Prosba o kontrolu Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Uživatelský avatar
Zdena.Sladky
Level 3
Level 3
Příspěvky: 634
Registrován: srpen 06
Bydliště: Břeclav
Pohlaví: Muž
Stav:
Offline
Kontakt:

Re: Prosba o kontrolu

Příspěvekod Zdena.Sladky » 27 bře 2018 17:54

ComboFix 18-03-14.01 - Zdeněk 27.03.2018 17:40:41.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.7678.5716 [GMT 2:00]
Spuštěný z: c:\users\Zdenýk\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Zdenýk\Desktop\CFScript.txt
AV: Kaspersky Endpoint Security 10 for Windows *Disabled/Updated* {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
FW: Kaspersky Endpoint Security 10 for Windows *Disabled* {8C27F4BD-7F99-4CD1-5651-D3EB97674300}
SP: Kaspersky Endpoint Security 10 for Windows *Disabled/Updated* {0F7D947C-13CC-4207-47BE-41AC12334EC6}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2018-02-27 do 2018-03-27 )))))))))))))))))))))))))))))))
.
.
2018-03-27 15:48 . 2018-03-27 15:48 -------- d-----w- c:\users\ZDENK~2\AppData\Local\temp
2018-03-27 15:48 . 2018-03-27 15:48 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2018-03-27 15:48 . 2018-03-27 15:48 -------- d-----w- c:\users\Public\AppData\Local\temp
2018-03-27 15:48 . 2018-03-27 15:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2018-03-27 15:43 . 2018-03-27 15:43 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{00FCF1B5-77A6-4490-A9AB-D652F5D07FE8}\offreg.3840.dll
2018-03-27 15:22 . 2018-03-27 15:22 253664 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2018-03-26 16:55 . 2018-03-27 15:27 6184 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2018-03-26 16:55 . 2018-03-26 16:55 203680 ----a-w- c:\windows\system32\drivers\zam64.sys
2018-03-26 16:55 . 2018-03-26 16:55 203680 ----a-w- c:\windows\system32\drivers\zamguard64.sys
2018-03-26 14:48 . 2018-03-26 16:55 -------- d-----w- c:\program files (x86)\Zemana AntiMalware
2018-03-26 14:48 . 2018-03-26 14:48 -------- d-----w- c:\users\Zdeněk\AppData\Local\Zemana
2018-03-23 17:57 . 2018-03-23 17:57 -------- d-----w- C:\zoek
2018-03-19 19:14 . 2018-03-19 19:14 -------- d-----w- c:\users\Zdeněk\AppData\Local\ArcSoft
2018-03-19 18:13 . 2018-03-22 14:54 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2018-03-19 18:13 . 2018-03-19 19:58 -------- d-----w- c:\programdata\RogueKiller
2018-03-19 15:30 . 2018-03-19 15:30 -------- d-----w- c:\programdata\Sophos
2018-03-19 15:25 . 2018-03-19 15:25 -------- d-----w- c:\program files (x86)\Sophos
2018-03-18 20:06 . 2018-01-18 08:03 76200 ----a-w- c:\windows\system32\drivers\mbae64.sys
2018-03-18 20:06 . 2018-03-18 20:06 -------- d-----w- c:\program files\Malwarebytes
2018-03-18 19:59 . 2018-03-19 14:54 -------- d-----w- C:\AdwCleaner
