Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware.
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Pomalé PC
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119544
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalé PC
Dejte log ComboFix:
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
dulen.dulen
- Návštěvník
- Příspěvky: 56
- Registrován: 03 črc 2009 10:51
Re: Pomalé PC
davam jeste log z kombofixu:
ComboFix 14-07-29.01 - uzivatel 30.07.2014 17:51:34.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4078.2898 [GMT 2:00]
Spuštěný z: c:\users\uzivatel\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-06-28 do 2014-07-30 )))))))))))))))))))))))))))))))
.
.
2014-07-30 15:56 . 2014-07-30 15:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-29 11:25 . 2014-07-29 11:25 -------- d-----w- c:\programdata\Malwarebytes
2014-07-29 07:32 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-07-29 07:32 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4198F3B8-6094-4D4E-A161-5CAAAD7A39F7}\mpengine.dll
2014-07-29 07:32 . 2014-07-29 07:37 -------- d-----w- C:\AdwCleaner
2014-07-27 07:39 . 2014-07-29 15:58 -------- d-----w- c:\program files\trend micro
2014-07-09 19:38 . 2014-07-09 19:38 43152 ----a-w- c:\windows\avastSS.scr
2014-07-09 19:38 . 2014-07-09 19:38 448400 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2014-07-09 06:57 . 2014-06-03 10:02 1719296 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2014-07-09 06:57 . 2014-06-03 10:02 1389568 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2014-07-09 06:57 . 2014-06-03 10:02 1380864 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2014-07-09 06:57 . 2014-06-03 10:02 1354240 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 06:57 . 2014-06-03 09:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 06:57 . 2014-06-30 02:09 519168 ----a-w- c:\windows\system32\aepdu.dll
2014-07-09 06:57 . 2014-06-30 02:04 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-07-09 06:54 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-07-09 06:54 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-07-09 06:54 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-07-03 13:40 . 2014-07-03 18:40 -------- d-----w- c:\users\uzivatel\AppData\Roaming\QuickScan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-09 20:16 . 2012-06-19 07:16 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-07-09 19:39 . 2012-06-21 17:21 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-07-09 19:38 . 2014-05-04 10:01 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-07-09 19:38 . 2014-01-01 17:43 92008 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-07-09 19:38 . 2013-03-16 13:31 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-07-09 19:38 . 2013-03-16 13:31 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-07-09 19:38 . 2012-06-21 17:21 1041168 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-07-09 19:38 . 2012-06-21 17:21 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-07-09 19:38 . 2012-06-21 17:21 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-07-09 19:38 . 2012-06-21 17:21 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-07-09 19:38 . 2012-07-26 20:33 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-07-09 08:03 . 2012-06-29 16:01 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 08:03 . 2012-06-29 16:01 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-30 07:52 . 2014-07-09 06:56 247808 ----a-w- c:\windows\SysWow64\schannel.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\uzivatel\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\uzivatel\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\uzivatel\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21445248]
"HP Deskjet 4620 series (NET)"="c:\program files\HP\HP Deskjet 4620 series\Bin\ScanToPCActivationApp.exe" [2011-12-18 2548072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-01 80840]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-09 4086432]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
c:\users\uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Sledovat výstrahy inkoustu - HP Deskjet 4620 series (Síť).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 4620 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN28E2101Q05TN;CONNECTION=NW;MONITOR=1; [2009-7-14 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys;c:\windows\SYSNATIVE\DRIVERS\InputFilter_FlexDef2b.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 usbrndis6;Adaptér USB RNDIS6;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C60x64.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - MBAMWebAccessControl
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-19 18:27 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-29 08:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-09 19:38 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\uzivatel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\uzivatel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\uzivatel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\uzivatel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\bnam57eh.default\
FF - prefs.js: browser.search.defaulturl - hxxps://www.google.com/search
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxps://www.google.com/search
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3788248948-3268896572-321402789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*s\?.vle;*]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3788248948-3268896572-321402789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*s\?.vle;*\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3788248948-3268896572-321402789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*x›[\†T*€š\Program Files (x86)\VideoLAN\VLC\plugins\demux\libxa_plugin.dll*]).]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3788248948-3268896572-321402789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*x›[\†T*€š\Program Files (x86)\VideoLAN\VLC\plugins\demux\libxa_plugin.dll*]).\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3788248948-3268896572-321402789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*x›[\†T*€šlows a user to specify an extra pmt (pmt_pid=pid:stream_type[,...]).]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3788248948-3268896572-321402789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*x›[\†T*€šlows a user to specify an extra pmt (pmt_pid=pid:stream_type[,...]).\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3788248948-3268896572-321402789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*s\?.vle;*]
"0"=hex:43,3a,5c,55,73,65,72,73,5c,75,7a,69,76,61,74,65,6c,5c,44,65,73,6b,74,
6f,70,5c,4e,6f,76,c3,a1,20,73,6c,6f,c5,be,6b,61,20,28,32,29,5c,50,6f,72,6e,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-3788248948-3268896572-321402789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*x›[\†T*€š\Program Files (x86)\VideoLAN\VLC\plugins\demux\libxa_plugin.dll*]).]
