64
Ran by GamingGTX770.i5.8gb on ne 10.05.2015 at 15:59:48,14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 10.05.2015 at 16:01:28,26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
- Level 1
- Příspěvky: 74
- Registrován: prosinec 10
- Pohlaví:
- Stav:
Offline
Re: Spouštění všech aplikací trvá 30 sec.
RogueKiller V10.6.2.0 (x64) [May 4 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : GamingGTX770.i5.8gb [Práva správce]
Started from : C:\Users\GamingGTX770.i5.8gb\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 05/10/2015 16:07:51
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 30 ¤¤¤
[PUP] (X64) HKEY_USERS\RK_Cordero_ON_D_953E\Software\Microsoft\Windows\CurrentVersion\Run | Yontoo Desktop : "D:\Users\Cordero\AppData\Roaming\Yontoo\YontooDesktop.exe" [-] -> Nalezeno
[PUP] (X86) HKEY_USERS\RK_Cordero_ON_D_953E\Software\Microsoft\Windows\CurrentVersion\Run | Yontoo Desktop : "D:\Users\Cordero\AppData\Roaming\Yontoo\YontooDesktop.exe" [-] -> Nalezeno
[PUP|Troj.Generic|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_502D\ControlSet001\Services\BrowserProtect (D:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe) -> Nalezeno
[PUP|VT.ADWARE/Adware.Gen] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_502D\ControlSet001\Services\DatamngrCoordinator (D:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe) -> Nalezeno
[PUP|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_502D\ControlSet001\Services\Yontoo Desktop Updater ("D:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe" "D:\Users\Cordero\AppData\Roaming\Yontoo\YontooDesktop.exe") -> Nalezeno
[PUP|Troj.Generic|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_502D\ControlSet002\Services\BrowserProtect (D:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe) -> Nalezeno
[PUP|VT.ADWARE/Adware.Gen] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_502D\ControlSet002\Services\DatamngrCoordinator (D:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe) -> Nalezeno
[PUP|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_502D\ControlSet002\Services\Yontoo Desktop Updater ("D:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe" "D:\Users\Cordero\AppData\Roaming\Yontoo\YontooDesktop.exe") -> Nalezeno
[PUM.HomePage] (X64) HKEY_USERS\RK_Cordero_ON_D_953E\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.search.ask.com/?o=APN10649A& ... 97-123&t=4 -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\RK_Cordero_ON_D_953E\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.search.ask.com/?o=APN10649A& ... 97-123&t=4 -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_502D\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_502D\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A32C2E6E-B9BF-477F-BFB5-B919B5FB2B6C} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_502D\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2EFCFF51-1EFA-4278-91CD-10DA3CF5AB51} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A32C2E6E-B9BF-477F-BFB5-B919B5FB2B6C} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_502D\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2EFCFF51-1EFA-4278-91CD-10DA3CF5AB51} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{A32C2E6E-B9BF-477F-BFB5-B919B5FB2B6C} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_F109\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_F109\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_F109\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_F109\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno
[Suspicious.Path|VT.not-a-virus:WebToolbar.Win64.SearchSuite.a|VT.Adware.SearchSuite] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_F109\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs : D:\PROGRA~3\Wincert\WIN64C~1.DLL D:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll [-][7] -> Nalezeno
[Suspicious.Path|VT.not-a-virus:WebToolbar.Win64.SearchSuite.a|VT.Adware.SearchSuite] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_F109\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs : D:\PROGRA~3\Wincert\WIN64C~1.DLL D:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll [-][7] -> Nalezeno
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ADATA SP900 ATA Device +++++
--- User ---
[MBR] 7185f4af401bc26e47e2666cf64789d9
[BSP] e5ea5aa90fa8a65a8bc99271bb096005 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 122002 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: SAMSUNG HD642JJ ATA Device +++++
--- User ---
[MBR] 6e6130433f2ad3bee76992f901ffa431
[BSP] ab4bf85d19f657547f6da05fe0c118d9 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 610477 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_05102015_160611.log
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : GamingGTX770.i5.8gb [Práva správce]
Started from : C:\Users\GamingGTX770.i5.8gb\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 05/10/2015 16:07:51
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 30 ¤¤¤
[PUP] (X64) HKEY_USERS\RK_Cordero_ON_D_953E\Software\Microsoft\Windows\CurrentVersion\Run | Yontoo Desktop : "D:\Users\Cordero\AppData\Roaming\Yontoo\YontooDesktop.exe" [-] -> Nalezeno
[PUP] (X86) HKEY_USERS\RK_Cordero_ON_D_953E\Software\Microsoft\Windows\CurrentVersion\Run | Yontoo Desktop : "D:\Users\Cordero\AppData\Roaming\Yontoo\YontooDesktop.exe" [-] -> Nalezeno
[PUP|Troj.Generic|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_502D\ControlSet001\Services\BrowserProtect (D:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe) -> Nalezeno
[PUP|VT.ADWARE/Adware.Gen] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_502D\ControlSet001\Services\DatamngrCoordinator (D:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe) -> Nalezeno
[PUP|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_502D\ControlSet001\Services\Yontoo Desktop Updater ("D:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe" "D:\Users\Cordero\AppData\Roaming\Yontoo\YontooDesktop.exe") -> Nalezeno
[PUP|Troj.Generic|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_502D\ControlSet002\Services\BrowserProtect (D:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe) -> Nalezeno
