conhost.exe & csrss.exe

[MartasZLA]

Tak bohužel nepomohlo ani obnovení zhruba týden staré

[Rudy]

Dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

[MartasZLA]

ComboFix 14-08-29.03 - Martin 29.08.2014 22:58:50.6.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8147.6128 [GMT 2:00]
Spuštěný z: c:\users\Martin\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-07-28 do 2014-08-29 )))))))))))))))))))))))))))))))
.
.
2014-08-29 21:02 . 2014-08-29 21:02 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-08-29 21:02 . 2014-08-29 21:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-29 18:46 . 2014-08-21 09:24 11319192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{550A4144-2151-45E7-80FA-B332E6379130}\mpengine.dll
2014-08-29 18:31 . 2014-07-02 03:09 10924376 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED7E2AA6-ABC0-47CA-BF98-7B8205C232C4}\mpengine.dll
2014-08-29 18:02 . 2014-08-29 18:17 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-08-29 17:11 . 2014-08-29 17:12 -------- d-----w- C:\AdwCleaner
2014-08-29 11:34 . 2014-08-29 11:34 -------- d-----w- c:\programdata\Malwarebytes
2014-08-28 16:15 . 2014-08-28 18:21 -------- d-----w- c:\users\Martin\AppData\Roaming\Tropico 4
2014-08-28 16:14 . 2014-08-28 16:14 -------- d-----w- c:\users\Martin\AppData\Roaming\Kalypso Media
2014-08-27 08:11 . 2014-08-27 08:11 -------- d-----w- c:\users\Martin\AppData\Local\TurboDismount
2014-08-27 05:45 . 2014-08-27 05:45 -------- d-----w- c:\program files (x86)\Microsoft XNA
2014-08-26 08:46 . 2014-08-29 18:30 -------- d-----w- c:\users\Martin\AppData\Local\CSDSteamBuild
2014-08-25 10:03 . 2014-08-25 10:03 -------- d-----w- c:\users\Martin\AppData\Roaming\VitySoft
2014-08-25 10:03 . 2014-08-25 10:03 -------- d-----w- c:\users\Martin\.objectdb
2014-08-21 03:48 . 2014-08-21 03:48 -------- d-----w- c:\programdata\McAfee
2014-08-20 03:55 . 2014-08-07 08:59 11319200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F24E8A0E-BF87-4FDF-83ED-D4F46660F35D}\mpengine.dll
2014-08-17 13:28 . 2014-08-17 13:28 -------- d-----w- c:\program files (x86)\Savevid
2014-08-13 06:00 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-08-11 11:45 . 2014-08-11 11:45 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-21 03:48 . 2013-01-26 22:42 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-21 03:48 . 2013-01-26 22:42 699568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-13 06:02 . 2012-11-09 17:19 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-08-09 00:22 . 2014-06-03 09:58 1291280 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-08-09 00:22 . 2014-06-03 09:58 1126480 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-08-09 00:22 . 2014-06-03 09:58 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-08-09 00:22 . 2014-06-03 09:58 1283136 ----a-w- c:\windows\system32\nvspcap64.dll
2014-08-05 07:20 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-07-21 12:04 . 2014-03-03 23:06 111928 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-07-09 12:48 . 2014-03-03 23:06 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-07-02 20:48 . 2014-07-29 19:58 944928 ----a-w- c:\windows\system32\NvIFR64.dll
2014-07-02 20:48 . 2014-07-29 19:58 907096 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-07-02 20:48 . 2014-07-29 19:58 903624 ----a-w- c:\windows\system32\NvFBC64.dll
2014-07-02 20:48 . 2014-07-29 19:58 869152 ----a-w- c:\windows\SysWow64\NvFBC.dll
2014-07-02 20:48 . 2014-07-29 19:58 846832 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2014-07-02 20:48 . 2014-07-29 19:58 502232 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2014-07-02 20:48 . 2014-07-29 19:58 4247000 ----a-w- c:\windows\system32\nvcuvid.dll
2014-07-02 20:48 . 2014-07-29 19:58 418760 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2014-07-02 20:48 . 2014-07-29 19:58 3989960 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2014-07-02 20:48 . 2014-07-29 19:58 391640 ----a-w- c:\windows\system32\NvIFROpenGL.dll
2014-07-02 20:48 . 2014-07-29 19:58 354016 ----a-w- c:\windows\system32\nvoglshim64.dll
2014-07-02 20:48 . 2014-07-29 19:58 348120 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll
2014-07-02 20:48 . 2014-07-29 19:58 31512520 ----a-w- c:\windows\system32\nvoglv64.dll
2014-07-02 20:48 . 2014-07-29 19:58 305600 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2014-07-02 20:48 . 2014-07-29 19:58 24196896 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2014-07-02 20:48 . 2014-07-29 19:58 1890080 ----a-w- c:\windows\system32\nvdispco6434052.dll
2014-07-02 20:48 . 2014-07-29 19:58 17555104 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-07-02 20:48 . 2014-07-29 19:58 166568 ----a-w- c:\windows\system32\nvinitx.dll
2014-07-02 20:48 . 2014-07-29 19:58 1539928 ----a-w- c:\windows\system32\nvdispgenco6434052.dll
2014-07-02 20:48 . 2014-07-29 19:58 146480 ----a-w- c:\windows\SysWow64\nvinit.dll
2014-07-02 20:48 . 2014-07-29 19:58 13922752 ----a-w- c:\windows\system32\nvopencl.dll
2014-07-02 20:48 . 2014-07-29 19:58 13835208 ----a-w- c:\windows\system32\nvcuda.dll
2014-07-02 20:48 . 2014-07-29 19:58 12866008 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-07-02 20:48 . 2014-07-29 19:58 11283344 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-07-02 20:48 . 2014-07-29 19:58 11222048 ----a-w- c:\windows\SysWow64\nvcuda.dll
2014-07-02 20:48 . 2014-07-29 19:58 22994208 ----a-w- c:\windows\system32\nvcompiler.dll