"0"=hex:43,3a,5c,55,73,65,72,73,5c,75,7a,69,76,61,74,65,6c,5c,44,65,73,6b,74,
6f,70,5c,4e,6f,76,c3,a1,20,73,6c,6f,c5,be,6b,61,20,28,32,29,5c,31,2d,33,2e,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-3788248948-3268896572-321402789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*x›[\†T*€šlows a user to specify an extra pmt (pmt_pid=pid:stream_type[,...]).]
"0"=hex:43,3a,5c,55,73,65,72,73,5c,75,7a,69,76,61,74,65,6c,5c,44,65,73,6b,74,
6f,70,5c,4e,6f,76,c3,a1,20,73,6c,6f,c5,be,6b,61,20,28,32,29,5c,31,2d,31,2e,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-07-30 17:58:32
ComboFix-quarantined-files.txt 2014-07-30 15:58
.
Před spuštěním: Volných bajtů: 212 565 745 664
Po spuštění: Volných bajtů: 212 305 059 840
.
- - End Of File - - BD3B81180CAB013924892578D75AD5BB
A36C5E4F47E84449FF07ED3517B43A31
ComboFix 14-07-29.01 - uzivatel 30.07.2014 17:51:34.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4078.2898 [GMT 2:00]
Spuštěný z: c:\users\uzivatel\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-06-28 do 2014-07-30 )))))))))))))))))))))))))))))))
.
.
2014-07-30 15:56 . 2014-07-30 15:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-29 11:25 . 2014-07-29 11:25 -------- d-----w- c:\programdata\Malwarebytes
2014-07-29 07:32 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-07-29 07:32 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4198F3B8-6094-4D4E-A161-5CAAAD7A39F7}\mpengine.dll
2014-07-29 07:32 . 2014-07-29 07:37 -------- d-----w- C:\AdwCleaner
2014-07-27 07:39 . 2014-07-29 15:58 -------- d-----w- c:\program files\trend micro
2014-07-09 19:38 . 2014-07-09 19:38 43152 ----a-w- c:\windows\avastSS.scr
2014-07-09 19:38 . 2014-07-09 19:38 448400 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2014-07-09 06:57 . 2014-06-03 10:02 1719296 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2014-07-09 06:57 . 2014-06-03 10:02 1389568 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2014-07-09 06:57 . 2014-06-03 10:02 1380864 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2014-07-09 06:57 . 2014-06-03 10:02 1354240 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 06:57 . 2014-06-03 09:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 06:57 . 2014-06-30 02:09 519168 ----a-w- c:\windows\system32\aepdu.dll
2014-07-09 06:57 . 2014-06-30 02:04 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-07-09 06:54 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-07-09 06:54 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-07-09 06:54 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-07-03 13:40 . 2014-07-03 18:40 -------- d-----w- c:\users\uzivatel\AppData\Roaming\QuickScan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-09 20:16 . 2012-06-19 07:16 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-07-09 19:39 . 2012-06-21 17:21 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-07-09 19:38 . 2014-05-04 10:01 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-07-09 19:38 . 2014-01-01 17:43 92008 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-07-09 19:38 . 2013-03-16 13:31 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-07-09 19:38 . 2013-03-16 13:31 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-07-09 19:38 . 2012-06-21 17:21 1041168 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-07-09 19:38 . 2012-06-21 17:21 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-07-09 19:38 . 2012-06-21 17:21 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-07-09 19:38 . 2012-06-21 17:21 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-07-09 19:38 . 2012-07-26 20:33 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-07-09 08:03 . 2012-06-29 16:01 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 08:03 . 2012-06-29 16:01 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-30 07:52 . 2014-07-09 06:56 247808 ----a-w- c:\windows\SysWow64\schannel.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\uzivatel\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\uzivatel\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\uzivatel\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21445248]
"HP Deskjet 4620 series (NET)"="c:\program files\HP\HP Deskjet 4620 series\Bin\ScanToPCActivationApp.exe" [2011-12-18 2548072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-01 80840]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-09 4086432]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