2018-03-17 12:35 . 2018-03-17 12:35 -------- d-----w- c:\program files (x86)\Trend Micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-03-13 17:41 . 2012-04-04 14:48 804352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2018-03-13 17:41 . 2011-11-21 16:21 144896 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2018-01-07 19:02 . 2011-11-23 16:20 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2018-01-07 19:02 . 2011-11-23 16:20 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2017-12-30 16:21 . 2011-11-23 17:15 281768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Bloody2"="c:\program files (x86)\Bloody5\Bloody5\Bloody5.exe" [2015-06-16 18923008]
"cz.seznam.software.autoupdate"="c:\users\Zdeněk\AppData\Roaming\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSGamerOSD"="c:\program files (x86)\ASUS\GamerOSD\GamerOSD.exe" [2009-07-30 380928]
"ContentTransferWMDetector.exe"="c:\program files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2009-07-07 241789]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-07-14 24576]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-06-19 195072]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows SP1\avp.exe" [2017-06-27 1241240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ASUS USB-AC51 WLAN Control Center.lnk - c:\program files (x86)\ASUS\USB-AC51 WLAN Card Utilities\Common\RaUI.exe -s [2016-12-3 6930432]
GamePark klient 2.lnk - c:\program files\GamePark2\gpcl.exe [2013-10-6 442880]
STK03N PNP Monitor.lnk - c:\windows\STK03N\STK03NM.exe [2011-11-28 163840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 ASUSWireless;ASUSWireless;c:\program files (x86)\ASUS\USB-AC51 WLAN Card Utilities\Common\ASUSService.exe;c:\program files (x86)\ASUS\USB-AC51 WLAN Card Utilities\Common\ASUSService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RaMediaServer;Ralink UPnP Media Server;c:\program files (x86)\ASUS\USB-AC51 WLAN Card Utilities\Common\RaMediaServer.exe;c:\program files (x86)\ASUS\USB-AC51 WLAN Card Utilities\Common\RaMediaServer.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64;c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [x]
R3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys;c:\windows\SYSNATIVE\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys;c:\windows\SYSNATIVE\DRIVERS\NBVolUp.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys;c:\windows\SYSNATIVE\DRIVERS\EIO64.sys [x]
S1 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys;c:\windows\SYSNATIVE\DRIVERS\klfltdev.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x]
S1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x]
S2 avpsus;Kaspersky Seamless Update Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows SP1\avpsus.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows SP1\avpsus.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe;c:\program files\OO Software\Defrag\oodag.exe [x]
S2 Origin Web Helper Service;Origin Web Helper Service;c:\program files (x86)\Origin\OriginWebHelperService.exe;c:\program files (x86)\Origin\OriginWebHelperService.exe [x]
S2 ZAMSvc;ZAM Controller Service;c:\program files (x86)\Zemana AntiMalware\ZAM.exe;c:\program files (x86)\Zemana AntiMalware\ZAM.exe [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys;c:\windows\SYSNATIVE\drivers\ha20x22k.sys [x]