[PUP|VT.ADWARE/Adware.Gen] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_502D\ControlSet002\Services\DatamngrCoordinator (D:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe) -> Nalezeno
[PUP|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_502D\ControlSet002\Services\Yontoo Desktop Updater ("D:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe" "D:\Users\Cordero\AppData\Roaming\Yontoo\YontooDesktop.exe") -> Nalezeno
[PUM.HomePage] (X64) HKEY_USERS\RK_Cordero_ON_D_953E\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.search.ask.com/?o=APN10649A& ... 97-123&t=4 -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\RK_Cordero_ON_D_953E\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.search.ask.com/?o=APN10649A& ... 97-123&t=4 -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_502D\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_502D\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A32C2E6E-B9BF-477F-BFB5-B919B5FB2B6C} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_502D\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2EFCFF51-1EFA-4278-91CD-10DA3CF5AB51} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A32C2E6E-B9BF-477F-BFB5-B919B5FB2B6C} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_502D\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2EFCFF51-1EFA-4278-91CD-10DA3CF5AB51} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{A32C2E6E-B9BF-477F-BFB5-B919B5FB2B6C} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_F109\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_F109\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_F109\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_F109\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno
[Suspicious.Path|VT.not-a-virus:WebToolbar.Win64.SearchSuite.a|VT.Adware.SearchSuite] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_F109\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs : D:\PROGRA~3\Wincert\WIN64C~1.DLL D:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll [-][7] -> Nalezeno
[Suspicious.Path|VT.not-a-virus:WebToolbar.Win64.SearchSuite.a|VT.Adware.SearchSuite] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_F109\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs : D:\PROGRA~3\Wincert\WIN64C~1.DLL D:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll [-][7] -> Nalezeno
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ADATA SP900 ATA Device +++++
--- User ---
[MBR] 7185f4af401bc26e47e2666cf64789d9
[BSP] e5ea5aa90fa8a65a8bc99271bb096005 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 122002 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: SAMSUNG HD642JJ ATA Device +++++
--- User ---
[MBR] 6e6130433f2ad3bee76992f901ffa431
[BSP] ab4bf85d19f657547f6da05fe0c118d9 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 610477 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_05102015_160611.log
-
- Level 1
- Příspěvky: 74
- Registrován: prosinec 10
- Pohlaví:
- Stav:
Offline
- jerabina
- člen Security týmu
-
Level 6
- Příspěvky: 3647
- Registrován: březen 13
- Bydliště: Litoměřice
- Pohlaví:
- Stav:
Offline
Re: Spouštění všech aplikací trvá 30 sec.
Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)
- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)
- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
-
- Level 1
- Příspěvky: 74
- Registrován: prosinec 10
- Pohlaví:
- Stav:
Offline
Re: Spouštění všech aplikací trvá 30 sec.
RogueKiller V10.6.2.0 (x64) [May 4 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : GamingGTX770.i5.8gb [Práva správce]
Started from : C:\Users\GamingGTX770.i5.8gb\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 05/10/2015 16:57:35
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 30 ¤¤¤
[PUP] (X64) HKEY_USERS\RK_Cordero_ON_D_FE4B\Software\Microsoft\Windows\CurrentVersion\Run | Yontoo Desktop : "D:\Users\Cordero\AppData\Roaming\Yontoo\YontooDesktop.exe" [-] -> Smazáno
[PUP] (X86) HKEY_USERS\RK_Cordero_ON_D_FE4B\Software\Microsoft\Windows\CurrentVersion\Run | Yontoo Desktop : "D:\Users\Cordero\AppData\Roaming\Yontoo\YontooDesktop.exe" [-] -> ERROR [2]
[PUP|Troj.Generic|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_EA7A\ControlSet001\Services\BrowserProtect (D:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe) -> Smazáno
[PUP|VT.ADWARE/Adware.Gen] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_EA7A\ControlSet001\Services\DatamngrCoordinator (D:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe) -> Smazáno
[PUP|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_EA7A\ControlSet001\Services\Yontoo Desktop Updater ("D:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe" "D:\Users\Cordero\AppData\Roaming\Yontoo\YontooDesktop.exe") -> Smazáno
[PUP|Troj.Generic|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_EA7A\ControlSet002\Services\BrowserProtect (D:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe) -> Smazáno
[PUP|VT.ADWARE/Adware.Gen] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_EA7A\ControlSet002\Services\DatamngrCoordinator (D:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe) -> Smazáno
[PUP|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_EA7A\ControlSet002\Services\Yontoo Desktop Updater ("D:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe" "D:\Users\Cordero\AppData\Roaming\Yontoo\YontooDesktop.exe") -> Smazáno
[PUM.HomePage] (X64) HKEY_USERS\RK_Cordero_ON_D_FE4B\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.search.ask.com/?o=APN10649A& ... 97-123&t=4 -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\RK_Cordero_ON_D_FE4B\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.search.ask.com/?o=APN10649A& ... 97-123&t=4 -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_EA7A\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_EA7A\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A32C2E6E-B9BF-477F-BFB5-B919B5FB2B6C} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_EA7A\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2EFCFF51-1EFA-4278-91CD-10DA3CF5AB51} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A32C2E6E-B9BF-477F-BFB5-B919B5FB2B6C} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_EA7A\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2EFCFF51-1EFA-4278-91CD-10DA3CF5AB51} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{A32C2E6E-B9BF-477F-BFB5-B919B5FB2B6C} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_F573\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_F573\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_F573\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_F573\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nahrazeno (0)
