Log ze zoeku, který sice smazal dost věcí, ale hlavně ty, které používám v chromu, takže díky moc. Jdu projet Combofix.
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Venki on st 18.05.2016 at 21:04:55,95.
Microsoft Windows 7 Ultimate 6.1.7600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Venki\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
18.5.2016 21:05:18 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Empty Folders Check ======================
C:\Users\Venki\AppData\Roaming\MMFApplications deleted successfully
C:\Users\Venki\AppData\Roaming\TEdit deleted successfully
C:\Users\Venki\AppData\Local\LumaEmu deleted successfully
C:\Users\Venki\AppData\Local\Skype deleted successfully
C:\Users\Venki\AppData\Local\Ubisoft Game Launcher deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Venki\AppData\Roaming\Mozilla\Firefox\Profiles\j69a6g4m.default\prefs.js:
Added to C:\Users\Venki\AppData\Roaming\Mozilla\Firefox\Profiles\j69a6g4m.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Deleting Files \ Folders ======================
C:\PROGRA~2\BandiMPEG1 deleted
C:\Users\Venki\.android deleted
C:\Windows\sysWoW64\config\systemprofile\.android deleted
C:\PROGRA~2\Skillbrains deleted
C:\cgc.exe deleted
C:\CgfDump.exe deleted
C:\fxc.exe deleted
C:\LuaCompiler.exe deleted
C:\rc.exe deleted
C:\Users\Venki\AppData\Roaming\Ping Monitor_Settings.ini deleted
C:\PROGRA~3\{8533ADFA-85F0-4dc1-946A-2A0BA58E78E3} deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Venki\AppData\Local\Unity deleted
C:\Windows\serviceprofiles\Localservice\AppData\Local\iexpress.exe.mui deleted
C:\Users\Venki\AppData\LocalLow\Unity deleted
C:\Windows\SysWow64\AI_RecycleBin deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\Venki\AppData\Roaming\Mozilla\Firefox\Profiles\j69a6g4m.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"fiddlerhook@fiddler2.com"="C:\Program Files (x86)\Fiddler2\FiddlerHook" [23.12.2014 16:04]
==== Firefox Extensions ======================
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Venki\AppData\Roaming\Mozilla\Firefox\Profiles\j69a6g4m.default
70858ED7836E5C849D33576A84DC8CCF - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll - Shockwave Flash
==== Chromium Look ======================
Google Chrome Version: 46.0.2490.86
Video Downloader - Venki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc
Steam item search between friends. - Venki\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajlddciniccidokpjhppahkoefohkchg
Angry Birds - Venki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj
Facebook - Venki\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm
SIH - Venki\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl
Tampermonkey - Venki\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo
Lounge Assistant - Venki\AppData\Local\Google\Chrome\User Data\Default\Extensions\enjonnlehciedbcidabdglnnihcncbml
LoungeDestroyer - Venki\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghahcnmfjfckcedfajbhekgknjdplfcl
AdBlock - Venki\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Steam Market Auto-Agree - Venki\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlicldafjdigokihkkdlbpfgehihjodl
Until AM Web App - Venki\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk
2.0.11 (8c8146a) - Venki\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnoeeagkgpkplnhmnnlgodjnjgckhja
Steam Community Market Quick Buy - Venki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbfjlhfadijipchkejgenbnnoebonckm
==== Chromium Fix ======================
C:\Users\Venki\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_toolbar.yahoo.com_0.localstorage deleted successfully
C:\Users\Venki\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_toolbar.yahoo.com_0.localstorage-journal deleted successfully
C:\Users\Venki\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.savefrom.net_0.localstorage deleted successfully
C:\Users\Venki\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.savefrom.net_0.localstorage-journal deleted successfully
C:\Users\Venki\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adultero.info_0.localstorage deleted successfully
C:\Users\Venki\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adultero.info_0.localstorage-journal deleted successfully
C:\Users\Venki\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adultubeus.info_0.localstorage deleted successfully
C:\Users\Venki\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adultubeus.info_0.localstorage-journal deleted successfully
C:\Users\Venki\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.indiedb.com_0.localstorage deleted successfully
C:\Users\Venki\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.indiedb.com_0.localstorage-journal deleted successfully
C:\Users\Venki\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.moddb.com_0.localstorage deleted successfully
C:\Users\Venki\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.moddb.com_0.localstorage-journal deleted successfully
C:\Users\Venki\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\Venki\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
C:\Users\Venki\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\Venki\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Venki\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d2i49pn6mosg0g.cloudfront.net_0.localstorage deleted successfully
C:\Users\Venki\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d2i49pn6mosg0g.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\Venki\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_deals.razerzone.com_0.localstorage deleted successfully
C:\Users\Venki\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_deals.razerzone.com_0.localstorage-journal deleted successfully
C:\Users\Venki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc deleted successfully
C:\Users\Venki\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aiimdkdngfcipjohbjenkahhlhccpdbc_0.localstorage deleted successfully
C:\Users\Venki\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aiimdkdngfcipjohbjenkahhlhccpdbc_0.localstorage-journal deleted successfully
C:\Users\Venki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbfjlhfadijipchkejgenbnnoebonckm deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
==== All HKLM and HKCU SearchScopes ======================
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
==== Reset Google Chrome ======================
C:\Users\Venki\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Venki\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Venki\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Venki\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
==== Deleting Registry Keys ======================
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRCDS deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Users\Venki\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Venki\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JJRQ9XLC will be deleted at reboot
C:\Users\Venki\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XYZKPRWF will be deleted at reboot
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\078EC4Z3 will be deleted at reboot
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P6Y3LM1I will be deleted at reboot
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QQ8YFDK0 will be deleted at reboot
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RXMWM4RA will be deleted at reboot
C:\Users\Venki\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
C:\Users\Venki\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=295 folders=76 66057316 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Venki\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Venki\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Users\Venki\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Users\Venki\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JJRQ9XLC" not found
"C:\Users\Venki\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XYZKPRWF" not found
"C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\078EC4Z3" not deleted
"C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P6Y3LM1I" not deleted
"C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QQ8YFDK0" not deleted
"C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RXMWM4RA" not deleted
==== EOF on st 18.05.2016 at 21:16:23,83 ======================
Prosím o kontrolu logu - mírné zpomalení, poruchy obrazu
-
GeneralVenki
- nováček
- Příspěvky: 28
- Registrován: srpen 14
- Pohlaví:
- Stav:
Offline
-
GeneralVenki
- nováček
- Příspěvky: 28
- Registrován: srpen 14
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu - mírné zpomalení, poruchy obrazu
Combofix:
ComboFix 16-05-18.01 - Venki 18.05.2016 21:29:31.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.8140.5669 [GMT 2:00]
Spuštěný z: c:\users\Venki\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\users\Venki\AppData\Roaming\poclbm
c:\users\Venki\AppData\Roaming\poclbm\poclbm_scrypt.ini
c:\windows\PFRO.log
c:\windows\SysWow64\ijl11.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-04-18 do 2016-05-18 )))))))))))))))))))))))))))))))
.
.