2014-07-02 20:48 . 2014-07-29 19:58 15294296 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-07-02 20:48 . 2014-06-17 17:59 16122344 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-07-02 20:48 . 2013-09-17 20:22 18626304 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-07-02 20:48 . 2013-09-17 20:22 965312 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-07-02 20:48 . 2013-09-17 20:22 14498552 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-07-02 20:48 . 2013-09-17 20:22 3196816 ----a-w- c:\windows\system32\nvapi64.dll
2014-07-02 20:48 . 2013-09-17 20:22 2814656 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-07-02 18:55 . 2013-10-19 15:07 6783776 ----a-w- c:\windows\system32\nvcpl.dll
2014-07-02 18:55 . 2013-10-19 15:07 3522392 ----a-w- c:\windows\system32\nvsvc64.dll
2014-07-02 18:55 . 2013-10-19 15:07 935368 ----a-w- c:\windows\system32\nvvsvc.exe
2014-07-02 18:55 . 2013-10-19 15:07 62808 ----a-w- c:\windows\system32\nvshext.dll
2014-07-02 18:55 . 2013-10-19 15:07 386520 ----a-w- c:\windows\system32\nvmctray.dll
2014-07-02 18:55 . 2013-10-19 15:07 2559960 ----a-w- c:\windows\system32\nvsvcr.dll
2014-07-02 10:14 . 2013-10-19 15:07 3826628 ----a-w- c:\windows\system32\nvcoproc.bin
2014-06-18 02:18 . 2014-07-09 03:56 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 03:56 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-17 07:18 . 2014-06-17 07:18 0 ---ha-w- c:\users\Martin\AppData\Local\BITC9D4.tmp
2014-06-13 02:59 . 2014-06-17 17:59 1542088 ----a-w- c:\windows\system32\nvdispgenco6434043.dll
2014-06-13 02:59 . 2014-06-17 17:59 1890264 ----a-w- c:\windows\system32\nvdispco6434043.dll
2014-06-06 10:10 . 2014-07-09 03:56 624128 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-09 03:56 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-09 03:56 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-09 03:56 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-09 03:56 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-11-09 393728]
"Seznam Postak"="c:\program files (x86)\Seznam.cz\bin\postak.exe" [2012-01-10 491040]
"Steam"="d:\hry\Steam\steam.exe" [2014-08-28 1939136]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-04-26 3111744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Imperator pro"="c:\program files (x86)\Genius\Imperator Pro\IMProhid.exe" [2012-02-24 287232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Tilt"=c:\program files (x86)\GIGABYTE\GHOST\Tilt.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"amd_dc_opt"=c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
R3 DualCoreCenter;DualCoreCenter;c:\program files (x86)\MSI\OverclockingCenter\NTGLM7X64.sys;c:\program files (x86)\MSI\OverclockingCenter\NTGLM7X64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe [x]
R3 GPUZ;GPUZ;c:\windows\TEMP\GPUZ.sys;c:\windows\TEMP\GPUZ.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
R3 MSICDSetup;MSICDSetup;f:\cdriver64.sys;f:\CDriver64.sys [x]
R3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_5;NTIOLib_1_0_5;c:\program files (x86)\MSI\OverclockingCenter\NTIOLib_X64.sys;c:\program files (x86)\MSI\OverclockingCenter\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;f:\ntiolib_x64.sys;f:\NTIOLib_X64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 HiSuiteOuc64.exe;HiSuiteOuc64.exe;c:\programdata\HiSuiteOuc\HiSuiteOuc64.exe;c:\programdata\HiSuiteOuc\HiSuiteOuc64.exe [x]
S2 HuaweiHiSuiteService64.exe;HuaweiHiSuiteService64.exe;c:\programdata\HandSetService\HuaweiHiSuiteService64.exe;c:\programdata\HandSetService\HuaweiHiSuiteService64.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 SavevidService;SavevidService;c:\program files (x86)\Savevid\SavevidService.exe;c:\program files (x86)\Savevid\SavevidService.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]
S3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys;c:\windows\SYSNATIVE\drivers\anvsnddrv.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 KYEKBPRO;IMPERATOR PRO Gaming Keyboard;c:\windows\system32\drivers\KYEKBPRO.sys;c:\windows\SYSNATIVE\drivers\KYEKBPRO.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Martin\AppData\Local\Temp\tmp74A2.tmp;c:\users\Martin\AppData\Local\Temp\tmp74A2.tmp [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WINRING0_1_2_0
.
Obsah adresáře 'Naplánované úlohy'
.
2014-08-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-26 03:48]
.
2014-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-09 10:04]
.
2014-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cf8cd097386add.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-09 10:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-11-26 6325936]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-08-09 2403288]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-08-09 1283136]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\81la4hjx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-Mafia Game - c:\windows\system32\MafiaSetup.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\Martin\AppData\Local\Temp\tmp74A2.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4280516896-2141275730-2379777306-1000\Software\SecuROM\License information*]
"datasecu"=hex:6f,fd,50,2f,3f,7b,c2,9a,59,91,92,a7,21,72,65,cd,8e,19,e9,ce,c8,
29,02,a1,e3,96,fc,d8,3c,b9,99,52,68,d3,83,d9,9e,a4,cd,1a,f9,83,b1,d1,31,16,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2014-08-29 23:03:03
ComboFix-quarantined-files.txt 2014-08-29 21:03
ComboFix2.txt 2014-08-29 20:53
.
Před spuštěním: Volných bajtů: 42 273 505 280
Po spuštění: Volných bajtů: 42 207 686 656
.
- - End Of File - - 5CC7D57E99079257149F5035D6CD407F
A36C5E4F47E84449FF07ED3517B43A31

