prosim o kontrolu,dik

Sekce věnovaná virům a jiným škodlivým kódům, rovněž ale nástrojům, kterým se lze proti nim bránit…

Moderátoři: Mods_senior, Security team

Odpovědět
peky
nováček
Příspěvky: 15
Registrován: leden 15
Pohlaví: Nespecifikováno
Stav:
Offline

prosim o kontrolu,dik

Příspěvekod peky » 30 led 2015 08:14

ComboFix 15-01-27.01 - jaro . 01. 2015 7:22.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1029.18.1900.446 [GMT 1:00]
Running from: c:\users\jaro\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\Documents\NTILiveUpdateV9.dll
c:\users\Public\Documents\NTIMMV9Acer.dll
c:\users\Public\Documents\NTIMMV9REGET.dll
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((((((( Files Created from 2014-12-27 to 2015-01-27 )))))))))))))))))))))))))))))))
.
.
2015-01-27 06:32 . 2015-01-27 06:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-01-26 15:20 . 2015-01-26 15:20 -------- d-----w- c:\programdata\GFI Software
2015-01-26 14:28 . 2012-09-20 04:11 61216 ----a-w- c:\windows\system32\drivers\sbhips.sys
2015-01-26 14:28 . 2012-09-20 04:11 258848 ----a-w- c:\windows\system32\drivers\SbFw.sys
2015-01-26 14:28 . 2012-09-12 19:19 120064 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2015-01-26 14:27 . 2015-01-26 15:19 -------- d-----w- c:\programdata\ParetoLogic
2015-01-26 13:45 . 2015-01-26 14:17 -------- d-----w- C:\AdwCleaner
2015-01-26 11:37 . 2015-01-26 11:37 -------- d-----w- c:\program files\CELOT-Wireless
2015-01-26 11:37 . 2010-07-17 08:33 185176 ----a-w- c:\windows\system32\drivers\XICTAVSP.sys
2015-01-26 11:37 . 2010-07-17 08:33 185176 ----a-w- c:\windows\system32\drivers\XICTANmea.sys
2015-01-26 11:37 . 2010-07-17 08:33 185176 ----a-w- c:\windows\system32\drivers\XICTAMDM.sys
2015-01-26 09:06 . 2015-01-26 09:06 -------- d-----w- c:\program files\Enigma Software Group
2015-01-26 04:24 . 2015-01-27 06:25 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB330182-B361-4F41-9DDA-B00F028CBACB}\offreg.dll
2015-01-25 20:38 . 2015-01-25 20:38 -------- d-----w- c:\program files (x86)\CELOT-Wireless
2015-01-23 11:44 . 2014-12-15 03:13 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB330182-B361-4F41-9DDA-B00F028CBACB}\mpengine.dll
2015-01-22 04:33 . 2015-01-22 04:41 -------- d-----w- c:\windows\system32\MRT
2015-01-21 08:07 . 2013-10-04 02:28 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2015-01-21 08:07 . 2013-10-04 02:25 197120 ----a-w- c:\windows\system32\credui.dll
2015-01-21 08:07 . 2013-10-04 01:58 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2015-01-21 08:07 . 2013-10-04 01:56 168960 ----a-w- c:\windows\SysWow64\credui.dll
2015-01-21 08:06 . 2013-07-12 10:41 185344 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2015-01-21 08:06 . 2013-07-12 10:41 100864 ----a-w- c:\windows\system32\drivers\usbcir.sys
2015-01-21 08:06 . 2014-12-13 05:09 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2015-01-21 08:06 . 2014-12-13 03:33 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2015-01-20 19:11 . 2015-01-20 19:30 -------- d-----w- c:\program files (x86)\PKR
2015-01-20 08:39 . 2015-01-20 08:39 -------- d-----w- c:\program files (x86)\Common Files\Skype
2015-01-20 08:39 . 2015-01-20 08:39 -------- d-----r- c:\program files (x86)\Skype
2015-01-20 07:48 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2015-01-20 07:48 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2015-01-20 05:05 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-01-20 05:05 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-01-20 05:05 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2015-01-20 05:05 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2015-01-20 04:37 . 2014-11-11 03:09 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-01-20 04:37 . 2014-11-11 02:44 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-01-20 03:31 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2015-01-20 03:31 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2015-01-20 03:28 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2015-01-20 03:28 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2015-01-20 03:28 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2015-01-19 22:06 . 2015-01-19 22:06 -------- d-----w- c:\program files\Adblock Plus for IE
2015-01-19 17:35 . 2015-01-19 17:35 -------- d-----w- c:\programdata\BlueStacks
2015-01-19 16:53 . 2013-10-14 17:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2015-01-19 16:34 . 2015-01-19 16:34 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-01-19 15:42 . 2015-01-19 15:42 -------- d-----w- c:\program files\Microsoft Silverlight
2015-01-19 15:42 . 2015-01-19 15:42 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2015-01-19 13:25 . 2015-01-19 13:25 -------- d-s---w- c:\windows\system32\CompatTel
2015-01-19 13:25 . 2015-01-19 13:25 -------- d-----w- c:\windows\system32\appraiser