[Suspicious.Path|VT.not-a-virus:WebToolbar.Win64.SearchSuite.a|VT.Adware.SearchSuite] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_F573\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs : D:\PROGRA~3\Wincert\WIN64C~1.DLL D:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll [-][7] -> Nahrazeno ()
[Suspicious.Path|VT.not-a-virus:WebToolbar.Win64.SearchSuite.a|VT.Adware.SearchSuite] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_F573\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs : D:\PROGRA~3\Wincert\WIN64C~1.DLL D:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll [-][7] -> Nahrazeno ()
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ADATA SP900 ATA Device +++++
--- User ---
[MBR] 7185f4af401bc26e47e2666cf64789d9
[BSP] e5ea5aa90fa8a65a8bc99271bb096005 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 122002 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: SAMSUNG HD642JJ ATA Device +++++
--- User ---
[MBR] 6e6130433f2ad3bee76992f901ffa431
[BSP] ab4bf85d19f657547f6da05fe0c118d9 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 610477 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_05102015_160611.log - RKreport_SCN_05102015_160751.log - RKreport_SCN_05102015_165547.log
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : GamingGTX770.i5.8gb [Práva správce]
Started from : C:\Users\GamingGTX770.i5.8gb\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 05/10/2015 16:57:35
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 30 ¤¤¤
[PUP] (X64) HKEY_USERS\RK_Cordero_ON_D_FE4B\Software\Microsoft\Windows\CurrentVersion\Run | Yontoo Desktop : "D:\Users\Cordero\AppData\Roaming\Yontoo\YontooDesktop.exe" [-] -> Smazáno
[PUP] (X86) HKEY_USERS\RK_Cordero_ON_D_FE4B\Software\Microsoft\Windows\CurrentVersion\Run | Yontoo Desktop : "D:\Users\Cordero\AppData\Roaming\Yontoo\YontooDesktop.exe" [-] -> ERROR [2]
[PUP|Troj.Generic|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_EA7A\ControlSet001\Services\BrowserProtect (D:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe) -> Smazáno
[PUP|VT.ADWARE/Adware.Gen] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_EA7A\ControlSet001\Services\DatamngrCoordinator (D:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe) -> Smazáno
[PUP|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_EA7A\ControlSet001\Services\Yontoo Desktop Updater ("D:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe" "D:\Users\Cordero\AppData\Roaming\Yontoo\YontooDesktop.exe") -> Smazáno
[PUP|Troj.Generic|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_EA7A\ControlSet002\Services\BrowserProtect (D:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe) -> Smazáno
[PUP|VT.ADWARE/Adware.Gen] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_EA7A\ControlSet002\Services\DatamngrCoordinator (D:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe) -> Smazáno
[PUP|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_EA7A\ControlSet002\Services\Yontoo Desktop Updater ("D:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe" "D:\Users\Cordero\AppData\Roaming\Yontoo\YontooDesktop.exe") -> Smazáno
[PUM.HomePage] (X64) HKEY_USERS\RK_Cordero_ON_D_FE4B\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.search.ask.com/?o=APN10649A& ... 97-123&t=4 -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\RK_Cordero_ON_D_FE4B\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.search.ask.com/?o=APN10649A& ... 97-123&t=4 -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_EA7A\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_EA7A\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A32C2E6E-B9BF-477F-BFB5-B919B5FB2B6C} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_EA7A\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2EFCFF51-1EFA-4278-91CD-10DA3CF5AB51} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A32C2E6E-B9BF-477F-BFB5-B919B5FB2B6C} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_EA7A\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2EFCFF51-1EFA-4278-91CD-10DA3CF5AB51} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{A32C2E6E-B9BF-477F-BFB5-B919B5FB2B6C} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_F573\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_F573\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_F573\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_F573\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nahrazeno (0)
[Suspicious.Path|VT.not-a-virus:WebToolbar.Win64.SearchSuite.a|VT.Adware.SearchSuite] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_F573\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs : D:\PROGRA~3\Wincert\WIN64C~1.DLL D:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll [-][7] -> Nahrazeno ()
[Suspicious.Path|VT.not-a-virus:WebToolbar.Win64.SearchSuite.a|VT.Adware.SearchSuite] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_F573\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs : D:\PROGRA~3\Wincert\WIN64C~1.DLL D:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll [-][7] -> Nahrazeno ()
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ADATA SP900 ATA Device +++++
--- User ---
[MBR] 7185f4af401bc26e47e2666cf64789d9
[BSP] e5ea5aa90fa8a65a8bc99271bb096005 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 122002 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: SAMSUNG HD642JJ ATA Device +++++
--- User ---
[MBR] 6e6130433f2ad3bee76992f901ffa431
[BSP] ab4bf85d19f657547f6da05fe0c118d9 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 610477 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_05102015_160611.log - RKreport_SCN_05102015_160751.log - RKreport_SCN_05102015_165547.log
-
- Level 1
- Příspěvky: 74
- Registrován: prosinec 10
- Pohlaví:
- Stav:
Offline
Re: Spouštění všech aplikací trvá 30 sec.