2016-05-18 19:27 . 2016-05-18 19:27 -------- d-----w- c:\program files (x86)\Skillbrains
2016-05-18 19:16 . 2016-05-18 19:16 -------- d-----w- c:\users\Venki\AppData\Local\CrashRpt
2016-05-18 19:15 . 2016-05-18 19:04 24064 ----a-w- c:\windows\zoek-delete.exe
2016-05-18 19:15 . 2016-05-18 19:32 -------- d-----w- c:\users\Venki\AppData\Local\Temp
2016-05-18 19:04 . 2016-05-18 19:14 -------- d-----w- C:\zoek_backup
2016-05-18 15:21 . 2016-05-18 15:21 -------- d-----w- c:\users\Venki\AppData\Local\ATI
2016-05-18 15:19 . 2016-05-18 15:19 -------- d-----w- c:\users\Venki\AppData\Local\Downloaded Installations
2016-05-18 14:58 . 2016-05-18 14:58 -------- d-----w- c:\users\Venki\AppData\Local\CEF
2016-05-18 14:41 . 2016-05-18 14:41 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-05-18 14:40 . 2016-03-10 12:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-05-18 14:40 . 2016-03-10 12:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-05-18 14:40 . 2016-03-10 12:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-05-18 14:40 . 2016-05-18 14:41 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-05-18 14:38 . 2016-05-18 19:16 -------- d-----w- c:\users\Venki\AppData\Local\CrashDumps
2016-05-18 14:38 . 2016-05-18 16:20 -------- d-----w- c:\users\Venki\AppData\Local\AMD
2016-05-18 14:38 . 2016-05-18 14:38 -------- d-----w- c:\users\Venki\AppData\Local\Apps
2016-05-17 19:49 . 2016-05-17 19:49 -------- d-----w- c:\users\Venki\AppData\Local\SLAM
2016-05-17 16:20 . 2016-05-17 16:20 -------- d-----w- c:\program files (x86)\Geeks3D
2016-05-17 15:45 . 2016-05-17 15:45 -------- d-----w- c:\program files (x86)\VulkanRT
2016-05-17 13:18 . 2016-05-17 13:18 -------- d-----w- c:\programdata\ATI
2016-05-01 18:39 . 2016-05-01 18:39 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{126FEB66-925E-478F-9DEE-DB2EAD5910D6}\offreg.4968.dll
2016-05-01 09:08 . 2016-05-01 09:08 -------- d-----w- c:\users\Venki\aTubeCatcher
2016-04-28 12:32 . 2016-04-28 12:32 -------- d-----w- c:\program files\mmpicker
2016-04-24 07:58 . 2016-04-24 07:58 -------- d-----w- c:\users\Venki\AppData\Roaming\Microsoft Games
2016-04-23 09:08 . 2016-04-23 09:11 -------- d-----w- C:\SDILENA
2016-04-19 15:27 . 2016-04-19 15:27 -------- d-----w- c:\program files (x86)\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-05-18 19:19 . 2014-08-09 17:04 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-05-09 12:59 . 2014-09-14 15:17 348360 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2016-05-09 12:59 . 2014-09-14 15:17 348360 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2016-05-09 12:59 . 2014-09-14 15:17 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2016-03-24 18:57 . 2016-03-24 18:57 110144 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-64.dll
2016-03-24 18:57 . 2014-12-23 11:52 110144 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2016-03-24 18:56 . 2016-03-10 17:43 97856 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner"="c:\program files\CCleaner\CCleaner64.exe" [2015-01-20 7404312]
"WhatPulse"="c:\program files (x86)\WhatPulse2\whatpulse.exe" [2016-02-25 3942400]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-01-20 7404312]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2016-03-01 50670720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Lightshot"="c:\program files (x86)\Skillbrains\lightshot\Lightshot.exe" [2014-10-16 226560]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-03-20 595480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]
R2 Mobizen plugin;Mobizen plugin;c:\program files (x86)\RSUPPORT\MobizenService\MobizenService.exe;c:\program files (x86)\RSUPPORT\MobizenService\MobizenService.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys;c:\windows\SYSNATIVE\drivers\anvsnddrv.sys [x]
R3 cpuz138;cpuz138;c:\users\Venki\AppData\Local\Temp\cpuz138\cpuz138_x64.sys;c:\users\Venki\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 Mac606;Mac606 Filter;c:\windows\system32\DRIVERS\Mac606a.sys;c:\windows\SYSNATIVE\DRIVERS\Mac606a.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 Origin Client Service;Origin Client Service;d:\program files (x86)\Origin\OriginClientService.exe;d:\program files (x86)\Origin\OriginClientService.exe [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va062;X6va062;c:\windows\SysWOW64\Drivers\X6va062;c:\windows\SysWOW64\Drivers\X6va062 [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
R4 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 nldrv;nldrv;c:\program files\Locktime Software\NetLimiter 4\nldrv.sys;c:\program files\Locktime Software\NetLimiter 4\nldrv.sys [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-05-18 18:33 1186968 ----a-w- c:\program files (x86)\Google\Chrome\Application\50.0.2661.102\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2016-05-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-06 09:24]
.
2016-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-06-06 19:03]
.
2016-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-06-06 19:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-16 12445288]
"StartCN"="c:\program files\AMD\CNext\CNext\cnext.exe" [2015-11-18 4859592]
"HP CP1020 System Tray"="c:\program files\HP\HP LaserJet Professional CP1020 Series\HPCP1020STRAY.EXE" [2012-11-28 3344384]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 172.16.0.5 172.16.10.1
FF - ProfilePath - c:\users\Venki\AppData\Roaming\Mozilla\Firefox\Profiles\j69a6g4m.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-Worms Armageddon - c:\sdilena\Worms Armageddon\Uninst.isu
AddRemove-{15134cb0-b767-4960-a911-f2d16ae54797} - c:\programdata\Package Cache\{15134cb0-b767-4960-a911-f2d16ae54797}\vcredist_x64.exe
AddRemove-{1a63c099-febd-4eaf-83ad-a82ea4fdac49} - c:\programdata\Package Cache\{1a63c099-febd-4eaf-83ad-a82ea4fdac49}\vcredist_x64.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{8409c4f7-2340-4933-a304-5d37db4fb48b} - c:\programdata\Package Cache\{8409c4f7-2340-4933-a304-5d37db4fb48b}\Intel® Driver Update Utility Installer.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
AddRemove-{a2199617-3609-410f-a8e8-e8806c73545b} - c:\programdata\Package Cache\{a2199617-3609-410f-a8e8-e8806c73545b}\vcredist_x64.exe
AddRemove-{b55f7208-e02b-4828-ac78-59c73ddf5bc7} - c:\programdata\Package Cache\{b55f7208-e02b-4828-ac78-59c73ddf5bc7}\vcredist_x86.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{f0080ca2-80ae-4958-b6eb-e8fa916d744a} - c:\programdata\Package Cache\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}\vcredist_x86.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va062]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va062"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe
c:\program files (x86)\WhatPulse2\whatpulse-watchdog.exe
.
**************************************************************************
.
Celkový čas: 2016-05-18 21:33:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-05-18 19:33
.
Před spuštěním: Volných bajtů: 92 230 037 504
Po spuštění: Volných bajtů: 92 310 695 936
.
- - End Of File - - 8BF101FE74202ABB623ED3580694F3BE
A36C5E4F47E84449FF07ED3517B43A31
ComboFix 16-05-18.01 - Venki 18.05.2016 21:29:31.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.8140.5669 [GMT 2:00]
Spuštěný z: c:\users\Venki\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\users\Venki\AppData\Roaming\poclbm
c:\users\Venki\AppData\Roaming\poclbm\poclbm_scrypt.ini
c:\windows\PFRO.log
c:\windows\SysWow64\ijl11.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-04-18 do 2016-05-18 )))))))))))))))))))))))))))))))
.
.
