Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by 1234 on čt 03. 11. 2016 at 20:20:02,53.
Systém Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\1234\Plocha\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2016-03-14-225613.log 7713 bytes
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Empty Folders Check ======================
C:\Program Files\NETGATE deleted successfully
C:\Program Files\Sugar Bytes deleted successfully
C:\Program Files\Ubisoft deleted successfully
C:\Documents and Settings\All Users\Nabídka Start\Programy\Game Booster 3 deleted successfully
C:\DOCUME~1\ALLUSE~1\DATAAP~1\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\DOCUME~1\ALLUSE~1\DATAAP~1\NETGATE deleted successfully
C:\Documents and Settings\1234\Data aplikací\Loc deleted successfully
C:\Documents and Settings\1234\Data aplikací\Sunbelt deleted successfully
C:\Documents and Settings\Adam\Data aplikací\Irritated Love deleted successfully
C:\Documents and Settings\Adam\Data aplikací\ProductData deleted successfully
C:\Documents and Settings\Adam\Data aplikací\Purposeful Wisdom deleted successfully
C:\Documents and Settings\Adam\Data aplikací\Quizzical Wealth deleted successfully
C:\Documents and Settings\znk\Data aplikací\ProductData deleted successfully
C:\Documents and Settings\1234\Local Settings\Data aplikací\WMTools Downloaded Files deleted successfully
C:\Documents and Settings\Adam\Local Settings\Data aplikací\Skype deleted successfully
C:\Documents and Settings\Adam\Local Settings\Data aplikací\WMTools Downloaded Files deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\Program Files\Dictionary by not found
C:\Program Files\NETGATE not found
C:\Program Files\Sugar Bytes not found
C:\Program Files\Ubisoft not found
C:\DOCUME~1\ALLUSE~1\DATAAP~1\Malwarebytes' Anti-Malware (portable) not found
C:\Program Files\Counter-Strike 1.6 Standalone deleted
C:\OTM.exe deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\ProductData deleted
C:\Documents and Settings\Adam\Local Settings\Data aplikací\d3d9caps.tmp deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox" [25. 03. 2016 23:55]
==== Fake Chromium Profiles Check ======================
Fake profile C:\Documents and Settings\znk\Local Settings\Data aplikací\Google\Chrome deleted
==== Chromium Look ======================
Google Chrome Version: 46.0.2490.86
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eahebamiopdhefndnmappcihfajigkka - https://chrome.google.com/webstore/deta ... ihfajigkka[]
Comodo Drag&Drop Service - 1234\Local Settings\Data aplikací\Comodo\Chromodo\User Data\Default\Extensions\aneodkojaglhnkkdbbdnmmmgimlcaogo
Comodo Web Inspector - 1234\Local Settings\Data aplikací\Comodo\Chromodo\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn
Comodo Media Downloader - 1234\Local Settings\Data aplikací\Comodo\Chromodo\User Data\Default\Extensions\dihmnpngfonlhjmgkflpnibiaaliendo
Comodo Drag&Drop Service - Adam\Local Settings\Data aplikací\COMODO\Chromodo\User Data\Default\Extensions\aneodkojaglhnkkdbbdnmmmgimlcaogo
Comodo Web Inspector - Adam\Local Settings\Data aplikací\COMODO\Chromodo\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn
Comodo Media Downloader - Adam\Local Settings\Data aplikací\COMODO\Chromodo\User Data\Default\Extensions\dihmnpngfonlhjmgkflpnibiaaliendo
Comodo Drag&Drop Service - Adam\Local Settings\Data aplikací\COMODO\Dragon\User Data\Profile 1\Extensions\aneodkojaglhnkkdbbdnmmmgimlcaogo
Comodo Web Inspector - Adam\Local Settings\Data aplikací\COMODO\Dragon\User Data\Profile 1\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn
Comodo Media Downloader - Adam\Local Settings\Data aplikací\COMODO\Dragon\User Data\Profile 1\Extensions\dihmnpngfonlhjmgkflpnibiaaliendo
Comodo Dragon Browser Light Theme - Adam\Local Settings\Data aplikací\COMODO\Dragon\User Data\Profile 1\Extensions\kglppafajjeikfgmjjegogphhkjnnmgc
Comodo Drag&Drop Service - Administrator\Local Settings\Data aplikací\Comodo\Chromodo\User Data\Default\Extensions\aneodkojaglhnkkdbbdnmmmgimlcaogo