ComboFix 15-05-09.01 - GamingGTX770.i5.8gb 10.05.2015 16:59:59.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.8136.6358 [GMT 2:00]
Spuštěný z: c:\users\GamingGTX770.i5.8gb\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-04-10 do 2015-05-10 )))))))))))))))))))))))))))))))
.
.
2015-05-10 15:03 . 2015-05-10 15:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-05-10 14:03 . 2015-05-10 14:54 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-05-10 14:03 . 2015-05-10 14:53 -------- d-----w- c:\programdata\RogueKiller
2015-05-10 13:59 . 2015-05-10 13:59 -------- d-----w- C:\RegBackup
2015-05-10 12:31 . 2015-05-10 13:57 -------- d-----w- C:\FRST
2015-05-10 10:53 . 2015-05-10 10:53 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-05-10 10:53 . 2015-04-14 07:37 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-05-10 10:53 . 2015-04-14 07:37 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-05-10 10:48 . 2015-05-10 10:53 -------- d-----w- c:\programdata\Malwarebytes
2015-05-10 10:48 . 2015-05-10 13:57 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-10 10:48 . 2015-05-10 10:52 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-05-10 10:47 . 2015-04-14 07:37 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-05-10 10:40 . 2015-05-10 13:45 -------- d-----w- C:\AdwCleaner
2015-05-10 09:15 . 2015-05-10 09:15 -------- d-----w- c:\program files (x86)\Trend Micro
2015-05-10 09:11 . 2015-05-10 09:11 -------- d-----w- c:\program files (x86)\CrystalDiskInfo
2015-05-08 20:26 . 2015-05-08 20:57 -------- d-----w- c:\program files (x86)\Common Files\Steam
2015-05-08 20:25 . 2015-05-09 18:50 -------- d-----w- c:\program files (x86)\Steam
2015-05-08 20:25 . 2015-05-08 20:25 -------- d-----w- c:\program files (x86)\Spintires
2015-05-08 18:02 . 2015-05-08 18:02 -------- d-----w- c:\program files (x86)\Common Files\Skype
2015-05-08 18:02 . 2015-05-08 18:02 -------- d-----r- c:\program files (x86)\Skype
2015-05-08 18:01 . 2015-05-08 18:02 -------- d-----w- c:\programdata\Skype
2015-05-06 18:06 . 2015-04-19 22:58 12032440 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F1B2D1DF-73B0-463F-A7F0-EBDC527B73D2}\mpengine.dll
2015-05-06 16:40 . 2015-05-06 16:40 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2015-05-06 16:38 . 2015-05-06 16:51 -------- d-----w- c:\program files (x86)\Kerbal Space Program
2015-05-06 16:32 . 2015-05-06 16:32 254528 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2015-05-06 16:32 . 2015-05-06 16:32 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2015-05-06 16:31 . 2015-05-06 16:31 -------- d-----w- c:\programdata\DAEMON Tools Lite
2015-05-04 17:24 . 2015-05-04 17:24 -------- d-----w- c:\windows\SysWow64\vbox
2015-05-04 17:24 . 2015-05-04 17:24 -------- d-----w- c:\windows\system32\vbox
2015-05-04 17:06 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2015-05-04 17:06 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2015-05-04 17:06 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2015-05-04 17:06 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2015-05-04 17:06 . 2015-02-03 03:31 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-05-04 17:06 . 2015-02-03 03:12 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-05-04 17:06 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-05-04 17:06 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-05-03 14:14 . 2013-10-14 16:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2015-05-03 14:05 . 2015-05-03 14:05 878080 ----a-w- c:\windows\system32\advapi32.dll
2015-05-03 14:05 . 2015-05-03 14:05 859648 ----a-w- c:\windows\system32\tdh.dll
2015-05-03 14:05 . 2015-05-03 14:05 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2015-05-03 14:05 . 2015-05-03 14:05 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2015-05-03 14:04 . 2015-05-03 14:04 327168 ----a-w- c:\windows\system32\mswsock.dll
2015-05-03 14:04 . 2015-05-03 14:04 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2015-05-03 13:59 . 2015-05-03 13:59 1887232 ----a-w- c:\windows\system32\d3d11.dll
2015-05-03 13:59 . 2015-05-03 13:59 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2015-05-03 13:01 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2015-05-03 13:01 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2015-05-03 13:01 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2015-05-03 12:57 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2015-05-03 12:57 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2015-05-03 12:57 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2015-05-03 12:57 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2015-05-03 12:57 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2015-05-03 12:57 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2015-05-03 12:57 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2015-05-03 12:57 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2015-05-03 12:51 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2015-05-03 12:50 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2015-05-03 12:49 . 2010-12-23 10:42 961024 ----a-w- c:\windows\system32\CPFilters.dll