2016-05-18 19:27 . 2016-05-18 19:27 -------- d-----w- c:\program files (x86)\Skillbrains
2016-05-18 19:16 . 2016-05-18 19:16 -------- d-----w- c:\users\Venki\AppData\Local\CrashRpt
2016-05-18 19:15 . 2016-05-18 19:04 24064 ----a-w- c:\windows\zoek-delete.exe
2016-05-18 19:15 . 2016-05-18 19:32 -------- d-----w- c:\users\Venki\AppData\Local\Temp
2016-05-18 19:04 . 2016-05-18 19:14 -------- d-----w- C:\zoek_backup
2016-05-18 15:21 . 2016-05-18 15:21 -------- d-----w- c:\users\Venki\AppData\Local\ATI
2016-05-18 15:19 . 2016-05-18 15:19 -------- d-----w- c:\users\Venki\AppData\Local\Downloaded Installations
2016-05-18 14:58 . 2016-05-18 14:58 -------- d-----w- c:\users\Venki\AppData\Local\CEF
2016-05-18 14:41 . 2016-05-18 14:41 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-05-18 14:40 . 2016-03-10 12:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-05-18 14:40 . 2016-03-10 12:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-05-18 14:40 . 2016-03-10 12:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-05-18 14:40 . 2016-05-18 14:41 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-05-18 14:38 . 2016-05-18 19:16 -------- d-----w- c:\users\Venki\AppData\Local\CrashDumps
2016-05-18 14:38 . 2016-05-18 16:20 -------- d-----w- c:\users\Venki\AppData\Local\AMD
2016-05-18 14:38 . 2016-05-18 14:38 -------- d-----w- c:\users\Venki\AppData\Local\Apps
2016-05-17 19:49 . 2016-05-17 19:49 -------- d-----w- c:\users\Venki\AppData\Local\SLAM
2016-05-17 16:20 . 2016-05-17 16:20 -------- d-----w- c:\program files (x86)\Geeks3D
2016-05-17 15:45 . 2016-05-17 15:45 -------- d-----w- c:\program files (x86)\VulkanRT
2016-05-17 13:18 . 2016-05-17 13:18 -------- d-----w- c:\programdata\ATI
2016-05-01 18:39 . 2016-05-01 18:39 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{126FEB66-925E-478F-9DEE-DB2EAD5910D6}\offreg.4968.dll
2016-05-01 09:08 . 2016-05-01 09:08 -------- d-----w- c:\users\Venki\aTubeCatcher
2016-04-28 12:32 . 2016-04-28 12:32 -------- d-----w- c:\program files\mmpicker
2016-04-24 07:58 . 2016-04-24 07:58 -------- d-----w- c:\users\Venki\AppData\Roaming\Microsoft Games
2016-04-23 09:08 . 2016-04-23 09:11 -------- d-----w- C:\SDILENA
2016-04-19 15:27 . 2016-04-19 15:27 -------- d-----w- c:\program files (x86)\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-05-18 19:19 . 2014-08-09 17:04 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-05-09 12:59 . 2014-09-14 15:17 348360 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2016-05-09 12:59 . 2014-09-14 15:17 348360 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2016-05-09 12:59 . 2014-09-14 15:17 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2016-03-24 18:57 . 2016-03-24 18:57 110144 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-64.dll
2016-03-24 18:57 . 2014-12-23 11:52 110144 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2016-03-24 18:56 . 2016-03-10 17:43 97856 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner"="c:\program files\CCleaner\CCleaner64.exe" [2015-01-20 7404312]
"WhatPulse"="c:\program files (x86)\WhatPulse2\whatpulse.exe" [2016-02-25 3942400]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-01-20 7404312]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2016-03-01 50670720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Lightshot"="c:\program files (x86)\Skillbrains\lightshot\Lightshot.exe" [2014-10-16 226560]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-03-20 595480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]
R2 Mobizen plugin;Mobizen plugin;c:\program files (x86)\RSUPPORT\MobizenService\MobizenService.exe;c:\program files (x86)\RSUPPORT\MobizenService\MobizenService.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys;c:\windows\SYSNATIVE\drivers\anvsnddrv.sys [x]
R3 cpuz138;cpuz138;c:\users\Venki\AppData\Local\Temp\cpuz138\cpuz138_x64.sys;c:\users\Venki\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 Mac606;Mac606 Filter;c:\windows\system32\DRIVERS\Mac606a.sys;c:\windows\SYSNATIVE\DRIVERS\Mac606a.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 Origin Client Service;Origin Client Service;d:\program files (x86)\Origin\OriginClientService.exe;d:\program files (x86)\Origin\OriginClientService.exe [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va062;X6va062;c:\windows\SysWOW64\Drivers\X6va062;c:\windows\SysWOW64\Drivers\X6va062 [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
R4 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 nldrv;nldrv;c:\program files\Locktime Software\NetLimiter 4\nldrv.sys;c:\program files\Locktime Software\NetLimiter 4\nldrv.sys [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-05-18 18:33 1186968 ----a-w- c:\program files (x86)\Google\Chrome\Application\50.0.2661.102\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2016-05-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-06 09:24]
.
2016-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-06-06 19:03]
.
2016-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-06-06 19:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-16 12445288]
"StartCN"="c:\program files\AMD\CNext\CNext\cnext.exe" [2015-11-18 4859592]
"HP CP1020 System Tray"="c:\program files\HP\HP LaserJet Professional CP1020 Series\HPCP1020STRAY.EXE" [2012-11-28 3344384]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 172.16.0.5 172.16.10.1
FF - ProfilePath - c:\users\Venki\AppData\Roaming\Mozilla\Firefox\Profiles\j69a6g4m.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-Worms Armageddon - c:\sdilena\Worms Armageddon\Uninst.isu
AddRemove-{15134cb0-b767-4960-a911-f2d16ae54797} - c:\programdata\Package Cache\{15134cb0-b767-4960-a911-f2d16ae54797}\vcredist_x64.exe
AddRemove-{1a63c099-febd-4eaf-83ad-a82ea4fdac49} - c:\programdata\Package Cache\{1a63c099-febd-4eaf-83ad-a82ea4fdac49}\vcredist_x64.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{8409c4f7-2340-4933-a304-5d37db4fb48b} - c:\programdata\Package Cache\{8409c4f7-2340-4933-a304-5d37db4fb48b}\Intel® Driver Update Utility Installer.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
AddRemove-{a2199617-3609-410f-a8e8-e8806c73545b} - c:\programdata\Package Cache\{a2199617-3609-410f-a8e8-e8806c73545b}\vcredist_x64.exe
AddRemove-{b55f7208-e02b-4828-ac78-59c73ddf5bc7} - c:\programdata\Package Cache\{b55f7208-e02b-4828-ac78-59c73ddf5bc7}\vcredist_x86.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{f0080ca2-80ae-4958-b6eb-e8fa916d744a} - c:\programdata\Package Cache\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}\vcredist_x86.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va062]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va062"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe
c:\program files (x86)\WhatPulse2\whatpulse-watchdog.exe
.
**************************************************************************
.
Celkový čas: 2016-05-18 21:33:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-05-18 19:33
.
Před spuštěním: Volných bajtů: 92 230 037 504
Po spuštění: Volných bajtů: 92 310 695 936
.
- - End Of File - - 8BF101FE74202ABB623ED3580694F3BE
A36C5E4F47E84449FF07ED3517B43A31
-
jerabina
- člen Security týmu
-
Level 6
- Příspěvky: 3647
- Registrován: březen 13
- Bydliště: Litoměřice
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu - mírné zpomalení, poruchy obrazu
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť:
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
Stáhni si z některého odkazu SystemLook
SystemLook (32-bit)
http://jpshortstuff.247fixes.com/SystemLook.exe
SystemLook (64-bit)
http://jpshortstuff.247fixes.com/SystemLook_x64.exe
a ulož si ho na plochu.
Poklepej na stažený SystemLook , zkopíruj do hlavního text. okna tento následující text:
Klikni na Look ke startu skenu. Když program skončí objeví se v poznámkovém bloku zpráva skenu. Zkopíruj sem celý jeho obsah. Log se také nachází na ploše pod názvem SystemLook.txt.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Kód: Vybrat vše
ClearJavaCache::
KillAll::
Folder::
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Google\Update
File::
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
Driver::
SkypeUpdate
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner"=-
"CCleaner Monitoring"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
DDS::
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
FF - prefs.js: browser.startup.homepage - about:home
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť:
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
Stáhni si z některého odkazu SystemLook
SystemLook (32-bit)
http://jpshortstuff.247fixes.com/SystemLook.exe
SystemLook (64-bit)
http://jpshortstuff.247fixes.com/SystemLook_x64.exe
a ulož si ho na plochu.
Poklepej na stažený SystemLook , zkopíruj do hlavního text. okna tento následující text:
Kód: Vybrat vše
:filefind
*X6va062*
:folderfind
*X6va062*
:regfind
*X6va062*Klikni na Look ke startu skenu. Když program skončí objeví se v poznámkovém bloku zpráva skenu. Zkopíruj sem celý jeho obsah. Log se také nachází na ploše pod názvem SystemLook.txt.