c:\users\uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Sledovat výstrahy inkoustu - HP Deskjet 4620 series (Síť).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 4620 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN28E2101Q05TN;CONNECTION=NW;MONITOR=1; [2009-7-14 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys;c:\windows\SYSNATIVE\DRIVERS\InputFilter_FlexDef2b.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 usbrndis6;Adaptér USB RNDIS6;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C60x64.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - MBAMWebAccessControl
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-19 18:27 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-29 08:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-09 19:38 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\uzivatel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\uzivatel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\uzivatel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\uzivatel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\bnam57eh.default\
FF - prefs.js: browser.search.defaulturl - hxxps://www.google.com/search
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxps://www.google.com/search
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3788248948-3268896572-321402789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*s\?.vle;*]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3788248948-3268896572-321402789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*s\?.vle;*\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3788248948-3268896572-321402789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*x›[\†T*€š\Program Files (x86)\VideoLAN\VLC\plugins\demux\libxa_plugin.dll*]).]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3788248948-3268896572-321402789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*x›[\†T*€š\Program Files (x86)\VideoLAN\VLC\plugins\demux\libxa_plugin.dll*]).\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3788248948-3268896572-321402789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*x›[\†T*€šlows a user to specify an extra pmt (pmt_pid=pid:stream_type[,...]).]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3788248948-3268896572-321402789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*x›[\†T*€šlows a user to specify an extra pmt (pmt_pid=pid:stream_type[,...]).\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3788248948-3268896572-321402789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*s\?.vle;*]
"0"=hex:43,3a,5c,55,73,65,72,73,5c,75,7a,69,76,61,74,65,6c,5c,44,65,73,6b,74,
6f,70,5c,4e,6f,76,c3,a1,20,73,6c,6f,c5,be,6b,61,20,28,32,29,5c,50,6f,72,6e,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-3788248948-3268896572-321402789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*x›[\†T*€š\Program Files (x86)\VideoLAN\VLC\plugins\demux\libxa_plugin.dll*]).]
"0"=hex:43,3a,5c,55,73,65,72,73,5c,75,7a,69,76,61,74,65,6c,5c,44,65,73,6b,74,
6f,70,5c,4e,6f,76,c3,a1,20,73,6c,6f,c5,be,6b,61,20,28,32,29,5c,31,2d,33,2e,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-3788248948-3268896572-321402789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*x›[\†T*€šlows a user to specify an extra pmt (pmt_pid=pid:stream_type[,...]).]
"0"=hex:43,3a,5c,55,73,65,72,73,5c,75,7a,69,76,61,74,65,6c,5c,44,65,73,6b,74,
6f,70,5c,4e,6f,76,c3,a1,20,73,6c,6f,c5,be,6b,61,20,28,32,29,5c,31,2d,31,2e,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-07-30 17:58:32
ComboFix-quarantined-files.txt 2014-07-30 15:58
.
Před spuštěním: Volných bajtů: 212 565 745 664
Po spuštění: Volných bajtů: 212 305 059 840
.
- - End Of File - - BD3B81180CAB013924892578D75AD5BB
A36C5E4F47E84449FF07ED3517B43A31
-
Rudy
- Site Admin
- Příspěvky: 119544
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalé PC
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Regnull::
[HKEY_USERS\S-1-5-21-3788248948-3268896572-321402789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*s\?.vle;*]
RegLock::
[HKEY_USERS\S-1-5-21-3788248948-3268896572-321402789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*s\?.vle;*\OpenWithList]
[HKEY_USERS\S-1-5-21-3788248948-3268896572-321402789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*x›[\†T*€š\Program Files (x86)\VideoLAN\VLC\plugins\demux\libxa_plugin.dll*]).]
[HKEY_USERS\S-1-5-21-3788248948-3268896572-321402789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*x›[\†T*€š\Program Files (x86)\VideoLAN\VLC\plugins\demux\libxa_plugin.dll*]).\OpenWithList]
[HKEY_USERS\S-1-5-21-3788248948-3268896572-321402789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*x›[\†T*€šlows a user to specify an extra pmt (pmt_pid=pid:stream_type[,...]).]