Comodo Web Inspector - Administrator\Local Settings\Data aplikací\Comodo\Chromodo\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn
Comodo Media Downloader - Administrator\Local Settings\Data aplikací\Comodo\Chromodo\User Data\Default\Extensions\dihmnpngfonlhjmgkflpnibiaaliendo
Comodo Drag&Drop Service - Administrator\Local Settings\Data aplikací\Comodo\Dragon\User Data\Default\Extensions\aneodkojaglhnkkdbbdnmmmgimlcaogo
Comodo Web Inspector - Administrator\Local Settings\Data aplikací\Comodo\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn
Comodo Media Downloader - Administrator\Local Settings\Data aplikací\Comodo\Dragon\User Data\Default\Extensions\dihmnpngfonlhjmgkflpnibiaaliendo
Comodo Dragon Browser Light Theme - Administrator\Local Settings\Data aplikací\Comodo\Dragon\User Data\Default\Extensions\kglppafajjeikfgmjjegogphhkjnnmgc
Ad Sanitizer - Administrator\Local Settings\Data aplikací\Comodo\Dragon\User Data\Default\Extensions\mbklemiimcpdblemkogjenikmcfhpnib
Comodo Drag&Drop Service - znk\Local Settings\Data aplikací\Comodo\Chromodo\User Data\Default\Extensions\aneodkojaglhnkkdbbdnmmmgimlcaogo
Comodo Web Inspector - znk\Local Settings\Data aplikací\Comodo\Chromodo\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn
Comodo Media Downloader - znk\Local Settings\Data aplikací\Comodo\Chromodo\User Data\Default\Extensions\dihmnpngfonlhjmgkflpnibiaaliendo
==== Chromium Fix ======================
C:\Documents and Settings\1234\Local Settings\Data aplikací\Comodo\Chromodo\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Documents and Settings\1234\Local Settings\Data aplikací\Comodo\Chromodo\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Documents and Settings\1234\Local Settings\Data aplikací\Comodo\Chromodo\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Documents and Settings\1234\Local Settings\Data aplikací\Comodo\Chromodo\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKLM and HKCU SearchScopes ======================
HKLM\SearchScopes "DefaultScope"=""
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
==== Reset Google Chrome ======================
C:\Documents and Settings\1234\Local Settings\Data aplikací\Comodo\Chromodo\User Data\Default\Preferences was reset successfully
C:\Documents and Settings\1234\Local Settings\Data aplikací\Comodo\Chromodo\User Data\Default\Secure Preferences was reset successfully
C:\Documents and Settings\1234\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Documents and Settings\1234\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Documents and Settings\Adam\Local Settings\Data aplikací\COMODO\Chromodo\User Data\Default\Preferences was reset successfully
C:\Documents and Settings\Adam\Local Settings\Data aplikací\COMODO\Chromodo\User Data\Default\Secure Preferences was reset successfully
C:\Documents and Settings\Adam\Local Settings\Data aplikací\COMODO\Dragon\User Data\Default\Preferences was reset successfully
C:\Documents and Settings\Adam\Local Settings\Data aplikací\COMODO\Dragon\User Data\Profile 1\Preferences was reset successfully
C:\Documents and Settings\Adam\Local Settings\Data aplikací\COMODO\Dragon\User Data\Profile 1\Secure Preferences was reset successfully
C:\Documents and Settings\Adam\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Documents and Settings\Adam\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Comodo\Chromodo\User Data\Default\Preferences was reset successfully
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Comodo\Chromodo\User Data\Default\Secure Preferences was reset successfully
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Comodo\Dragon\User Data\Default\Preferences was reset successfully
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Comodo\Dragon\User Data\Default\Secure Preferences was reset successfully
C:\Documents and Settings\znk\Local Settings\Data aplikací\Comodo\Chromodo\User Data\Default\Preferences was reset successfully
C:\Documents and Settings\znk\Local Settings\Data aplikací\Comodo\Chromodo\User Data\Default\Secure Preferences was reset successfully