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
-
GeneralVenki
- nováček
- Příspěvky: 28
- Registrován: srpen 14
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu - mírné zpomalení, poruchy obrazu
Combofix:
ComboFix 16-05-18.01 - Venki 18.05.2016 22:19:07.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.8140.5269 [GMT 2:00]
Spuštěný z: c:\users\Venki\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Venki\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Update
c:\program files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
c:\program files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
c:\program files (x86)\Google\Update\1.3.30.3\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.30.3\GoogleUpdateBroker.exe
c:\program files (x86)\Google\Update\1.3.30.3\GoogleUpdateComRegisterShell64.exe
c:\program files (x86)\Google\Update\1.3.30.3\GoogleUpdateHelper.msi
c:\program files (x86)\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe
c:\program files (x86)\Google\Update\1.3.30.3\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\1.3.30.3\GoogleUpdateWebPlugin.exe
c:\program files (x86)\Google\Update\1.3.30.3\goopdate.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_am.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_ar.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_bg.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_bn.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_ca.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_cs.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_da.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_de.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_el.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_en-GB.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_en.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_es-419.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_es.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_et.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_fa.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_fi.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_fil.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_fr.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_gu.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_hi.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_hr.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_hu.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_id.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_is.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_it.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_iw.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_ja.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_kn.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_ko.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_lt.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_lv.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_ml.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_mr.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_ms.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_nl.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_no.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_pl.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_pt-BR.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_pt-PT.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_ro.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_ru.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_sk.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_sl.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_sr.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_sv.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_sw.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_ta.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_te.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_th.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_tr.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_uk.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_ur.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_vi.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_zh-CN.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_zh-TW.dll
c:\program files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll
c:\program files (x86)\Google\Update\1.3.30.3\psmachine.dll
c:\program files (x86)\Google\Update\1.3.30.3\psmachine_64.dll
c:\program files (x86)\Google\Update\1.3.30.3\psuser.dll
c:\program files (x86)\Google\Update\1.3.30.3\psuser_64.dll
c:\program files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.30.3\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\50.0.2661.102\50.0.2661.102_50.0.2661.94_chrome_updater.exe
c:\program files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\50.0.2661.102\50.0.2661.102_chrome_installer.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Google\Update\Install\{4F8CC44F-6DE4-433D-BEE6-CE2A1A6095C0}\50.0.2661.102_chrome_installer.exe
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Skype\Updater\Updater.dll
c:\program files (x86)\Skype\Updater\Updater.exe
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-04-18 do 2016-05-18 )))))))))))))))))))))))))))))))
.
.
2016-05-18 20:21 . 2016-05-18 20:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-05-18 19:27 . 2016-05-18 19:27 -------- d-----w- c:\program files (x86)\Skillbrains
2016-05-18 19:16 . 2016-05-18 19:16 -------- d-----w- c:\users\Venki\AppData\Local\CrashRpt
2016-05-18 19:15 . 2016-05-18 19:04 24064 ----a-w- c:\windows\zoek-delete.exe
2016-05-18 19:15 . 2016-05-18 20:22 -------- d-----w- c:\users\Venki\AppData\Local\Temp
2016-05-18 19:04 . 2016-05-18 19:14 -------- d-----w- C:\zoek_backup
2016-05-18 15:21 . 2016-05-18 15:21 -------- d-----w- c:\users\Venki\AppData\Local\ATI
2016-05-18 15:19 . 2016-05-18 15:19 -------- d-----w- c:\users\Venki\AppData\Local\Downloaded Installations
2016-05-18 14:58 . 2016-05-18 14:58 -------- d-----w- c:\users\Venki\AppData\Local\CEF
2016-05-18 14:41 . 2016-05-18 14:41 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-05-18 14:40 . 2016-03-10 12:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-05-18 14:40 . 2016-03-10 12:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-05-18 14:40 . 2016-03-10 12:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-05-18 14:40 . 2016-05-18 14:41 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-05-18 14:38 . 2016-05-18 19:32 -------- d-----w- c:\users\Venki\AppData\Local\CrashDumps
2016-05-18 14:38 . 2016-05-18 16:20 -------- d-----w- c:\users\Venki\AppData\Local\AMD
2016-05-18 14:38 . 2016-05-18 14:38 -------- d-----w- c:\users\Venki\AppData\Local\Apps
2016-05-17 19:49 . 2016-05-17 19:49 -------- d-----w- c:\users\Venki\AppData\Local\SLAM
2016-05-17 16:20 . 2016-05-17 16:20 -------- d-----w- c:\program files (x86)\Geeks3D
2016-05-17 15:45 . 2016-05-17 15:45 -------- d-----w- c:\program files (x86)\VulkanRT
2016-05-17 13:18 . 2016-05-17 13:18 -------- d-----w- c:\programdata\ATI
2016-05-01 18:39 . 2016-05-01 18:39 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{126FEB66-925E-478F-9DEE-DB2EAD5910D6}\offreg.4968.dll
2016-05-01 09:08 . 2016-05-01 09:08 -------- d-----w- c:\users\Venki\aTubeCatcher
2016-04-28 12:32 . 2016-04-28 12:32 -------- d-----w- c:\program files\mmpicker
2016-04-24 07:58 . 2016-04-24 07:58 -------- d-----w- c:\users\Venki\AppData\Roaming\Microsoft Games
2016-04-23 09:08 . 2016-04-23 09:11 -------- d-----w- C:\SDILENA
2016-04-19 15:27 . 2016-04-19 15:27 -------- d-----w- c:\program files (x86)\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-05-18 19:19 . 2014-08-09 17:04 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-05-09 12:59 . 2014-09-14 15:17 348360 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2016-05-09 12:59 . 2014-09-14 15:17 348360 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2016-05-09 12:59 . 2014-09-14 15:17 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2016-03-24 18:57 . 2016-03-24 18:57 110144 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-64.dll
2016-03-24 18:57 . 2014-12-23 11:52 110144 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2016-03-24 18:56 . 2016-03-10 17:43 97856 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WhatPulse"="c:\program files (x86)\WhatPulse2\whatpulse.exe" [2016-02-25 3942400]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2016-03-01 50670720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Lightshot"="c:\program files (x86)\Skillbrains\lightshot\Lightshot.exe" [2014-10-16 226560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]
R2 Mobizen plugin;Mobizen plugin;c:\program files (x86)\RSUPPORT\MobizenService\MobizenService.exe;c:\program files (x86)\RSUPPORT\MobizenService\MobizenService.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys;c:\windows\SYSNATIVE\drivers\anvsnddrv.sys [x]
R3 cpuz138;cpuz138;c:\users\Venki\AppData\Local\Temp\cpuz138\cpuz138_x64.sys;c:\users\Venki\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 Mac606;Mac606 Filter;c:\windows\system32\DRIVERS\Mac606a.sys;c:\windows\SYSNATIVE\DRIVERS\Mac606a.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 Origin Client Service;Origin Client Service;d:\program files (x86)\Origin\OriginClientService.exe;d:\program files (x86)\Origin\OriginClientService.exe [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va062;X6va062;c:\windows\SysWOW64\Drivers\X6va062;c:\windows\SysWOW64\Drivers\X6va062 [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
R4 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 nldrv;nldrv;c:\program files\Locktime Software\NetLimiter 4\nldrv.sys;c:\program files\Locktime Software\NetLimiter 4\nldrv.sys [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-05-18 18:33 1186968 ----a-w- c:\program files (x86)\Google\Chrome\Application\50.0.2661.102\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-16 12445288]
"StartCN"="c:\program files\AMD\CNext\CNext\cnext.exe" [2015-11-18 4859592]
"HP CP1020 System Tray"="c:\program files\HP\HP LaserJet Professional CP1020 Series\HPCP1020STRAY.EXE" [2012-11-28 3344384]
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 172.16.0.5 172.16.10.1
FF - ProfilePath - c:\users\Venki\AppData\Roaming\Mozilla\Firefox\Profiles\j69a6g4m.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-Worms Armageddon - c:\sdilena\Worms Armageddon\Uninst.isu
AddRemove-{15134cb0-b767-4960-a911-f2d16ae54797} - c:\programdata\Package Cache\{15134cb0-b767-4960-a911-f2d16ae54797}\vcredist_x64.exe
AddRemove-{1a63c099-febd-4eaf-83ad-a82ea4fdac49} - c:\programdata\Package Cache\{1a63c099-febd-4eaf-83ad-a82ea4fdac49}\vcredist_x64.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{8409c4f7-2340-4933-a304-5d37db4fb48b} - c:\programdata\Package Cache\{8409c4f7-2340-4933-a304-5d37db4fb48b}\Intel® Driver Update Utility Installer.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
AddRemove-{a2199617-3609-410f-a8e8-e8806c73545b} - c:\programdata\Package Cache\{a2199617-3609-410f-a8e8-e8806c73545b}\vcredist_x64.exe
AddRemove-{b55f7208-e02b-4828-ac78-59c73ddf5bc7} - c:\programdata\Package Cache\{b55f7208-e02b-4828-ac78-59c73ddf5bc7}\vcredist_x86.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{f0080ca2-80ae-4958-b6eb-e8fa916d744a} - c:\programdata\Package Cache\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}\vcredist_x86.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va062]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va062"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe
c:\program files (x86)\WhatPulse2\whatpulse-watchdog.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Celkový čas: 2016-05-18 22:23:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-05-18 20:23
ComboFix2.txt 2016-05-18 19:33
.