S3 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\Drivers\mbamswissarmy.sys;c:\windows\SYSNATIVE\Drivers\mbamswissarmy.sys [x]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtnic64.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ESPROTECTIONDRIVER
*NewlyCreated* - MBAMPROTECTION
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBPROTECTION
*Deregistered* - ESProtectionDriver
*Deregistered* - MBAMProtection
*Deregistered* - MBAMWebProtection
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2017-07-31 22:31 324080 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
"ZAM"="c:\program files (x86)\Zemana AntiMalware\ZAM.exe" [2017-08-09 15775888]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwar ... TSUEng.cab
FF - ProfilePath - c:\users\Zdeněk\AppData\Roaming\Mozilla\Firefox\Profiles\bfylnjfq.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Moorhuhn 2 deinstallieren - c:\windows\IsUn0407.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3513647167-1016645970-2085108452-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3513647167-1016645970-2085108452-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3513647167-1016645970-2085108452-1000_Classes\{057C7771-F320-4C2A-A2EA-747945FA82F2}*]
@Allowed: (Read) (RestrictedCode)
@=hex:c0,02,d1,d4,1d,ec,cc,01
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_29_0_0_113_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_29_0_0_113_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_29_0_0_113_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_29_0_0_113_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_29_0_0_113.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.29"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_29_0_0_113.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_29_0_0_113.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_29_0_0_113.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\{057C7771-F320-4C2A-A2EA-747945FA82F2}*]
@=hex:30,49,90,c5,cf,dd,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*]
@=hex:e0,71,ab,b3,cf,dd,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}*]
@=hex:30,5c,e4,b3,cf,dd,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*]
@=hex:f0,bc,bd,af,cf,dd,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{C4B20040-7D5A-4558-9E19-B7DF94366F97}*]
@=hex:60,52,0e,b4,cf,dd,cc,01
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="6A35ABA99FF10A5F6D1464C1B0BD7FE073DB27C76B04FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D14079DB7CE019D40AA5CFEBC9E127BECC74CA9C6AECB7A5D14070809D065456A03DC0550AEE35C47FC529B2276532E9D1FEB8E60890BB5708653468936AD62EF1A6C572CF376AACE8B4A99212BD6276669F3499591EEC1284286C56A14467568D71350E1CF601B6C5FDF6A18A01E4B51D7E835D03668C54466C06B9844397901CFB1E62937E48B29773BB72D83BD7868EFD7CC477E0442EAA1152373C6A72F1EFB0016AFC2D69BC634D92E79A7604FE81D200B9D95DFF57409E85BCE41C5995436885D163021AEB8D989FC8D0244B540AD7875F049306A6F11768673F95C7E6F402AC1F0E041ECA41470DA692C3BD49553E78E4E8DBB671D974B1C9C5D