C:\Documents and Settings\1234\Local Settings\Data aplikací\Comodo\Chromodo\User Data\Default\Web Data was reset successfully
C:\Documents and Settings\1234\Local Settings\Data aplikací\Comodo\Chromodo\User Data\Default\Web Data-journal was reset successfully
C:\Documents and Settings\1234\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Documents and Settings\Adam\Local Settings\Data aplikací\COMODO\Chromodo\User Data\Default\Web Data was reset successfully
C:\Documents and Settings\Adam\Local Settings\Data aplikací\COMODO\Chromodo\User Data\Default\Web Data-journal was reset successfully
C:\Documents and Settings\Adam\Local Settings\Data aplikací\COMODO\Dragon\User Data\Default\Web Data was reset successfully
C:\Documents and Settings\Adam\Local Settings\Data aplikací\COMODO\Dragon\User Data\Profile 1\Web Data was reset successfully
C:\Documents and Settings\Adam\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Comodo\Chromodo\User Data\Default\Web Data was reset successfully
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Comodo\Chromodo\User Data\Default\Web Data-journal was reset successfully
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Comodo\Dragon\User Data\Default\Web Data was reset successfully
C:\Documents and Settings\znk\Local Settings\Data aplikací\Comodo\Chromodo\User Data\Default\Web Data was reset successfully
C:\Documents and Settings\znk\Local Settings\Data aplikací\Comodo\Chromodo\User Data\Default\Web Data-journal was reset successfully
==== Empty IE Cache ======================
C:\Documents and Settings\Adam\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\1234\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Documents and Settings\1234\Local Settings\Data aplikací\Comodo\Chromodo\User Data\Default\Cache emptied successfully
C:\Documents and Settings\1234\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Documents and Settings\Adam\Local Settings\Data aplikací\COMODO\Chromodo\User Data\Default\Cache emptied successfully
C:\Documents and Settings\Adam\Local Settings\Data aplikací\COMODO\Dragon\User Data\Profile 1\Cache emptied successfully
C:\Documents and Settings\Adam\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Comodo\Chromodo\User Data\Default\Cache emptied successfully
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Comodo\Dragon\User Data\Default\Cache emptied successfully
C:\Documents and Settings\znk\Local Settings\Data aplikací\Comodo\Chromodo\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=11537 folders=900 3354498189 bytes)
==== Empty Temp Folders ======================
C:\Documents and Settings\1234\Local Settings\temp will be emptied at reboot
C:\Documents and Settings\Adam\Local Settings\Temp emptied successfully
C:\Documents and Settings\Administrator\Local Settings\temp emptied successfully
C:\Documents and Settings\Default User\Local Settings\temp emptied successfully
C:\Documents and Settings\LocalService\Local Settings\temp emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\temp emptied successfully
C:\Documents and Settings\znk\Local Settings\temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\1234\LOCALS~1\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\RECYCLER successfully emptied
==== Deleting Files / Folders ======================
"C:\Documents and Settings\1234\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
==== EOF on źt 03. 11. 2016 at 20:34:30,12 ======================
Trojan-Banker Vyřešeno
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Trojan-Banker
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Trojan-Banker
ComboFix 16-10-23.01 - 1234 . 11. 2016 23:10:45.4.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2726 [GMT 1:00]
Spuštěný z: c:\documents and settings\1234\Dokumenty\Downloads\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\1234\Plocha\Setup.exe
c:\windows\system32\AdobePDF.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-10-04 do 2016-11-04 )))))))))))))))))))))))))))))))
.
.