Před spuštěním: Volných bajtů: 92 066 467 840
Po spuštění: Volných bajtů: 91 532 562 432
.
- - End Of File - - C339E6CC9465AB3959484FE8385ED897
A36C5E4F47E84449FF07ED3517B43A31
ComboFix 16-05-18.01 - Venki 18.05.2016 22:19:07.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.8140.5269 [GMT 2:00]
Spuštěný z: c:\users\Venki\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Venki\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Update
c:\program files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
c:\program files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
c:\program files (x86)\Google\Update\1.3.30.3\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.30.3\GoogleUpdateBroker.exe
c:\program files (x86)\Google\Update\1.3.30.3\GoogleUpdateComRegisterShell64.exe
c:\program files (x86)\Google\Update\1.3.30.3\GoogleUpdateHelper.msi
c:\program files (x86)\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe
c:\program files (x86)\Google\Update\1.3.30.3\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\1.3.30.3\GoogleUpdateWebPlugin.exe
c:\program files (x86)\Google\Update\1.3.30.3\goopdate.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_am.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_ar.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_bg.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_bn.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_ca.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_cs.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_da.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_de.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_el.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_en-GB.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_en.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_es-419.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_es.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_et.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_fa.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_fi.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_fil.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_fr.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_gu.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_hi.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_hr.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_hu.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_id.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_is.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_it.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_iw.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_ja.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_kn.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_ko.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_lt.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_lv.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_ml.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_mr.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_ms.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_nl.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_no.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_pl.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_pt-BR.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_pt-PT.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_ro.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_ru.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_sk.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_sl.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_sr.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_sv.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_sw.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_ta.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_te.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_th.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_tr.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_uk.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_ur.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_vi.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_zh-CN.dll
c:\program files (x86)\Google\Update\1.3.30.3\goopdateres_zh-TW.dll
c:\program files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll
c:\program files (x86)\Google\Update\1.3.30.3\psmachine.dll
c:\program files (x86)\Google\Update\1.3.30.3\psmachine_64.dll
c:\program files (x86)\Google\Update\1.3.30.3\psuser.dll
c:\program files (x86)\Google\Update\1.3.30.3\psuser_64.dll
c:\program files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.30.3\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\50.0.2661.102\50.0.2661.102_50.0.2661.94_chrome_updater.exe
c:\program files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\50.0.2661.102\50.0.2661.102_chrome_installer.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Google\Update\Install\{4F8CC44F-6DE4-433D-BEE6-CE2A1A6095C0}\50.0.2661.102_chrome_installer.exe
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Skype\Updater\Updater.dll
c:\program files (x86)\Skype\Updater\Updater.exe
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-04-18 do 2016-05-18 )))))))))))))))))))))))))))))))
.
.
2016-05-18 20:21 . 2016-05-18 20:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-05-18 19:27 . 2016-05-18 19:27 -------- d-----w- c:\program files (x86)\Skillbrains
2016-05-18 19:16 . 2016-05-18 19:16 -------- d-----w- c:\users\Venki\AppData\Local\CrashRpt
2016-05-18 19:15 . 2016-05-18 19:04 24064 ----a-w- c:\windows\zoek-delete.exe
2016-05-18 19:15 . 2016-05-18 20:22 -------- d-----w- c:\users\Venki\AppData\Local\Temp
2016-05-18 19:04 . 2016-05-18 19:14 -------- d-----w- C:\zoek_backup
2016-05-18 15:21 . 2016-05-18 15:21 -------- d-----w- c:\users\Venki\AppData\Local\ATI
2016-05-18 15:19 . 2016-05-18 15:19 -------- d-----w- c:\users\Venki\AppData\Local\Downloaded Installations
2016-05-18 14:58 . 2016-05-18 14:58 -------- d-----w- c:\users\Venki\AppData\Local\CEF
2016-05-18 14:41 . 2016-05-18 14:41 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-05-18 14:40 . 2016-03-10 12:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-05-18 14:40 . 2016-03-10 12:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-05-18 14:40 . 2016-03-10 12:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-05-18 14:40 . 2016-05-18 14:41 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-05-18 14:38 . 2016-05-18 19:32 -------- d-----w- c:\users\Venki\AppData\Local\CrashDumps
2016-05-18 14:38 . 2016-05-18 16:20 -------- d-----w- c:\users\Venki\AppData\Local\AMD
2016-05-18 14:38 . 2016-05-18 14:38 -------- d-----w- c:\users\Venki\AppData\Local\Apps
2016-05-17 19:49 . 2016-05-17 19:49 -------- d-----w- c:\users\Venki\AppData\Local\SLAM
2016-05-17 16:20 . 2016-05-17 16:20 -------- d-----w- c:\program files (x86)\Geeks3D
2016-05-17 15:45 . 2016-05-17 15:45 -------- d-----w- c:\program files (x86)\VulkanRT
2016-05-17 13:18 . 2016-05-17 13:18 -------- d-----w- c:\programdata\ATI
2016-05-01 18:39 . 2016-05-01 18:39 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{126FEB66-925E-478F-9DEE-DB2EAD5910D6}\offreg.4968.dll
2016-05-01 09:08 . 2016-05-01 09:08 -------- d-----w- c:\users\Venki\aTubeCatcher
2016-04-28 12:32 . 2016-04-28 12:32 -------- d-----w- c:\program files\mmpicker
2016-04-24 07:58 . 2016-04-24 07:58 -------- d-----w- c:\users\Venki\AppData\Roaming\Microsoft Games
2016-04-23 09:08 . 2016-04-23 09:11 -------- d-----w- C:\SDILENA
2016-04-19 15:27 . 2016-04-19 15:27 -------- d-----w- c:\program files (x86)\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-05-18 19:19 . 2014-08-09 17:04 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-05-09 12:59 . 2014-09-14 15:17 348360 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2016-05-09 12:59 . 2014-09-14 15:17 348360 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2016-05-09 12:59 . 2014-09-14 15:17 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2016-03-24 18:57 . 2016-03-24 18:57 110144 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-64.dll
2016-03-24 18:57 . 2014-12-23 11:52 110144 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2016-03-24 18:56 . 2016-03-10 17:43 97856 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WhatPulse"="c:\program files (x86)\WhatPulse2\whatpulse.exe" [2016-02-25 3942400]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2016-03-01 50670720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Lightshot"="c:\program files (x86)\Skillbrains\lightshot\Lightshot.exe" [2014-10-16 226560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]
R2 Mobizen plugin;Mobizen plugin;c:\program files (x86)\RSUPPORT\MobizenService\MobizenService.exe;c:\program files (x86)\RSUPPORT\MobizenService\MobizenService.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys;c:\windows\SYSNATIVE\drivers\anvsnddrv.sys [x]
R3 cpuz138;cpuz138;c:\users\Venki\AppData\Local\Temp\cpuz138\cpuz138_x64.sys;c:\users\Venki\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 Mac606;Mac606 Filter;c:\windows\system32\DRIVERS\Mac606a.sys;c:\windows\SYSNATIVE\DRIVERS\Mac606a.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 Origin Client Service;Origin Client Service;d:\program files (x86)\Origin\OriginClientService.exe;d:\program files (x86)\Origin\OriginClientService.exe [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va062;X6va062;c:\windows\SysWOW64\Drivers\X6va062;c:\windows\SysWOW64\Drivers\X6va062 [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
R4 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 nldrv;nldrv;c:\program files\Locktime Software\NetLimiter 4\nldrv.sys;c:\program files\Locktime Software\NetLimiter 4\nldrv.sys [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-05-18 18:33 1186968 ----a-w- c:\program files (x86)\Google\Chrome\Application\50.0.2661.102\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-16 12445288]
"StartCN"="c:\program files\AMD\CNext\CNext\cnext.exe" [2015-11-18 4859592]
"HP CP1020 System Tray"="c:\program files\HP\HP LaserJet Professional CP1020 Series\HPCP1020STRAY.EXE" [2012-11-28 3344384]
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 172.16.0.5 172.16.10.1
FF - ProfilePath - c:\users\Venki\AppData\Roaming\Mozilla\Firefox\Profiles\j69a6g4m.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-Worms Armageddon - c:\sdilena\Worms Armageddon\Uninst.isu
AddRemove-{15134cb0-b767-4960-a911-f2d16ae54797} - c:\programdata\Package Cache\{15134cb0-b767-4960-a911-f2d16ae54797}\vcredist_x64.exe
AddRemove-{1a63c099-febd-4eaf-83ad-a82ea4fdac49} - c:\programdata\Package Cache\{1a63c099-febd-4eaf-83ad-a82ea4fdac49}\vcredist_x64.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{8409c4f7-2340-4933-a304-5d37db4fb48b} - c:\programdata\Package Cache\{8409c4f7-2340-4933-a304-5d37db4fb48b}\Intel® Driver Update Utility Installer.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
AddRemove-{a2199617-3609-410f-a8e8-e8806c73545b} - c:\programdata\Package Cache\{a2199617-3609-410f-a8e8-e8806c73545b}\vcredist_x64.exe
AddRemove-{b55f7208-e02b-4828-ac78-59c73ddf5bc7} - c:\programdata\Package Cache\{b55f7208-e02b-4828-ac78-59c73ddf5bc7}\vcredist_x86.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{f0080ca2-80ae-4958-b6eb-e8fa916d744a} - c:\programdata\Package Cache\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}\vcredist_x86.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va062]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va062"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe
c:\program files (x86)\WhatPulse2\whatpulse-watchdog.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Celkový čas: 2016-05-18 22:23:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-05-18 20:23
ComboFix2.txt 2016-05-18 19:33
.