2015-05-03 12:48 . 2015-02-26 03:25 3204096 ----a-w- c:\windows\system32\win32k.sys
2015-05-03 12:47 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2015-05-03 12:46 . 2014-06-03 10:02 112064 ----a-w- c:\windows\system32\consent.exe
2015-05-03 12:45 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2015-05-03 12:45 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2015-05-03 12:45 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2015-05-03 12:45 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2015-05-03 12:45 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
2015-05-03 12:45 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2015-05-03 12:45 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2015-05-03 12:45 . 2013-07-26 02:24 197120 ----a-w- c:\windows\system32\shdocvw.dll
2015-05-03 12:45 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2015-05-03 12:45 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2015-05-03 12:44 . 2015-03-04 04:55 367552 ----a-w- c:\windows\system32\clfs.sys
2015-05-03 12:44 . 2015-03-04 04:41 79360 ----a-w- c:\windows\system32\clfsw32.dll
2015-05-03 12:44 . 2015-03-04 04:10 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll
2015-05-03 12:44 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2015-05-03 12:44 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2015-05-03 11:01 . 2015-05-03 11:01 -------- d-----w- c:\windows\system32\SPReview
2015-05-03 11:01 . 2015-05-03 11:01 -------- d-----w- c:\windows\system32\EventProviders
2015-05-03 08:58 . 2015-05-03 08:59 -------- d-----w- c:\program files\WinRAR
2015-05-03 08:46 . 2015-05-03 08:46 -------- d-----w- c:\program files\CCleaner
2015-05-02 19:47 . 2015-05-02 19:51 -------- d-----w- c:\program files (x86)\Rockstar Games
2015-05-02 19:47 . 2015-05-02 19:51 -------- d-----w- c:\program files\Rockstar Games
2015-05-02 19:42 . 2008-10-15 04:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2015-05-02 19:42 . 2008-10-15 04:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2015-05-02 19:42 . 2008-10-15 04:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2015-05-02 19:42 . 2008-10-15 04:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2015-05-02 19:42 . 2008-10-15 04:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2015-05-02 19:42 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2015-05-02 18:21 . 2015-05-06 18:01 -------- d-----w- c:\windows\Panther
2015-05-02 18:21 . 2015-05-02 18:21 -------- d-----w- c:\windows\system32\OEM
2015-05-02 14:31 . 2015-05-10 11:55 -------- d-----w- C:\KMPlayer
2015-05-02 14:10 . 2015-05-02 14:11 -------- d-----w- c:\windows\system32\MRT
2015-05-02 13:59 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2015-05-02 13:59 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2015-05-02 13:48 . 2015-04-08 20:32 560968 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2015-05-02 13:16 . 2015-05-02 13:16 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-05-02 13:16 . 2015-05-02 13:16 89944 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-05-02 13:16 . 2015-05-02 13:16 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-05-02 13:16 . 2015-05-02 13:16 442264 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-05-02 13:16 . 2015-05-02 13:16 364472 ----a-w- c:\windows\system32\aswBoot.exe
2015-05-02 13:16 . 2015-05-02 13:16 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-05-02 13:16 . 2015-05-02 13:16 272248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-05-02 13:16 . 2015-05-02 13:16 137288 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-05-02 13:16 . 2015-05-02 13:16 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-05-02 13:16 . 2015-05-02 13:16 43112 ----a-w- c:\windows\avastSS.scr
2015-05-02 13:04 . 2015-05-02 13:04 -------- d-----w- c:\program files\AVAST Software
2015-05-02 13:03 . 2015-05-02 13:03 -------- d-----w- c:\programdata\AVAST Software
2015-05-02 13:01 . 2015-05-02 13:12 -------- d-----w- c:\program files (x86)\Google
2015-05-02 13:00 . 2015-03-28 03:44 1316000 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-05-02 13:00 . 2015-03-28 03:44 1316000 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-05-02 13:00 . 2015-03-28 03:43 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-05-02 13:00 . 2015-03-28 03:43 1570672 ----a-w- c:\windows\system32\nvspcap64.dll
2015-05-02 13:00 . 2014-11-22 10:46 38032 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2015-05-02 13:00 . 2014-11-22 10:46 35472 ----a-w- c:\windows\system32\nvaudcap64v.dll
2015-05-02 13:00 . 2014-11-22 10:46 32400 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2015-05-02 11:59 . 2015-02-24 02:17 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-05-02 11:41 . 2015-05-02 14:18 -------- d-----w- c:\program files (x86)\MSI Afterburner
2015-05-02 11:38 . 2013-03-20 05:16 910104 ----a-w- c:\windows\system32\MaxxAudioAPOShell64.dll