47E96DBE974AC9574744E7EE04FD04E42D98C0244CE0B9F95EFA725AC8167A7BF5AA80BAD6821E3ED9E191DB11A5470D13B2CE1CD57A2B4785F819FEA5F23108EDD4101E437A5EE1303D65B0361110ABFA1AFE98096D8CD5B6F66F8AE935595AC6BEB63C8CC56FB4198C5AA66905B16A0805C65CC0CD3C29094E066A75E4FD70AD83C1C634FA2B49F54B1CDAF049F1967073CD8DA6370E66A51EA26B778A9F67620335D81236DD5ABB3B0A4FE82C8AA1FCA47236BD45C9D94E473FC3F8363384B7DE466C4F184844746038E8417DAAA20F1D43465A9B29725571080A51F91FB01800DFE3ECC3A0073B02EDF0BD12F1D39528860E25DDDB41218561B8AE6D4175FE10A1823C600FC8C22C2616F4C27811985232C499B7047F2EB2DDAE14AAE6057C7FDCF0E31A3052D13191E7556C48DE32EB75868AD5BA078BEA48B156CF5631B50018BB5EA0958F3EA213DC1CEE5DE1108A304E9C6909D65CE31E679F80C674618A0ED27C27C4127859C2CE5E2E2C62F507750247A86F91581891DB6CE165684E59AD8BDE65360F01F16A7A83949951387F8F65D6CDDF7E494507FD10A0D04ED96B991D7D9757DE6BCB0B00460F00BE42D37BA4EE15C108106E18A2AF6A1D08F98428A4A2FD097E620CD767390C2D61122AE64D81C16FBD1F58927F45715320B5AA62226D5A9F8EA31B39983D82E212B9EBB8D0589839527E8E78AF1FEBEEC12B2A097BD075E4D4002449600C69D6CFE0C488089062611DC8DDFEB35D165FBB09110EF6929A16BA5B97D7F1303EB4BBBFA6A3AB1B6E9F97ACD90FEFF62E090395B396C1CD1A63CA32A9E9618A02191CA5480A5A3C0E9DE1EF584729B6F5C4302728FEECF246F1378ED234284DB8175A759FEF170C167B3FE6F2788D3735DD7CA9CAD5EBC178DB5613CEA524816A3485A4EC3E477961CC157E0828A9ED3593C91F3A5B98D38B2D9E751E5A9604A4694F3D2F123643CB16"
"OODEFRAG15.00.00.01PROFESSIONAL"="CBCA5BA6A4C780FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D14079DB7CE019D40AA5CFEBC9E127BECC74CA9C6AECB7A5D1407722F7EF81F42582B0773E6F6946EAE85700A78E3880913060CEE7A33C0DC467B32BF2893A5DEDC4DCAFDD1F81D1F6BEAEAAD9AF7728749940C3B38F8D36D5AED4B35CDACDA7272E3BCD34FDE28313DDD51D0FC8E8EC445C5428F645C499379DA1A9A77C84E71D458446338BC1F900364B0E4E9673CC1A65C0583596D1B842662DFC8B264306886C5AB6EE9990BBCDDB8FE3130378091D1CE1380782DE488A1D5C3F0906A56734B7E200647EF1A4835C6124E23A501DCEBC68B47250EE67DF540CC17A4BF3D46AD86B49635AE215AB132252A97CD0BE0622372E8C57B87546FD9699188B87F27FA16DFDB1DB816B0C2CE5707E8C10FEC61F731CCC7524F131D14EA0DD89F61EF4399FC65EB6693179AA6AD7A770420E5DF0A92AC1961EAD2D391080BB533C60F5C3148989482D772AE770F6E238C75C212D4C81AAE70AAC02B2AD75CC2A33C065E32662F0D4AC7BA39B3C59F55C8EC92738667F47FB6841D00E9D9A9AA1A6DEBA725DB35CD726979B8FE82A0751705724581E77587E290BFF28F6EEF19ADADEAD8C5150B55A16850EEB3D857F54C629887DB2526C6130C0F668E5AFDBE6E71C15784DE6624F291F0E1DE3EFDC6B0CB4C84E1DFE5BF5FD70A848E4878D0DCD342CC876C4FC17459A25C430FA1DEFE2EE94410BCE77B50F84137EB45D5867012522527D223B62AD5BFEBD58BA3BA691963199AC4B184E119D9B036C2E29E128EEC126D0E12100CC2BA633FD63B561240BA94E5E29E6B85038EE32F95BD57204E20099DFBA0DF827F93595E77F037917B898C0F69DD429F29AA8950775D77EB7C8DC2AA5FA9BD6E0D6326C35A23E07447FB9E630BF1A28A21909DC30606473DE56B3C3EDD57BFA394D469B5CC02E0B943D0296461322892A1B5DF6A42D592CCFD06373382AB07665EA7842D049644D6345F4E4A67C770780A22D5D5913CAA48D839B89BBB7BB1F35CAD9E5817379DB2000D767E7F3420F1D9F446CFBD7C6353B078893C5B6F69FB1FD0209701140429B457CBA0EC47E026B4DDBDD275AD9682E44AB78C9783D49EDE0AB881202E138B00CE3E02D7A9DAB566238C8E47BD9F60754893398C8A22F47469DA5EB95B671D3896002ACC55C02E5A9DC6E5A96A606B0AA1B2A23627830A61923B2EF445A515D2E88953BC19441721BAC370F7C83D94EB176D5E79532F5CC73B559F5CE87221ED10166A7B979D6770FA21FA6CBF1EC20800E1B31A5ADD5FEDB1661ADF197A60486D2395C149090E20F5BE032B8AF0CF70C67020C45FCDF83FD1F03653FBEA6646F4F4A72CF6C5EA2E5240BEB83BA489DC69BED307"