Před spuštěním: Volných bajtů: 92 066 467 840
Po spuštění: Volných bajtů: 91 532 562 432
.
- - End Of File - - C339E6CC9465AB3959484FE8385ED897
A36C5E4F47E84449FF07ED3517B43A31
-
GeneralVenki
- nováček
- Příspěvky: 28
- Registrován: srpen 14
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu - mírné zpomalení, poruchy obrazu
Systemlook nic nenašel
SystemLook 30.07.11 by jpshortstuff
Log created at 22:30 on 18/05/2016 by Venki
Administrator - Elevation successful
========== filefind ==========
Searching for "*X6va062*"
No files found.
========== folderfind ==========
Searching for "*X6va062*"
No folders found.
========== regfind ==========
Searching for "*X6va062*"
No data found.
-= EOF =-
SystemLook 30.07.11 by jpshortstuff
Log created at 22:30 on 18/05/2016 by Venki
Administrator - Elevation successful
========== filefind ==========
Searching for "*X6va062*"
No files found.
========== folderfind ==========
Searching for "*X6va062*"
No folders found.
========== regfind ==========
Searching for "*X6va062*"
No data found.
-= EOF =-
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43291
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Online
Re: Prosím o kontrolu logu - mírné zpomalení, poruchy obrazu
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Kód: Vybrat vše
KillAll::
File::
c:\windows\system32\GameMon.des
c:\windows\SysWOW64\Drivers\X6va062
Driver::
npggsvc
X6va062
Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va062]Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
GeneralVenki
- nováček
- Příspěvky: 28
- Registrován: srpen 14
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu - mírné zpomalení, poruchy obrazu
Combofix:
ComboFix 16-05-18.01 - Venki 19.05.2016 13:13:00.4.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.8140.4786 [GMT 2:00]
Spuštěný z: c:\users\Venki\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Venki\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\GameMon.des"
"c:\windows\SysWOW64\Drivers\X6va062"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_X6VA062
-------\Service_npggsvc
-------\Service_X6va062
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-04-19 do 2016-05-19 )))))))))))))))))))))))))))))))
.
.
2016-05-19 11:15 . 2016-05-19 11:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-05-18 19:27 . 2016-05-18 19:27 -------- d-----w- c:\program files (x86)\Skillbrains
2016-05-18 19:16 . 2016-05-18 19:16 -------- d-----w- c:\users\Venki\AppData\Local\CrashRpt
2016-05-18 19:15 . 2016-05-18 19:04 24064 ----a-w- c:\windows\zoek-delete.exe
2016-05-18 19:15 . 2016-05-19 11:15 -------- d-----w- c:\users\Venki\AppData\Local\Temp
2016-05-18 19:04 . 2016-05-18 19:14 -------- d-----w- C:\zoek_backup
2016-05-18 15:21 . 2016-05-18 15:21 -------- d-----w- c:\users\Venki\AppData\Local\ATI
2016-05-18 15:19 . 2016-05-18 15:19 -------- d-----w- c:\users\Venki\AppData\Local\Downloaded Installations
2016-05-18 14:58 . 2016-05-18 14:58 -------- d-----w- c:\users\Venki\AppData\Local\CEF
2016-05-18 14:41 . 2016-05-18 14:41 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-05-18 14:40 . 2016-03-10 12:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-05-18 14:40 . 2016-03-10 12:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-05-18 14:40 . 2016-03-10 12:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-05-18 14:40 . 2016-05-18 14:41 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-05-18 14:38 . 2016-05-19 11:15 -------- d-----w- c:\users\Venki\AppData\Local\CrashDumps
2016-05-18 14:38 . 2016-05-18 16:20 -------- d-----w- c:\users\Venki\AppData\Local\AMD
2016-05-18 14:38 . 2016-05-18 14:38 -------- d-----w- c:\users\Venki\AppData\Local\Apps
2016-05-17 19:49 . 2016-05-17 19:49 -------- d-----w- c:\users\Venki\AppData\Local\SLAM
2016-05-17 16:20 . 2016-05-17 16:20 -------- d-----w- c:\program files (x86)\Geeks3D
2016-05-17 15:45 . 2016-05-17 15:45 -------- d-----w- c:\program files (x86)\VulkanRT
2016-05-17 13:18 . 2016-05-17 13:18 -------- d-----w- c:\programdata\ATI
2016-05-01 18:39 . 2016-05-01 18:39 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{126FEB66-925E-478F-9DEE-DB2EAD5910D6}\offreg.4968.dll
2016-05-01 09:08 . 2016-05-01 09:08 -------- d-----w- c:\users\Venki\aTubeCatcher
2016-04-28 12:32 . 2016-04-28 12:32 -------- d-----w- c:\program files\mmpicker
2016-04-24 07:58 . 2016-04-24 07:58 -------- d-----w- c:\users\Venki\AppData\Roaming\Microsoft Games
2016-04-23 09:08 . 2016-04-23 09:11 -------- d-----w- C:\SDILENA
2016-04-19 15:27 . 2016-04-19 15:27 -------- d-----w- c:\program files (x86)\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-05-18 19:19 . 2014-08-09 17:04 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-05-09 12:59 . 2014-09-14 15:17 348360 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2016-05-09 12:59 . 2014-09-14 15:17 348360 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2016-05-09 12:59 . 2014-09-14 15:17 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2016-03-24 18:57 . 2016-03-24 18:57 110144 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-64.dll
2016-03-24 18:57 . 2014-12-23 11:52 110144 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2016-03-24 18:56 . 2016-03-10 17:43 97856 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WhatPulse"="c:\program files (x86)\WhatPulse2\whatpulse.exe" [2016-02-25 3942400]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2016-03-01 50670720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Lightshot"="c:\program files (x86)\Skillbrains\lightshot\Lightshot.exe" [2014-10-16 226560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]
R2 Mobizen plugin;Mobizen plugin;c:\program files (x86)\RSUPPORT\MobizenService\MobizenService.exe;c:\program files (x86)\RSUPPORT\MobizenService\MobizenService.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys;c:\windows\SYSNATIVE\drivers\anvsnddrv.sys [x]
R3 cpuz138;cpuz138;c:\users\Venki\AppData\Local\Temp\cpuz138\cpuz138_x64.sys;c:\users\Venki\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 Mac606;Mac606 Filter;c:\windows\system32\DRIVERS\Mac606a.sys;c:\windows\SYSNATIVE\DRIVERS\Mac606a.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
R3 Origin Client Service;Origin Client Service;d:\program files (x86)\Origin\OriginClientService.exe;d:\program files (x86)\Origin\OriginClientService.exe [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
R4 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 nldrv;nldrv;c:\program files\Locktime Software\NetLimiter 4\nldrv.sys;c:\program files\Locktime Software\NetLimiter 4\nldrv.sys [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-05-18 18:33 1186968 ----a-w- c:\program files (x86)\Google\Chrome\Application\50.0.2661.102\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-16 12445288]
"StartCN"="c:\program files\AMD\CNext\CNext\cnext.exe" [2015-11-18 4859592]
"HP CP1020 System Tray"="c:\program files\HP\HP LaserJet Professional CP1020 Series\HPCP1020STRAY.EXE" [2012-11-28 3344384]
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 172.16.0.5 172.16.10.1
FF - ProfilePath - c:\users\Venki\AppData\Roaming\Mozilla\Firefox\Profiles\j69a6g4m.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-Worms Armageddon - c:\sdilena\Worms Armageddon\Uninst.isu
AddRemove-{15134cb0-b767-4960-a911-f2d16ae54797} - c:\programdata\Package Cache\{15134cb0-b767-4960-a911-f2d16ae54797}\vcredist_x64.exe
AddRemove-{1a63c099-febd-4eaf-83ad-a82ea4fdac49} - c:\programdata\Package Cache\{1a63c099-febd-4eaf-83ad-a82ea4fdac49}\vcredist_x64.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{8409c4f7-2340-4933-a304-5d37db4fb48b} - c:\programdata\Package Cache\{8409c4f7-2340-4933-a304-5d37db4fb48b}\Intel® Driver Update Utility Installer.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