2015-05-02 11:37 . 2013-02-27 13:37 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2015-05-02 11:37 . 2015-05-02 12:30 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2015-05-02 11:37 . 2015-05-10 14:58 -------- d-----w- c:\programdata\Bigfoot Networks
2015-05-02 11:37 . 2015-05-02 11:37 -------- d-----w- c:\program files\Qualcomm Atheros
2015-05-02 11:35 . 2015-05-02 11:35 -------- d-----w- C:\MSI
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-03 14:06 . 2015-05-03 14:06 208384 ----a-w- c:\windows\SysWow64\webcheck.dll
2015-05-03 14:06 . 2015-05-03 14:06 243200 ----a-w- c:\windows\system32\webcheck.dll
2015-05-03 11:03 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2015-05-03 11:03 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2015-03-17 04:56 . 2015-05-03 12:50 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-11 292848]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-05-02 5515496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
R2 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 BfLwf;Qualcomm Atheros Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys;c:\windows\SYSNATIVE\DRIVERS\bflwfx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 Ke2200;NDIS Miniport Driver for the Killer e2200 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\e22w7x64.sys;c:\windows\SYSNATIVE\DRIVERS\e22w7x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-02 13:12 988488 ----a-w- c:\program files (x86)\Google\Chrome\Application\42.0.2311.135\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-05-02 13:16 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-03-29 7174728]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-03-28 2673296]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-03-28 1570672]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: %SYSTEMROOT%\system32\BfLLR.dll
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-05-10 17:04:42
ComboFix-quarantined-files.txt 2015-05-10 15:04
.
Před spuštěním: Volných bajtů: 68 262 404 096
Po spuštění: Volných bajtů: 68 094 164 992
.
- - End Of File - - C0966953685BE022274A522D078B830F
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.8136.6358 [GMT 2:00]
Spuštěný z: c:\users\GamingGTX770.i5.8gb\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-04-10 do 2015-05-10 )))))))))))))))))))))))))))))))
.
.
2015-05-10 15:03 . 2015-05-10 15:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-05-10 14:03 . 2015-05-10 14:54 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-05-10 14:03 . 2015-05-10 14:53 -------- d-----w- c:\programdata\RogueKiller
2015-05-10 13:59 . 2015-05-10 13:59 -------- d-----w- C:\RegBackup
2015-05-10 12:31 . 2015-05-10 13:57 -------- d-----w- C:\FRST
2015-05-10 10:53 . 2015-05-10 10:53 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-05-10 10:53 . 2015-04-14 07:37 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-05-10 10:53 . 2015-04-14 07:37 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-05-10 10:48 . 2015-05-10 10:53 -------- d-----w- c:\programdata\Malwarebytes
2015-05-10 10:48 . 2015-05-10 13:57 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-10 10:48 . 2015-05-10 10:52 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-05-10 10:47 . 2015-04-14 07:37 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-05-10 10:40 . 2015-05-10 13:45 -------- d-----w- C:\AdwCleaner
2015-05-10 09:15 . 2015-05-10 09:15 -------- d-----w- c:\program files (x86)\Trend Micro
2015-05-10 09:11 . 2015-05-10 09:11 -------- d-----w- c:\program files (x86)\CrystalDiskInfo
2015-05-08 20:26 . 2015-05-08 20:57 -------- d-----w- c:\program files (x86)\Common Files\Steam
2015-05-08 20:25 . 2015-05-09 18:50 -------- d-----w- c:\program files (x86)\Steam
2015-05-08 20:25 . 2015-05-08 20:25 -------- d-----w- c:\program files (x86)\Spintires
2015-05-08 18:02 . 2015-05-08 18:02 -------- d-----w- c:\program files (x86)\Common Files\Skype
2015-05-08 18:02 . 2015-05-08 18:02 -------- d-----r- c:\program files (x86)\Skype
2015-05-08 18:01 . 2015-05-08 18:02 -------- d-----w- c:\programdata\Skype
2015-05-06 18:06 . 2015-04-19 22:58 12032440 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F1B2D1DF-73B0-463F-A7F0-EBDC527B73D2}\mpengine.dll
2015-05-06 16:40 . 2015-05-06 16:40 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2015-05-06 16:38 . 2015-05-06 16:51 -------- d-----w- c:\program files (x86)\Kerbal Space Program
2015-05-06 16:32 . 2015-05-06 16:32 254528 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2015-05-06 16:32 . 2015-05-06 16:32 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2015-05-06 16:31 . 2015-05-06 16:31 -------- d-----w- c:\programdata\DAEMON Tools Lite
2015-05-04 17:24 . 2015-05-04 17:24 -------- d-----w- c:\windows\SysWow64\vbox
2015-05-04 17:24 . 2015-05-04 17:24 -------- d-----w- c:\windows\system32\vbox