"OODEFRAG17.00.00.01PROFESSIONAL"="A4F4186C0D899272487112C02A5A586B1D48C3E37E62F14CA692F9A9EF577F7014713DBE22CD552B83CF821638E475D44CF873A02E4398AFE07B39D43D66CB94B7DF658555BA99F3522A608FA08AC12B42326ECD9C39081C51C5C0603E530DA7A69A18CCA866B6650B99795CF7AF2F3AB76CECDD0F976A3532E5FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D14079DB7CE019D40AA5CBA7FD869164D6794A6A0AC4980AC7933B07510DEC2EFC0541BD9E69D81882AE635B93479EDD4520112A3015575DC385EAF73B387ED79B5CA380FE5DDA23756FE57EF4C646E874ED917F6AC85E3BFEE64D99963F4096ABC23D4587C6B23E88CBEAA0756B390E02E768768DC8A30FEAFE2550F4B445F08290E811F85CF07381DD4CA51007F2E71649FA6CC30A7AB412DE0B0CE1A075DAC0E6D35A4630AF2521EA136F3F9D2C7DC26539A504A94513EDE975C29054293C4C359C67CFA0D30FB67B74E667A2D7FD8EC42726ECF7D3BC080F7AB3E42EEB6D0E59DF58E333E2E0918E1DA743C001C33F9531AFA6D83A8AA10A258078EFA9F68D3B9E296F8757DE40F1C85C17AB30949CB1FE51AD03AFEEF51EF7C4D29C5CB32B3E09323BE83558DF315DBC0F922550FABF38D46AC28C5984B671A30D5A45B6DECFAF11976290E95AE34523BFD9BB28BA1D12CCBB8CAA840494B9522DB60156A2B224A311C9DA6226B8FBD4ED062785A7B70C24FAD127799D90BB7E907B7DE0E5F294D74A909C0EE1DF5D86A40AD222A4D37B1444BE02666D0CEAB22275AC7533C109245A08A22C9F7E542D31E29CE3EECC443755511CD7F467003BB8F6D80C5BB1092D685B33594F415FB23BF7240EFF2EAA0808F6D2852137E3175988ADC0719942A30E18B07C6D1EAEC47FE9DDEA63FAD5B57C737165D57BC8F699D3E574D54BD1C2DC00BCAE90F855F7E39B1B36572C764BECA209BB6779ED881FD090B60B15D0CFDB420D41B7234015E50A96F3E742795516B53618598D230FB1D61BA9F39FB84A6502EA00E847C654FA9F3E3576D6D29FD8069B106A7B4976BE32F4AF93856F1FD2E0A4A881415038FAF74086CCC6E3E84E5747E89D158F8B73C4FC2763D5AA731E87D9565AF6DB22ECF8177CD4535D8FAF778D8730D839F1B971351AD1D2BD8BE23486691AE23B4117AE5705E4BFEDF4C1BED7B3B8EB1BCA36840454DEFA1A0FA019AC891298C297027E056159A3D1F3535BE41EED090E3B4260F951592C8FA0EAA1BE9797CB019D94EA6AFFC3095C549314DA9AE95030E86CD2D5BDBA4DFCA724C641BF4494EECACEDDCA7354FE0E6EB7D6C58ACDC9E97A15E3BD10C0ADA54F9180451C1F553742007208CF17CAC7A570DE416B3F02FC0E45ACD5A20EA60C046C07B29322B66613AA07D537A"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2018-03-27 17:51:18
ComboFix-quarantined-files.txt 2018-03-27 15:51
ComboFix2.txt 2018-03-26 17:57
.
Před spuštěním: Volných bajtů: 58 999 504 896
Po spuštění: Volných bajtů: 58 676 465 664
.
- - End Of File - - 3FA19D8F85FD4371050431ED12201A5C
A36C5E4F47E84449FF07ED3517B43A31
AMD Athlon X2 6000+ 3.0GHz, chladič Thermaltake BigTyp VP, 3GB DDRII 667 Corsair (2x512MB, 2x1GB), deska Asus M2N-SLI Deluxe nForce 570sli, gr. karta Asus 9800GTX+ 512MB, 3xHDD WD(250GB+200GB+1000GB), case Thermaltake Swing VB6000BWS, zdroj Corsair VX550W, 24" LCD Samsung T240HD