AddRemove-{a2199617-3609-410f-a8e8-e8806c73545b} - c:\programdata\Package Cache\{a2199617-3609-410f-a8e8-e8806c73545b}\vcredist_x64.exe
AddRemove-{b55f7208-e02b-4828-ac78-59c73ddf5bc7} - c:\programdata\Package Cache\{b55f7208-e02b-4828-ac78-59c73ddf5bc7}\vcredist_x86.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{f0080ca2-80ae-4958-b6eb-e8fa916d744a} - c:\programdata\Package Cache\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}\vcredist_x86.exe
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe
c:\program files (x86)\WhatPulse2\whatpulse-watchdog.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Celkový čas: 2016-05-19 13:17:07 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-05-19 11:17
ComboFix2.txt 2016-05-18 20:23
ComboFix3.txt 2016-05-18 19:33
.
Před spuštěním: Volných bajtů: 91 662 991 360
Po spuštění: Volných bajtů: 91 516 325 888
.
- - End Of File - - D4174EB2AE35FBA4FCB024F22F44751C
A36C5E4F47E84449FF07ED3517B43A31
ComboFix 16-05-18.01 - Venki 19.05.2016 13:13:00.4.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.8140.4786 [GMT 2:00]
Spuštěný z: c:\users\Venki\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Venki\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\GameMon.des"
"c:\windows\SysWOW64\Drivers\X6va062"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_X6VA062
-------\Service_npggsvc
-------\Service_X6va062
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-04-19 do 2016-05-19 )))))))))))))))))))))))))))))))
.
.
2016-05-19 11:15 . 2016-05-19 11:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-05-18 19:27 . 2016-05-18 19:27 -------- d-----w- c:\program files (x86)\Skillbrains
2016-05-18 19:16 . 2016-05-18 19:16 -------- d-----w- c:\users\Venki\AppData\Local\CrashRpt
2016-05-18 19:15 . 2016-05-18 19:04 24064 ----a-w- c:\windows\zoek-delete.exe
2016-05-18 19:15 . 2016-05-19 11:15 -------- d-----w- c:\users\Venki\AppData\Local\Temp
2016-05-18 19:04 . 2016-05-18 19:14 -------- d-----w- C:\zoek_backup
2016-05-18 15:21 . 2016-05-18 15:21 -------- d-----w- c:\users\Venki\AppData\Local\ATI
2016-05-18 15:19 . 2016-05-18 15:19 -------- d-----w- c:\users\Venki\AppData\Local\Downloaded Installations
2016-05-18 14:58 . 2016-05-18 14:58 -------- d-----w- c:\users\Venki\AppData\Local\CEF
2016-05-18 14:41 . 2016-05-18 14:41 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-05-18 14:40 . 2016-03-10 12:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-05-18 14:40 . 2016-03-10 12:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-05-18 14:40 . 2016-03-10 12:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-05-18 14:40 . 2016-05-18 14:41 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-05-18 14:38 . 2016-05-19 11:15 -------- d-----w- c:\users\Venki\AppData\Local\CrashDumps
2016-05-18 14:38 . 2016-05-18 16:20 -------- d-----w- c:\users\Venki\AppData\Local\AMD
2016-05-18 14:38 . 2016-05-18 14:38 -------- d-----w- c:\users\Venki\AppData\Local\Apps
2016-05-17 19:49 . 2016-05-17 19:49 -------- d-----w- c:\users\Venki\AppData\Local\SLAM
2016-05-17 16:20 . 2016-05-17 16:20 -------- d-----w- c:\program files (x86)\Geeks3D
2016-05-17 15:45 . 2016-05-17 15:45 -------- d-----w- c:\program files (x86)\VulkanRT
2016-05-17 13:18 . 2016-05-17 13:18 -------- d-----w- c:\programdata\ATI
2016-05-01 18:39 . 2016-05-01 18:39 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{126FEB66-925E-478F-9DEE-DB2EAD5910D6}\offreg.4968.dll
2016-05-01 09:08 . 2016-05-01 09:08 -------- d-----w- c:\users\Venki\aTubeCatcher
2016-04-28 12:32 . 2016-04-28 12:32 -------- d-----w- c:\program files\mmpicker
2016-04-24 07:58 . 2016-04-24 07:58 -------- d-----w- c:\users\Venki\AppData\Roaming\Microsoft Games
2016-04-23 09:08 . 2016-04-23 09:11 -------- d-----w- C:\SDILENA
2016-04-19 15:27 . 2016-04-19 15:27 -------- d-----w- c:\program files (x86)\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-05-18 19:19 . 2014-08-09 17:04 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-05-09 12:59 . 2014-09-14 15:17 348360 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2016-05-09 12:59 . 2014-09-14 15:17 348360 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2016-05-09 12:59 . 2014-09-14 15:17 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2016-03-24 18:57 . 2016-03-24 18:57 110144 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-64.dll
2016-03-24 18:57 . 2014-12-23 11:52 110144 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2016-03-24 18:56 . 2016-03-10 17:43 97856 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WhatPulse"="c:\program files (x86)\WhatPulse2\whatpulse.exe" [2016-02-25 3942400]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2016-03-01 50670720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Lightshot"="c:\program files (x86)\Skillbrains\lightshot\Lightshot.exe" [2014-10-16 226560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]
R2 Mobizen plugin;Mobizen plugin;c:\program files (x86)\RSUPPORT\MobizenService\MobizenService.exe;c:\program files (x86)\RSUPPORT\MobizenService\MobizenService.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys;c:\windows\SYSNATIVE\drivers\anvsnddrv.sys [x]
R3 cpuz138;cpuz138;c:\users\Venki\AppData\Local\Temp\cpuz138\cpuz138_x64.sys;c:\users\Venki\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 Mac606;Mac606 Filter;c:\windows\system32\DRIVERS\Mac606a.sys;c:\windows\SYSNATIVE\DRIVERS\Mac606a.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
R3 Origin Client Service;Origin Client Service;d:\program files (x86)\Origin\OriginClientService.exe;d:\program files (x86)\Origin\OriginClientService.exe [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
R4 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 nldrv;nldrv;c:\program files\Locktime Software\NetLimiter 4\nldrv.sys;c:\program files\Locktime Software\NetLimiter 4\nldrv.sys [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-05-18 18:33 1186968 ----a-w- c:\program files (x86)\Google\Chrome\Application\50.0.2661.102\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-16 12445288]
"StartCN"="c:\program files\AMD\CNext\CNext\cnext.exe" [2015-11-18 4859592]
"HP CP1020 System Tray"="c:\program files\HP\HP LaserJet Professional CP1020 Series\HPCP1020STRAY.EXE" [2012-11-28 3344384]
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 172.16.0.5 172.16.10.1
FF - ProfilePath - c:\users\Venki\AppData\Roaming\Mozilla\Firefox\Profiles\j69a6g4m.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-Worms Armageddon - c:\sdilena\Worms Armageddon\Uninst.isu
AddRemove-{15134cb0-b767-4960-a911-f2d16ae54797} - c:\programdata\Package Cache\{15134cb0-b767-4960-a911-f2d16ae54797}\vcredist_x64.exe
AddRemove-{1a63c099-febd-4eaf-83ad-a82ea4fdac49} - c:\programdata\Package Cache\{1a63c099-febd-4eaf-83ad-a82ea4fdac49}\vcredist_x64.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{8409c4f7-2340-4933-a304-5d37db4fb48b} - c:\programdata\Package Cache\{8409c4f7-2340-4933-a304-5d37db4fb48b}\Intel® Driver Update Utility Installer.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
AddRemove-{a2199617-3609-410f-a8e8-e8806c73545b} - c:\programdata\Package Cache\{a2199617-3609-410f-a8e8-e8806c73545b}\vcredist_x64.exe
AddRemove-{b55f7208-e02b-4828-ac78-59c73ddf5bc7} - c:\programdata\Package Cache\{b55f7208-e02b-4828-ac78-59c73ddf5bc7}\vcredist_x86.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{f0080ca2-80ae-4958-b6eb-e8fa916d744a} - c:\programdata\Package Cache\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}\vcredist_x86.exe
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe
c:\program files (x86)\WhatPulse2\whatpulse-watchdog.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Celkový čas: 2016-05-19 13:17:07 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-05-19 11:17
ComboFix2.txt 2016-05-18 20:23
ComboFix3.txt 2016-05-18 19:33
.