2015-01-19 13:21 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2015-01-19 13:21 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2015-01-19 13:21 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2015-01-19 13:21 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2015-01-19 13:21 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2015-01-19 12:04 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2015-01-19 12:04 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2015-01-19 11:02 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2015-01-19 11:02 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2015-01-19 11:01 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2015-01-19 11:01 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2015-01-19 11:01 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2015-01-19 11:01 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2015-01-19 11:01 . 2014-12-01 23:28 1232040 ----a-w- c:\windows\system32\aitstatic.exe
2015-01-19 11:01 . 2014-12-04 02:50 413184 ----a-w- c:\windows\system32\generaltel.dll
2015-01-19 11:01 . 2014-12-04 02:50 741376 ----a-w- c:\windows\system32\invagent.dll
2015-01-19 11:01 . 2014-12-04 02:50 396800 ----a-w- c:\windows\system32\devinv.dll
2015-01-19 11:01 . 2014-12-04 02:50 192000 ----a-w- c:\windows\system32\aepic.dll
2015-01-19 11:01 . 2014-12-04 02:44 1083392 ----a-w- c:\windows\system32\aeinv.dll
2015-01-19 11:01 . 2014-12-04 02:50 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-01-19 10:59 . 2014-06-03 10:02 1719296 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2015-01-19 10:59 . 2014-06-03 10:02 1389568 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2015-01-19 10:59 . 2014-06-03 10:02 1380864 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2015-01-19 10:59 . 2014-06-03 10:02 1354240 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2015-01-19 10:59 . 2014-06-03 09:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2015-01-19 10:59 . 2014-04-25 02:34 801280 ----a-w- c:\windows\system32\usp10.dll
2015-01-19 10:59 . 2014-04-25 02:06 626688 ----a-w- c:\windows\SysWow64\usp10.dll
2015-01-19 10:59 . 2011-11-17 05:35 314880 ----a-w- c:\windows\SysWow64\webio.dll
2015-01-19 10:59 . 2011-11-17 06:35 395776 ----a-w- c:\windows\system32\webio.dll
2015-01-19 10:59 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2015-01-19 10:59 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2015-01-19 10:18 . 2014-01-29 02:32 484864 ----a-w- c:\windows\system32\wer.dll
2015-01-19 10:18 . 2014-01-29 02:06 381440 ----a-w- c:\windows\SysWow64\wer.dll
2015-01-19 10:18 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll
2015-01-19 10:18 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2015-01-19 10:18 . 2014-04-05 02:47 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2015-01-19 10:18 . 2014-04-05 02:47 288192 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2015-01-19 10:18 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2015-01-19 10:14 . 2014-10-14 02:13 683520 ----a-w- c:\windows\system32\termsrv.dll
2015-01-19 10:14 . 2014-10-14 02:07 681984 ----a-w- c:\windows\system32\adtschema.dll
2015-01-19 10:14 . 2014-10-14 01:46 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
2015-01-19 10:14 . 2014-10-14 02:09 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-01-19 10:14 . 2014-10-14 01:47 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2015-01-19 10:13 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2015-01-19 10:13 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2015-01-19 10:13 . 2014-12-06 04:17 303616 ----a-w- c:\windows\system32\nlasvc.dll
2015-01-19 10:13 . 2014-12-06 03:50 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2015-01-19 10:13 . 2014-12-06 03:50 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2015-01-19 10:13 . 2014-03-26 14:44 2002432 ----a-w- c:\windows\system32\msxml6.dll
2015-01-19 10:13 . 2014-03-26 14:41 2048 ----a-w- c:\windows\system32\msxml6r.dll
2015-01-19 10:13 . 2014-03-26 14:27 1389056 ----a-w- c:\windows\SysWow64\msxml6.dll
2015-01-19 10:13 . 2014-03-26 14:25 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll
2015-01-19 10:11 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
2015-01-19 10:04 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2015-01-19 10:04 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2015-01-19 10:04 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2015-01-19 10:04 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2015-01-19 10:04 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2015-01-19 10:04 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2015-01-19 10:04 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2015-01-19 10:04 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2015-01-19 10:04 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
2015-01-19 10:03 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2015-01-19 10:03 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2015-01-19 10:03 . 2014-06-06 10:10 624128 ----a-w- c:\windows\system32\qedit.dll