Reklama
Uživatelský avatar
Zdena.Sladky
Level 3
Level 3
Příspěvky: 634
Registrován: srpen 06
Bydliště: Břeclav
Pohlaví: Muž
Stav:
Offline
Kontakt:

Re: Prosba o kontrolu

Příspěvekod Zdena.Sladky » 27 bře 2018 17:54

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:53:19, on 27.3.2018
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16737)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Windows\STK03N\STK03NM.exe
C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows SP1\avp.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Bloody2] "C:\Program Files (x86)\Bloody5\Bloody5\Bloody5.exe" Minimum
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Zdeněk\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - Global Startup: ASUS USB-AC51 WLAN Control Center.lnk = C:\Program Files (x86)\ASUS\USB-AC51 WLAN Card Utilities\Common\RaUI.exe
O4 - Global Startup: GamePark klient 2.lnk = C:\Program Files\GamePark2\gpcl.exe
O4 - Global Startup: STK03N PNP Monitor.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwar ... PIDPDE.cab
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/softwar ... TSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASDR - Unknown owner - C:\Windows\SysWOW64\ASDR.exe
O23 - Service: ASUSWireless - Unknown owner - C:\Program Files (x86)\ASUS\USB-AC51 WLAN Card Utilities\Common\ASUSService.exe
O23 - Service: ATK Fast User Switch Service (ATKFUSService) - Unknown owner - C:\Windows\system32\ATKFUSService.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Služba Kaspersky Endpoint Security (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows SP1\avp.exe
O23 - Service: Kaspersky Seamless Update Service (avpsus) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows SP1\avpsus.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\SysWOW64\bgsvcgen.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: O&O Defrag (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: Origin Web Helper Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginWebHelperService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\ASUS\USB-AC51 WLAN Card Utilities\Common\RaRegistry64.exe
O23 - Service: Ralink UPnP Media Server (RaMediaServer) - Ralink - C:\Program Files (x86)\ASUS\USB-AC51 WLAN Card Utilities\Common\RaMediaServer.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAM Controller Service (ZAMSvc) - Copyright 2017. - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe

--
End of file - 11704 bytes
AMD Athlon X2 6000+ 3.0GHz, chladič Thermaltake BigTyp VP, 3GB DDRII 667 Corsair (2x512MB, 2x1GB), deska Asus M2N-SLI Deluxe nForce 570sli, gr. karta Asus 9800GTX+ 512MB, 3xHDD WD(250GB+200GB+1000GB), case Thermaltake Swing VB6000BWS, zdroj Corsair VX550W, 24" LCD Samsung T240HD

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosba o kontrolu

Příspěvekod jaro3 » 27 bře 2018 18:36

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Zdeněk\AppData\Roaming\Seznam.cz\szninstall.exe" -c


ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Co problémy?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
Zdena.Sladky
Level 3
Level 3
Příspěvky: 634
Registrován: srpen 06
Bydliště: Břeclav
Pohlaví: Muž
Stav:
Offline
Kontakt:

Re: Prosba o kontrolu

Příspěvekod Zdena.Sladky » 27 bře 2018 19:03

Píše mi, že Win nemůže ComboFix najít
AMD Athlon X2 6000+ 3.0GHz, chladič Thermaltake BigTyp VP, 3GB DDRII 667 Corsair (2x512MB, 2x1GB), deska Asus M2N-SLI Deluxe nForce 570sli, gr. karta Asus 9800GTX+ 512MB, 3xHDD WD(250GB+200GB+1000GB), case Thermaltake Swing VB6000BWS, zdroj Corsair VX550W, 24" LCD Samsung T240HD

Uživatelský avatar
Zdena.Sladky
Level 3
Level 3
Příspěvky: 634
Registrován: srpen 06
Bydliště: Břeclav
Pohlaví: Muž
Stav:
Offline
Kontakt:

Re: Prosba o kontrolu

Příspěvekod Zdena.Sladky » 27 bře 2018 19:21

Tak vše provedeno. Combofix nakonec odebral CCleaner. Jinak problémy nebyly v podstatě od chvíle, kdy jsme s čištěním začali - počítač jsem tehdy spustil v nouzovém režimu s nízkým rozlišením. Co jsem vygůglil, nvstor.sys je ovladač chipsetu nebo graf. karty, tak uvidím, až grafiku zase budu zatěžovat. Jinak se mi čištěním uvolnilo něco kolem 30Gb místa na disku, takže bylo PC zasviněno řádně. Ještě se zeptám, Zemanu si mám ponechat nebo můžu odinstalovat? Malwarebytes jsem dal pryč, protože se mi při stahování nezobrazila ta nabídka, jestli chci zkušební verzi, takže by mi to za pět dní končilo.
AMD Athlon X2 6000+ 3.0GHz, chladič Thermaltake BigTyp VP, 3GB DDRII 667 Corsair (2x512MB, 2x1GB), deska Asus M2N-SLI Deluxe nForce 570sli, gr. karta Asus 9800GTX+ 512MB, 3xHDD WD(250GB+200GB+1000GB), case Thermaltake Swing VB6000BWS, zdroj Corsair VX550W, 24" LCD Samsung T240HD

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosba o kontrolu

Příspěvekod jaro3 » 27 bře 2018 19:54

Zemana I Sophos můžeš odinstalovat.

Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt
Další odkazy:
http://ccm.net/download/download-24087-delfix
https://www.bleepingcomputer.com/download/delfix/

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
Zdena.Sladky
Level 3
Level 3
Příspěvky: 634
Registrován: srpen 06
Bydliště: Břeclav
Pohlaví: Muž
Stav:
Offline
Kontakt:

Re: Prosba o kontrolu

Příspěvekod Zdena.Sladky » 28 bře 2018 17:54

# DelFix v1.013 - Logfile created 28/03/2018 at 17:51:32
# Updated 17/04/2016 by Xplode
# Username : Zdeněk - SLADKY2
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\zoek_backup
Deleted : C:\TDSSKiller_Quarantine
Deleted : C:\AdwCleaner
Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hijackthis
Deleted : C:\Program Files (x86)\Trend Micro\Hijackthis
Deleted : C:\AdwCleaner[R1].txt
Deleted : C:\AdwCleaner[R2].txt
Deleted : C:\AdwCleaner[R3].txt
Deleted : C:\AdwCleaner[S1].txt
Deleted : C:\AdwCleaner[S2].txt
Deleted : C:\AdwCleaner[S3].txt
Deleted : C:\TCleaner.txt
Deleted : C:\zoek-results.log
Deleted : C:\zoek-results2018-03-22-160050.log
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hijackthis
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\HijackThis.exe
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Cleaning system restore ...

Deleted : RP #581 [Naplánovaný kontrolní bod | 03/14/2018 23:25:01]
Deleted : RP #582 [Installed WinThruster. | 03/17/2018 12:52:54]
Deleted : RP #584 [WinThruster (64-bit) Backup | 03/17/2018 12:59:58]
Deleted : RP #586 [WinThruster (64-bit) Backup | 03/17/2018 13:08:52]
Deleted : RP #587 [JRT Pre-Junkware Removal | 03/19/2018 15:02:08]
Deleted : RP #588 [Installed Sophos Virus Removal Tool. | 03/19/2018 15:23:55]
Deleted : RP #589 [zoek.exe restore point | 03/22/2018 15:58:40]
Deleted : RP #590 [Zemana AntiMalware 26.3.2018 17:19:55 | 03/26/2018 15:20:09]
Deleted : RP #591 [Operace obnovení | 03/26/2018 15:24:05]
Deleted : RP #592 [Zemana AntiMalware 26.3.2018 19:28:15 | 03/26/2018 17:28:16]
Deleted : RP #593 [Removed Sophos Virus Removal Tool. | 03/28/2018 15:43:45]

New restore point created !

########## - EOF - ##########
AMD Athlon X2 6000+ 3.0GHz, chladič Thermaltake BigTyp VP, 3GB DDRII 667 Corsair (2x512MB, 2x1GB), deska Asus M2N-SLI Deluxe nForce 570sli, gr. karta Asus 9800GTX+ 512MB, 3xHDD WD(250GB+200GB+1000GB), case Thermaltake Swing VB6000BWS, zdroj Corsair VX550W, 24" LCD Samsung T240HD

Uživatelský avatar
Zdena.Sladky
Level 3
Level 3
Příspěvky: 634
Registrován: srpen 06
Bydliště: Břeclav
Pohlaví: Muž
Stav:
Offline
Kontakt:

Re: Prosba o kontrolu  Vyřešeno

Příspěvekod Zdena.Sladky » 28 bře 2018 19:01

Žádné problémy se momentálně nevyskytují, takže fajfkuju. Každopádně mockrát děkuji za pomoc!!!
AMD Athlon X2 6000+ 3.0GHz, chladič Thermaltake BigTyp VP, 3GB DDRII 667 Corsair (2x512MB, 2x1GB), deska Asus M2N-SLI Deluxe nForce 570sli, gr. karta Asus 9800GTX+ 512MB, 3xHDD WD(250GB+200GB+1000GB), case Thermaltake Swing VB6000BWS, zdroj Corsair VX550W, 24" LCD Samsung T240HD


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 12 hostů