Před spuštěním: Volných bajtů: 91 662 991 360
Po spuštění: Volných bajtů: 91 516 325 888
.
- - End Of File - - D4174EB2AE35FBA4FCB024F22F44751C
A36C5E4F47E84449FF07ED3517B43A31
-
GeneralVenki
- nováček
- Příspěvky: 28
- Registrován: srpen 14
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu - mírné zpomalení, poruchy obrazu
Nový log z HJT:
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 13:18:14, on 19.5.2016
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
FIREFOX: 35.0.1 (x86 cs)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\WhatPulse2\whatpulse.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe
C:\Program Files (x86)\WhatPulse2\whatpulse-watchdog.exe
C:\Users\Venki\Downloads\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
O4 - HKCU\..\Run: [WhatPulse] "C:\Program Files (x86)\WhatPulse2\whatpulse.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" (file missing)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: HP LaserJet Service - HP - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mobizen plugin - Unknown owner - C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenService.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - D:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 6810 bytes
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 13:18:14, on 19.5.2016
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
FIREFOX: 35.0.1 (x86 cs)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\WhatPulse2\whatpulse.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe
C:\Program Files (x86)\WhatPulse2\whatpulse-watchdog.exe
C:\Users\Venki\Downloads\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
O4 - HKCU\..\Run: [WhatPulse] "C:\Program Files (x86)\WhatPulse2\whatpulse.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" (file missing)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: HP LaserJet Service - HP - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mobizen plugin - Unknown owner - C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenService.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - D:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 6810 bytes
-
GeneralVenki
- nováček
- Příspěvky: 28
- Registrován: srpen 14
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu - mírné zpomalení, poruchy obrazu
aswMBR
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2016-05-19 13:19:26
-----------------------------
13:19:26.450 OS Version: Windows x64 6.1.7600
13:19:26.450 Number of processors: 4 586 0x3A09
13:19:26.450 ComputerName: VENKI-PC UserName: Venki
13:19:26.720 Initialize success
13:19:26.720 VM: initialized successfully
13:19:26.720 VM: Intel CPU BiosDisabled
13:19:40.190 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
13:19:40.190 Disk 0 Vendor: ST500DM002-1BD142 KC45 Size: 476940MB BusType: 3
13:19:40.190 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
13:19:40.190 Disk 1 Vendor: KINGSTON_SV300S37A240G 605ABBF2 Size: 228936MB BusType: 3
13:19:40.200 Disk 1 MBR read successfully
13:19:40.200 Disk 1 MBR scan
13:19:40.200 Disk 1 Windows 7 default MBR code
13:19:40.210 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 600 MB offset 2048
13:19:40.210 Disk 1 Boot: NTFS code=2
13:19:40.210 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 228333 MB offset 1230848
13:19:40.220 Disk 1 scanning C:\Windows\system32\drivers
13:19:41.190 Service scanning
13:19:43.350 Modules scanning
13:19:43.350 Disk 1 trace - called modules:
13:19:43.360 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
13:19:43.360 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800775d060]
13:19:43.360 3 CLASSPNP.SYS[fffff8800191b43f] -> nt!IofCallDriver -> [0xfffffa80072029b0]
13:19:43.360 5 ACPI.sys[fffff88000f16781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80073cd060]
13:19:43.370 Disk 1 statistics 94326/0/0 @ 133,50 MB/s
13:19:43.370 Scan finished successfully
13:19:47.760 Disk 1 MBR has been saved successfully to "C:\Users\Venki\Desktop\MBR.dat"
13:19:47.770 The log file has been saved successfully to "C:\Users\Venki\Desktop\aswMBR.txt"
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2016-05-19 13:19:26
-----------------------------
13:19:26.450 OS Version: Windows x64 6.1.7600
13:19:26.450 Number of processors: 4 586 0x3A09
13:19:26.450 ComputerName: VENKI-PC UserName: Venki
13:19:26.720 Initialize success
13:19:26.720 VM: initialized successfully
13:19:26.720 VM: Intel CPU BiosDisabled
13:19:40.190 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
13:19:40.190 Disk 0 Vendor: ST500DM002-1BD142 KC45 Size: 476940MB BusType: 3
13:19:40.190 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
13:19:40.190 Disk 1 Vendor: KINGSTON_SV300S37A240G 605ABBF2 Size: 228936MB BusType: 3
13:19:40.200 Disk 1 MBR read successfully
13:19:40.200 Disk 1 MBR scan
13:19:40.200 Disk 1 Windows 7 default MBR code
13:19:40.210 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 600 MB offset 2048
13:19:40.210 Disk 1 Boot: NTFS code=2
13:19:40.210 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 228333 MB offset 1230848
13:19:40.220 Disk 1 scanning C:\Windows\system32\drivers
13:19:41.190 Service scanning
13:19:43.350 Modules scanning
13:19:43.350 Disk 1 trace - called modules:
13:19:43.360 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
13:19:43.360 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800775d060]
13:19:43.360 3 CLASSPNP.SYS[fffff8800191b43f] -> nt!IofCallDriver -> [0xfffffa80072029b0]
13:19:43.360 5 ACPI.sys[fffff88000f16781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80073cd060]
13:19:43.370 Disk 1 statistics 94326/0/0 @ 133,50 MB/s
13:19:43.370 Scan finished successfully
13:19:47.760 Disk 1 MBR has been saved successfully to "C:\Users\Venki\Desktop\MBR.dat"
13:19:47.770 The log file has been saved successfully to "C:\Users\Venki\Desktop\aswMBR.txt"
-
Orcus
- člen Security týmu
-
Elite Level 10.5
- Příspěvky: 10645
- Registrován: duben 10
- Bydliště: Okolo rostou 3 růže =o)
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu - mírné zpomalení, poruchy obrazu
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
====================================================
Vyčisti systém CCleanerem
====================================================
Stáhni si zde DelFix
http://general-changelog-team.fr/fr/dow ... e/9-delfix
ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore) .
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci.
Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem. Jinak je zpráva zde: C: \ DelFix.txt
Co problémy?
Start-Spustit a zadej ComboFix /Uninstall
====================================================
Vyčisti systém CCleanerem
====================================================
Stáhni si zde DelFix
http://general-changelog-team.fr/fr/dow ... e/9-delfix
ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore) .
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci.
Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem. Jinak je zpráva zde: C: \ DelFix.txt
Co problémy?
Láska hřeje, ale uhlí je uhlí. 
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Kdo je online
Uživatelé prohlížející si toto fórum: jaro3 a 33 hostů