2015-05-04 17:06 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2015-05-04 17:06 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2015-05-04 17:06 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2015-05-04 17:06 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2015-05-04 17:06 . 2015-02-03 03:31 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-05-04 17:06 . 2015-02-03 03:12 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-05-04 17:06 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-05-04 17:06 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-05-03 14:14 . 2013-10-14 16:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2015-05-03 14:05 . 2015-05-03 14:05 878080 ----a-w- c:\windows\system32\advapi32.dll
2015-05-03 14:05 . 2015-05-03 14:05 859648 ----a-w- c:\windows\system32\tdh.dll
2015-05-03 14:05 . 2015-05-03 14:05 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2015-05-03 14:05 . 2015-05-03 14:05 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2015-05-03 14:04 . 2015-05-03 14:04 327168 ----a-w- c:\windows\system32\mswsock.dll
2015-05-03 14:04 . 2015-05-03 14:04 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2015-05-03 13:59 . 2015-05-03 13:59 1887232 ----a-w- c:\windows\system32\d3d11.dll
2015-05-03 13:59 . 2015-05-03 13:59 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2015-05-03 13:01 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2015-05-03 13:01 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2015-05-03 13:01 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2015-05-03 12:57 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2015-05-03 12:57 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2015-05-03 12:57 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2015-05-03 12:57 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2015-05-03 12:57 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2015-05-03 12:57 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2015-05-03 12:57 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2015-05-03 12:57 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2015-05-03 12:51 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2015-05-03 12:50 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2015-05-03 12:49 . 2010-12-23 10:42 961024 ----a-w- c:\windows\system32\CPFilters.dll
2015-05-03 12:48 . 2015-02-26 03:25 3204096 ----a-w- c:\windows\system32\win32k.sys
2015-05-03 12:47 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2015-05-03 12:46 . 2014-06-03 10:02 112064 ----a-w- c:\windows\system32\consent.exe
2015-05-03 12:45 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2015-05-03 12:45 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2015-05-03 12:45 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2015-05-03 12:45 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2015-05-03 12:45 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
2015-05-03 12:45 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2015-05-03 12:45 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2015-05-03 12:45 . 2013-07-26 02:24 197120 ----a-w- c:\windows\system32\shdocvw.dll
2015-05-03 12:45 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2015-05-03 12:45 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2015-05-03 12:44 . 2015-03-04 04:55 367552 ----a-w- c:\windows\system32\clfs.sys
2015-05-03 12:44 . 2015-03-04 04:41 79360 ----a-w- c:\windows\system32\clfsw32.dll
2015-05-03 12:44 . 2015-03-04 04:10 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll
2015-05-03 12:44 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2015-05-03 12:44 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2015-05-03 11:01 . 2015-05-03 11:01 -------- d-----w- c:\windows\system32\SPReview
2015-05-03 11:01 . 2015-05-03 11:01 -------- d-----w- c:\windows\system32\EventProviders
2015-05-03 08:58 . 2015-05-03 08:59 -------- d-----w- c:\program files\WinRAR
2015-05-03 08:46 . 2015-05-03 08:46 -------- d-----w- c:\program files\CCleaner
2015-05-02 19:47 . 2015-05-02 19:51 -------- d-----w- c:\program files (x86)\Rockstar Games
2015-05-02 19:47 . 2015-05-02 19:51 -------- d-----w- c:\program files\Rockstar Games
2015-05-02 19:42 . 2008-10-15 04:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2015-05-02 19:42 . 2008-10-15 04:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2015-05-02 19:42 . 2008-10-15 04:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2015-05-02 19:42 . 2008-10-15 04:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2015-05-02 19:42 . 2008-10-15 04:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2015-05-02 19:42 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2015-05-02 18:21 . 2015-05-06 18:01 -------- d-----w- c:\windows\Panther
2015-05-02 18:21 . 2015-05-02 18:21 -------- d-----w- c:\windows\system32\OEM
2015-05-02 14:31 . 2015-05-10 11:55 -------- d-----w- C:\KMPlayer
2015-05-02 14:10 . 2015-05-02 14:11 -------- d-----w- c:\windows\system32\MRT
2015-05-02 13:59 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2015-05-02 13:59 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2015-05-02 13:48 . 2015-04-08 20:32 560968 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2015-05-02 13:16 . 2015-05-02 13:16 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-05-02 13:16 . 2015-05-02 13:16 89944 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-05-02 13:16 . 2015-05-02 13:16 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-05-02 13:16 . 2015-05-02 13:16 442264 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-05-02 13:16 . 2015-05-02 13:16 364472 ----a-w- c:\windows\system32\aswBoot.exe