2015-01-19 10:03 . 2014-06-06 09:44 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2015-01-19 10:02 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2015-01-19 10:02 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2015-01-19 10:02 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2015-01-19 10:02 . 2014-05-30 06:45 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2015-01-19 09:56 . 2014-03-04 09:44 722944 ----a-w- c:\windows\system32\objsel.dll
2015-01-19 09:54 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2015-01-19 09:49 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll
2015-01-19 09:49 . 2014-09-25 01:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2015-01-19 09:49 . 2014-08-12 02:02 878080 ----a-w- c:\windows\system32\IMJP10K.DLL
2015-01-19 09:49 . 2014-08-12 01:36 701440 ----a-w- c:\windows\SysWow64\IMJP10K.DLL
2015-01-19 09:40 . 2015-01-19 09:40 -------- d-----w- c:\windows\SysWow64\Wat
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-24 20:24 . 2011-10-13 13:51 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-19 16:47 . 2015-01-19 16:47 243200 ----a-w- c:\windows\system32\webcheck.dll
2015-01-19 16:47 . 2015-01-19 16:47 208384 ----a-w- c:\windows\SysWow64\webcheck.dll
2015-01-18 21:55 . 2015-01-18 21:55 2560 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\qwavedrv.sys.mui
2015-01-18 21:55 . 2015-01-18 21:55 5632 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\ndiscap.sys.mui
2015-01-18 21:55 . 2015-01-18 21:55 2560 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\scfilter.sys.mui
2015-01-18 21:55 . 2015-01-18 21:55 50176 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\tcpip.sys.mui
2015-01-18 21:55 . 2015-01-18 21:55 27136 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\bfe.dll.mui
2015-01-18 21:55 . 2015-01-18 21:55 15360 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\pacer.sys.mui
2015-01-18 14:15 . 2011-03-29 01:36 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2015-01-08 08:55 . 2010-11-21 03:27 298120 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-14 1081424]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-09-20 341360]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-08-26 177448]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-18 5227112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SBAMSvc;XoftSpy AntiVirus Pro;c:\program files (x86)\ParetoLogic\XoftSpy AntiVirus Pro\SBAMSvc.exe;c:\program files (x86)\ParetoLogic\XoftSpy AntiVirus Pro\SBAMSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys;c:\windows\SYSNATIVE\DRIVERS\sbfwim.sys [x]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys;c:\windows\SYSNATIVE\drivers\sbhips.sys [x]
R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys;c:\windows\SYSNATIVE\DRIVERS\sbwtis.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys;c:\windows\SYSNATIVE\drivers\SbFw.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys;c:\windows\SYSNATIVE\DRIVERS\sbapifs.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys;c:\windows\SYSNATIVE\DRIVERS\SBFWIM.sys [x]
S3 XICTAMDM;CELOT-W USB MODEM Driver;c:\windows\system32\DRIVERS\XICTAMDM.sys;c:\windows\SYSNATIVE\DRIVERS\XICTAMDM.sys [x]
S3 XICTANmea;CELOT-W NMEA Device Driver(WDM);c:\windows\system32\DRIVERS\XICTANmea.sys;c:\windows\SYSNATIVE\DRIVERS\XICTANmea.sys [x]
S3 XICTAVSP;CELOT-W DM Interface Driver(WDM);c:\windows\system32\DRIVERS\XICTAVSP.sys;c:\windows\SYSNATIVE\DRIVERS\XICTAVSP.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-01-27 05:53 1086280 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.93\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-01-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-18 20:24]
.
2015-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-18 14:42]
.
2015-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-18 14:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-01-18 14:41 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-01-26 368728]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-09 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-09 391960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-09 419096]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-08-02 1831016]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: Interfaces\{6028BFEF-0114-41B3-995D-8B64D5A2222C}: NameServer = 78.136.128.4 78.136.128.12
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_296_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_296_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-01-27 07:37:29
ComboFix-quarantined-files.txt 2015-01-27 06:37
.
Pre-Run: Volných bajtů: 257 669 496 832
Post-Run: Volných bajtů: 257 770 397 696
.
- - End Of File - - 6B646BBEC4596D057883A28DBD8A3EBC
v
Nahoru
Reklama
Top
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43294
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: prosim o kontrolu,dik

Příspěvekod jaro3 » 30 led 2015 09:05

Ten , kdo Ti poradil Combofix by asi měl vědět , jak dál..
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
Odpovědět

Zpět na “Viry, antiviry, firewally…”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 2 hosti