[HKEY_USERS\S-1-5-21-3788248948-3268896572-321402789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*x›[\†T*€šlows a user to specify an extra pmt (pmt_pid=pid:stream_type[,...]).\OpenWithList]
[HKEY_USERS\S-1-5-21-3788248948-3268896572-321402789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*s\?.vle;*]
[HKEY_USERS\S-1-5-21-3788248948-3268896572-321402789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*x›[\†T*€š\Program Files (x86)\VideoLAN\VLC\plugins\demux\libxa_plugin.dll*]).]
[HKEY_USERS\S-1-5-21-3788248948-3268896572-321402789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*x›[\†T*€šlows a user to specify an extra pmt (pmt_pid=pid:stream_type[,...]).]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
Reboot::
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
dulen.dulen
- Návštěvník
- Příspěvky: 56
- Registrován: 03 črc 2009 10:51
Re: Pomalé PC
ComboFix log:
ComboFix 14-07-29.01 - uzivatel 30.07.2014 23:27:54.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4078.2647 [GMT 2:00]
Spuštěný z: c:\users\uzivatel\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\uzivatel\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-06-28 do 2014-07-30 )))))))))))))))))))))))))))))))
.
.
2014-07-29 11:25 . 2014-07-29 11:25 -------- d-----w- c:\programdata\Malwarebytes
2014-07-29 07:32 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-07-29 07:32 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4198F3B8-6094-4D4E-A161-5CAAAD7A39F7}\mpengine.dll
2014-07-29 07:32 . 2014-07-29 07:37 -------- d-----w- C:\AdwCleaner
2014-07-27 07:39 . 2014-07-29 15:58 -------- d-----w- c:\program files\trend micro
2014-07-09 19:38 . 2014-07-09 19:38 43152 ----a-w- c:\windows\avastSS.scr
2014-07-09 19:38 . 2014-07-09 19:38 448400 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2014-07-09 06:57 . 2014-06-03 10:02 1719296 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2014-07-09 06:57 . 2014-06-03 10:02 1389568 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2014-07-09 06:57 . 2014-06-03 10:02 1380864 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2014-07-09 06:57 . 2014-06-03 10:02 1354240 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 06:57 . 2014-06-03 09:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 06:57 . 2014-06-30 02:09 519168 ----a-w- c:\windows\system32\aepdu.dll
2014-07-09 06:57 . 2014-06-30 02:04 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-07-09 06:54 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-07-09 06:54 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-07-09 06:54 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-07-03 13:40 . 2014-07-03 18:40 -------- d-----w- c:\users\uzivatel\AppData\Roaming\QuickScan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-09 20:16 . 2012-06-19 07:16 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-07-09 19:39 . 2012-06-21 17:21 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-07-09 19:38 . 2014-05-04 10:01 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-07-09 19:38 . 2014-01-01 17:43 92008 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-07-09 19:38 . 2013-03-16 13:31 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-07-09 19:38 . 2013-03-16 13:31 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-07-09 19:38 . 2012-06-21 17:21 1041168 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-07-09 19:38 . 2012-06-21 17:21 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-07-09 19:38 . 2012-06-21 17:21 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-07-09 19:38 . 2012-06-21 17:21 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-07-09 19:38 . 2012-07-26 20:33 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-07-09 08:03 . 2012-06-29 16:01 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 08:03 . 2012-06-29 16:01 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-30 07:52 . 2014-07-09 06:56 247808 ----a-w- c:\windows\SysWow64\schannel.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\uzivatel\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\uzivatel\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\uzivatel\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21445248]
"HP Deskjet 4620 series (NET)"="c:\program files\HP\HP Deskjet 4620 series\Bin\ScanToPCActivationApp.exe" [2011-12-18 2548072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-01 80840]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-09 4086432]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
c:\users\uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Sledovat výstrahy inkoustu - HP Deskjet 4620 series (Síť).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 4620 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN28E2101Q05TN;CONNECTION=NW;MONITOR=1; [2009-7-14 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys;c:\windows\SYSNATIVE\DRIVERS\InputFilter_FlexDef2b.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 usbrndis6;Adaptér USB RNDIS6;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C60x64.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-19 18:27 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-29 08:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-09 19:38 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\uzivatel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\uzivatel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\uzivatel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\uzivatel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\bnam57eh.default\
FF - prefs.js: browser.search.defaulturl - hxxps://www.google.com/search
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxps://www.google.com/search
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3788248948-3268896572-321402789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*s\?.vle;*]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3788248948-3268896572-321402789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*s\?.vle;*\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3788248948-3268896572-321402789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*x›[\†T*€š\Program Files (x86)\VideoLAN\VLC\plugins\demux\libxa_plugin.dll*]).]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3788248948-3268896572-321402789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*x›[\†T*€š\Program Files (x86)\VideoLAN\VLC\plugins\demux\libxa_plugin.dll*]).\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3788248948-3268896572-321402789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*x›[\†T*€šlows a user to specify an extra pmt (pmt_pid=pid:stream_type[,...]).]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3788248948-3268896572-321402789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*x›[\†T*€šlows a user to specify an extra pmt (pmt_pid=pid:stream_type[,...]).\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3788248948-3268896572-321402789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*s\?.vle;*]
"0"=hex:43,3a,5c,55,73,65,72,73,5c,75,7a,69,76,61,74,65,6c,5c,44,65,73,6b,74,
6f,70,5c,4e,6f,76,c3,a1,20,73,6c,6f,c5,be,6b,61,20,28,32,29,5c,50,6f,72,6e,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-3788248948-3268896572-321402789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*x›[\†T*€š\Program Files (x86)\VideoLAN\VLC\plugins\demux\libxa_plugin.dll*]).]