2015-05-02 13:16 . 2015-05-02 13:16 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-05-02 13:16 . 2015-05-02 13:16 272248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-05-02 13:16 . 2015-05-02 13:16 137288 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-05-02 13:16 . 2015-05-02 13:16 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-05-02 13:16 . 2015-05-02 13:16 43112 ----a-w- c:\windows\avastSS.scr
2015-05-02 13:04 . 2015-05-02 13:04 -------- d-----w- c:\program files\AVAST Software
2015-05-02 13:03 . 2015-05-02 13:03 -------- d-----w- c:\programdata\AVAST Software
2015-05-02 13:01 . 2015-05-02 13:12 -------- d-----w- c:\program files (x86)\Google
2015-05-02 13:00 . 2015-03-28 03:44 1316000 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-05-02 13:00 . 2015-03-28 03:44 1316000 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-05-02 13:00 . 2015-03-28 03:43 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-05-02 13:00 . 2015-03-28 03:43 1570672 ----a-w- c:\windows\system32\nvspcap64.dll
2015-05-02 13:00 . 2014-11-22 10:46 38032 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2015-05-02 13:00 . 2014-11-22 10:46 35472 ----a-w- c:\windows\system32\nvaudcap64v.dll
2015-05-02 13:00 . 2014-11-22 10:46 32400 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2015-05-02 11:59 . 2015-02-24 02:17 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-05-02 11:41 . 2015-05-02 14:18 -------- d-----w- c:\program files (x86)\MSI Afterburner
2015-05-02 11:38 . 2013-03-20 05:16 910104 ----a-w- c:\windows\system32\MaxxAudioAPOShell64.dll
2015-05-02 11:37 . 2013-02-27 13:37 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2015-05-02 11:37 . 2015-05-02 12:30 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2015-05-02 11:37 . 2015-05-10 14:58 -------- d-----w- c:\programdata\Bigfoot Networks
2015-05-02 11:37 . 2015-05-02 11:37 -------- d-----w- c:\program files\Qualcomm Atheros
2015-05-02 11:35 . 2015-05-02 11:35 -------- d-----w- C:\MSI
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-03 14:06 . 2015-05-03 14:06 208384 ----a-w- c:\windows\SysWow64\webcheck.dll
2015-05-03 14:06 . 2015-05-03 14:06 243200 ----a-w- c:\windows\system32\webcheck.dll
2015-05-03 11:03 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2015-05-03 11:03 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2015-03-17 04:56 . 2015-05-03 12:50 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-11 292848]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-05-02 5515496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
R2 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 BfLwf;Qualcomm Atheros Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys;c:\windows\SYSNATIVE\DRIVERS\bflwfx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 Ke2200;NDIS Miniport Driver for the Killer e2200 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\e22w7x64.sys;c:\windows\SYSNATIVE\DRIVERS\e22w7x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-02 13:12 988488 ----a-w- c:\program files (x86)\Google\Chrome\Application\42.0.2311.135\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-05-02 13:16 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-03-29 7174728]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-03-28 2673296]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-03-28 1570672]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: %SYSTEMROOT%\system32\BfLLR.dll
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-05-10 17:04:42
ComboFix-quarantined-files.txt 2015-05-10 15:04
.
Před spuštěním: Volných bajtů: 68 262 404 096
Po spuštění: Volných bajtů: 68 094 164 992
.
- - End Of File - - C0966953685BE022274A522D078B830F
A36C5E4F47E84449FF07ED3517B43A31
Re: Spouštění všech aplikací trvá 30 sec.
Stáhni si Zoek: http://download.bleepingcomputer.com/smeenk/zoek.exe
Ulož na Plochu, otevři jako správce, do otevřeného okna vlož tento kód:
A klikni na Run script, chvíli to potrvá. Po restartu PC prosím přilož jeho log.
Co problémy?
Ulož na Plochu, otevři jako správce, do otevřeného okna vlož tento kód:
Kód: Vybrat vše
autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;
A klikni na Run script, chvíli to potrvá. Po restartu PC prosím přilož jeho log.
Co problémy?
-
- Level 1
- Příspěvky: 74
- Registrován: prosinec 10
- Pohlaví:
- Stav:
Offline
Re: Spouštění všech aplikací trvá 30 sec.
Zoek mi nejde spustit, v procesech je spuštěn ale žádné okno se neukáže.
Problém se spouštěním stále trvá.
Problém se spouštěním stále trvá.

- jerabina
- člen Security týmu
-
Level 6
- Příspěvky: 3647
- Registrován: březen 13
- Bydliště: Litoměřice
- Pohlaví:
- Stav:
Offline
Re: Spouštění všech aplikací trvá 30 sec.
Zkus Zoek v nouz. režimu.
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
Kdo je online
Uživatelé prohlížející si toto fórum: DotNetDotCom.org [Bot] a 59 hostů