2016-11-03 19:35 . 2016-11-03 19:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ProductData
2016-11-03 19:35 . 2016-11-03 19:35 -------- d-----w- c:\documents and settings\1234\Data aplikací\ProductData
2016-11-03 19:33 . 2016-11-03 19:20 24064 ----a-w- c:\windows\zoek-delete.exe
2016-11-02 22:18 . 2016-11-02 22:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Sophos
2016-11-02 22:17 . 2016-11-02 22:17 -------- d-----w- c:\program files\Sophos
2016-10-24 23:13 . 2016-10-24 23:13 -------- d-----w- c:\program files\Codemasters
2016-10-15 16:05 . 2016-10-31 17:45 -------- d-----w- c:\documents and settings\1234\Data aplikací\TS3Client
2016-10-15 14:00 . 2016-10-15 14:00 -------- d-----w- c:\documents and settings\1234\Local Settings\Data aplikací\CEF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-11-03 05:30 . 2016-03-10 22:15 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-09-24 20:36 . 2016-09-24 20:36 141768 ----a-w- c:\windows\system32\vpncmd.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-06-01 6405912]
"Adobe Reader Synchronizer"="c:\program files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe" [2014-05-08 746376]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2015-03-31 4557552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-10-29 15678752]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Battle.net\\Battle.net.exe"=
"c:\\Program Files\\Hearthstone\\Hearthstone.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\Adam\\Data aplikací\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetService\\NvNetworkService.exe"=
"c:\\Program Files\\Microsoft Visual Studio\\Common\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"c:\\Python23\\pythonw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Games\\World_of_Tanks\\WoTLauncher.exe"=
"c:\\Games\\World_of_Tanks\\WorldOfTanks.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 cm_km;Kaspersky Lab ZAO Cryptographic Module x86 (Weak);c:\windows\system32\drivers\cm_km.sys [6. 7. 2015 0:10 201912]
R0 klbackupdisk;Kaspersky Lab klbackupdisk;c:\windows\system32\drivers\klbackupdisk.sys [6. 6. 2015 8:50 46776]
R0 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [27. 3. 2016 20:21 15688]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [1. 5. 2015 21:39 23840]
R1 klbackupflt;Kaspersky Lab klbackupflt;c:\windows\system32\drivers\klbackupflt.sys [27. 6. 2015 0:00 57712]
R1 klhk;Kaspersky Lab service driver;c:\windows\system32\drivers\klhk.sys [25. 3. 2016 23:32 44216]
R1 klpd;Kaspersky Lab format recognizer driver;c:\windows\system32\drivers\klpd.sys [6. 12. 2015 11:23 39304]
R1 kltdf;kltdf;c:\windows\system32\drivers\kltdf.sys [10. 6. 2015 18:16 73912]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [11. 6. 2015 15:52 54328]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [23. 6. 2015 18:30 156856]
R1 uzmymzq1;AVZ-RK Kernel Driver;c:\windows\system32\drivers\uzmymzq1.sys [27. 1. 2016 0:52 11264]
R2 KaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\KaraokeSer.exe [2. 5. 2015 3:11 88696]
R2 kldisk;kldisk;c:\windows\system32\drivers\kldisk.sys [6. 6. 2015 8:48 66976]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12. 3. 2016 3:10 701512]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [21. 8. 2011 21:56 35088]
R2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [25. 12. 2015 23:24 1872504]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [31. 3. 2015 7:30 1023728]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\drivers\dtlitescsibus.sys [2. 5. 2015 13:14 25104]
R3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\drivers\klflt.sys [25. 3. 2016 23:32 150408]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [19. 4. 2013 10:44 36448]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [4. 6. 2015 16:38 36024]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [7. 6. 2015 1:44 37040]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12. 3. 2016 2:51 21104]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2. 5. 2015 3:11 2561968]
S2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [31. 5. 2016 11:58 2934048]
S3 AVP16.0.0;Služba Kaspersky Anti-Virus 16.0.0;c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe [6. 12. 2015 11:23 194000]
S3 cpuz138;cpuz138; [x]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\NCSOFT\BnS\bin\GameGuard\dump_wmimmc.sys --> c:\program files\NCSOFT\BnS\bin\GameGuard\dump_wmimmc.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [27. 3. 2016 20:21 10320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-03-14 21:28 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.87\Installer\chrmstp.exe
.