"0"=hex:43,3a,5c,55,73,65,72,73,5c,75,7a,69,76,61,74,65,6c,5c,44,65,73,6b,74,
6f,70,5c,4e,6f,76,c3,a1,20,73,6c,6f,c5,be,6b,61,20,28,32,29,5c,31,2d,33,2e,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-3788248948-3268896572-321402789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*x›[\†T*€šlows a user to specify an extra pmt (pmt_pid=pid:stream_type[,...]).]
"0"=hex:43,3a,5c,55,73,65,72,73,5c,75,7a,69,76,61,74,65,6c,5c,44,65,73,6b,74,
6f,70,5c,4e,6f,76,c3,a1,20,73,6c,6f,c5,be,6b,61,20,28,32,29,5c,31,2d,31,2e,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
**************************************************************************
.
Celkový čas: 2014-07-30 23:38:03 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-07-30 21:38
ComboFix2.txt 2014-07-30 15:58
.
Před spuštěním: Volných bajtů: 211 343 499 264
Po spuštění: Volných bajtů: 211 413 364 736
.
- - End Of File - - AE0F63C58F34A562BDD774C6C98C5B2C
A36C5E4F47E84449FF07ED3517B43A31
ComboFix 14-07-29.01 - uzivatel 30.07.2014 23:27:54.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4078.2647 [GMT 2:00]
Spuštěný z: c:\users\uzivatel\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\uzivatel\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-06-28 do 2014-07-30 )))))))))))))))))))))))))))))))
.
.
2014-07-29 11:25 . 2014-07-29 11:25 -------- d-----w- c:\programdata\Malwarebytes
2014-07-29 07:32 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-07-29 07:32 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4198F3B8-6094-4D4E-A161-5CAAAD7A39F7}\mpengine.dll
2014-07-29 07:32 . 2014-07-29 07:37 -------- d-----w- C:\AdwCleaner
2014-07-27 07:39 . 2014-07-29 15:58 -------- d-----w- c:\program files\trend micro
2014-07-09 19:38 . 2014-07-09 19:38 43152 ----a-w- c:\windows\avastSS.scr
2014-07-09 19:38 . 2014-07-09 19:38 448400 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2014-07-09 06:57 . 2014-06-03 10:02 1719296 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2014-07-09 06:57 . 2014-06-03 10:02 1389568 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2014-07-09 06:57 . 2014-06-03 10:02 1380864 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2014-07-09 06:57 . 2014-06-03 10:02 1354240 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 06:57 . 2014-06-03 09:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 06:57 . 2014-06-30 02:09 519168 ----a-w- c:\windows\system32\aepdu.dll
2014-07-09 06:57 . 2014-06-30 02:04 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-07-09 06:54 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-07-09 06:54 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-07-09 06:54 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-07-03 13:40 . 2014-07-03 18:40 -------- d-----w- c:\users\uzivatel\AppData\Roaming\QuickScan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-09 20:16 . 2012-06-19 07:16 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-07-09 19:39 . 2012-06-21 17:21 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-07-09 19:38 . 2014-05-04 10:01 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-07-09 19:38 . 2014-01-01 17:43 92008 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-07-09 19:38 . 2013-03-16 13:31 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-07-09 19:38 . 2013-03-16 13:31 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-07-09 19:38 . 2012-06-21 17:21 1041168 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-07-09 19:38 . 2012-06-21 17:21 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-07-09 19:38 . 2012-06-21 17:21 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-07-09 19:38 . 2012-06-21 17:21 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-07-09 19:38 . 2012-07-26 20:33 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-07-09 08:03 . 2012-06-29 16:01 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 08:03 . 2012-06-29 16:01 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-30 07:52 . 2014-07-09 06:56 247808 ----a-w- c:\windows\SysWow64\schannel.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\uzivatel\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\uzivatel\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\uzivatel\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21445248]
"HP Deskjet 4620 series (NET)"="c:\program files\HP\HP Deskjet 4620 series\Bin\ScanToPCActivationApp.exe" [2011-12-18 2548072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-01 80840]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-09 4086432]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