[MartasZLA]

Ještě poznatek když si otevřu Sledování prostředků tak tam skáče nvstreamsvc.exe prostě se objevuje a zase mizí.

[Rudy]

nVidia streamer service. Zkuste přeinstalovat ovladače gr. karty, příp. na zkoušku tu službu vypněte.

[MartasZLA]

Tak jsem celý ten balast odinstaloval a nechal jen ovladače grafiky a procesor už v klidu jde jen zhruba do 3-10%. To by asi bylo odpovídající že?

Edit: tak se to vrátilo. Dívám se do Sledování prostředků a procesor mi vytěžuje taskhost.exe. Když ho pozastavím tak se využití procesoru vrátí do normálu. Skusil jsem ho vypnout, na netu jsem našel že je to bug ve windowsech, smázl jsem doporučené soubory restartoval, chvíli to fungovalo ale pak se to opět vrátilo...

[Rudy]

Kolik prostředků spotřebuje? Taskhost je systémový proces, není to vir.

[MartasZLA]

Zhruba 25%. Zde o tom něco je http://www.bitcrazed.com/post/2011/02/0 ... ptop!.aspx

[Rudy]

OK. Zachovejte se podle toho návodu.

[MartasZLA]

Tak jsem udělal podle návodu, zakázal jsem to tak počkám jestli bude klid.

[Rudy]

OK.

[MartasZLA]

Můžete uzamknout pc už je vpohodě

[Rudy]

OK, to jsem rád. Zamykám.