c:\users\uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Sledovat výstrahy inkoustu - HP Deskjet 4620 series (Síť).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 4620 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN28E2101Q05TN;CONNECTION=NW;MONITOR=1; [2009-7-14 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys;c:\windows\SYSNATIVE\DRIVERS\InputFilter_FlexDef2b.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 usbrndis6;Adaptér USB RNDIS6;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C60x64.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-19 18:27 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-29 08:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-09 19:38 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\uzivatel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\uzivatel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\uzivatel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\uzivatel\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\bnam57eh.default\
FF - prefs.js: browser.search.defaulturl - hxxps://www.google.com/search
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxps://www.google.com/search
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3788248948-3268896572-321402789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*s\?.vle;*]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3788248948-3268896572-321402789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*s\?.vle;*\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3788248948-3268896572-321402789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*x›[\†T*€š\Program Files (x86)\VideoLAN\VLC\plugins\demux\libxa_plugin.dll*]).]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3788248948-3268896572-321402789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*x›[\†T*€š\Program Files (x86)\VideoLAN\VLC\plugins\demux\libxa_plugin.dll*]).\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3788248948-3268896572-321402789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*x›[\†T*€šlows a user to specify an extra pmt (pmt_pid=pid:stream_type[,...]).]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3788248948-3268896572-321402789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*x›[\†T*€šlows a user to specify an extra pmt (pmt_pid=pid:stream_type[,...]).\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3788248948-3268896572-321402789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*s\?.vle;*]
"0"=hex:43,3a,5c,55,73,65,72,73,5c,75,7a,69,76,61,74,65,6c,5c,44,65,73,6b,74,
6f,70,5c,4e,6f,76,c3,a1,20,73,6c,6f,c5,be,6b,61,20,28,32,29,5c,50,6f,72,6e,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-3788248948-3268896572-321402789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*x›[\†T*€š\Program Files (x86)\VideoLAN\VLC\plugins\demux\libxa_plugin.dll*]).]
"0"=hex:43,3a,5c,55,73,65,72,73,5c,75,7a,69,76,61,74,65,6c,5c,44,65,73,6b,74,
6f,70,5c,4e,6f,76,c3,a1,20,73,6c,6f,c5,be,6b,61,20,28,32,29,5c,31,2d,33,2e,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-3788248948-3268896572-321402789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*x›[\†T*€šlows a user to specify an extra pmt (pmt_pid=pid:stream_type[,...]).]
"0"=hex:43,3a,5c,55,73,65,72,73,5c,75,7a,69,76,61,74,65,6c,5c,44,65,73,6b,74,
6f,70,5c,4e,6f,76,c3,a1,20,73,6c,6f,c5,be,6b,61,20,28,32,29,5c,31,2d,31,2e,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
**************************************************************************
.
Celkový čas: 2014-07-30 23:38:03 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-07-30 21:38
ComboFix2.txt 2014-07-30 15:58
.
Před spuštěním: Volných bajtů: 211 343 499 264
Po spuštění: Volných bajtů: 211 413 364 736
.
- - End Of File - - AE0F63C58F34A562BDD774C6C98C5B2C
A36C5E4F47E84449FF07ED3517B43A31
-
Rudy
- Site Admin
- Příspěvky: 119544
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalé PC
CF odinstalujte pomocí T-Claneru: http://vyosek.tym.cz/pro_usery/T-Cleaner.exe . Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
dulen.dulen
- Návštěvník
- Příspěvky: 56
- Registrován: 03 črc 2009 10:51
Re: Pomalé PC
Kurzor s se stavem prace se objevuje porad, ale zda se ze uz se to neskube.
Dekuji za spolupraci
Dekuji za spolupraci
-
Rudy
- Site Admin
- Příspěvky: 119544
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalé PC
Zkuste ještě defragmentovat disk. Nmáte zač! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?