.
------- Doplňkový sken -------
.
mStart Page = about:blank
uSearchAssistant = about:blank
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
TCP: DhcpNameServer = 192.168.0.1
.
.
------- Asociace souborů -------
.
inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-30754490.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-11-04 23:18
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(4056)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Comodo\Chromodo\chromodo_updater.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\IObit\IObit Uninstaller\UninstallMonitor.exe
.
**************************************************************************
.
Celkový čas: 2016-11-04 23:22:08 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-11-04 22:22
ComboFix2.txt 2016-03-17 20:38
ComboFix3.txt 2016-03-16 13:50
ComboFix4.txt 2016-03-15 09:04
.
Před spuštěním: Volných bajtů: 1 730 676 424 704
Po spuštění: Volných bajtů: 1 730 591 567 872
.
- - End Of File - - 8340675BAEA1F46D52873155FAA8A8E9
671B81004FDD1588FA9ED1331C9CECA9
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2726 [GMT 1:00]
Spuštěný z: c:\documents and settings\1234\Dokumenty\Downloads\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\1234\Plocha\Setup.exe
c:\windows\system32\AdobePDF.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-10-04 do 2016-11-04 )))))))))))))))))))))))))))))))
.
.
2016-11-03 19:35 . 2016-11-03 19:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ProductData
2016-11-03 19:35 . 2016-11-03 19:35 -------- d-----w- c:\documents and settings\1234\Data aplikací\ProductData
2016-11-03 19:33 . 2016-11-03 19:20 24064 ----a-w- c:\windows\zoek-delete.exe
2016-11-02 22:18 . 2016-11-02 22:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Sophos
2016-11-02 22:17 . 2016-11-02 22:17 -------- d-----w- c:\program files\Sophos
2016-10-24 23:13 . 2016-10-24 23:13 -------- d-----w- c:\program files\Codemasters
2016-10-15 16:05 . 2016-10-31 17:45 -------- d-----w- c:\documents and settings\1234\Data aplikací\TS3Client
2016-10-15 14:00 . 2016-10-15 14:00 -------- d-----w- c:\documents and settings\1234\Local Settings\Data aplikací\CEF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-11-03 05:30 . 2016-03-10 22:15 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-09-24 20:36 . 2016-09-24 20:36 141768 ----a-w- c:\windows\system32\vpncmd.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-06-01 6405912]
"Adobe Reader Synchronizer"="c:\program files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe" [2014-05-08 746376]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2015-03-31 4557552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-10-29 15678752]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Battle.net\\Battle.net.exe"=
"c:\\Program Files\\Hearthstone\\Hearthstone.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\Adam\\Data aplikací\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetService\\NvNetworkService.exe"=
"c:\\Program Files\\Microsoft Visual Studio\\Common\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"c:\\Python23\\pythonw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Games\\World_of_Tanks\\WoTLauncher.exe"=
"c:\\Games\\World_of_Tanks\\WorldOfTanks.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 cm_km;Kaspersky Lab ZAO Cryptographic Module x86 (Weak);c:\windows\system32\drivers\cm_km.sys [6. 7. 2015 0:10 201912]
R0 klbackupdisk;Kaspersky Lab klbackupdisk;c:\windows\system32\drivers\klbackupdisk.sys [6. 6. 2015 8:50 46776]
R0 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [27. 3. 2016 20:21 15688]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [1. 5. 2015 21:39 23840]
R1 klbackupflt;Kaspersky Lab klbackupflt;c:\windows\system32\drivers\klbackupflt.sys [27. 6. 2015 0:00 57712]
R1 klhk;Kaspersky Lab service driver;c:\windows\system32\drivers\klhk.sys [25. 3. 2016 23:32 44216]
R1 klpd;Kaspersky Lab format recognizer driver;c:\windows\system32\drivers\klpd.sys [6. 12. 2015 11:23 39304]
R1 kltdf;kltdf;c:\windows\system32\drivers\kltdf.sys [10. 6. 2015 18:16 73912]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [11. 6. 2015 15:52 54328]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [23. 6. 2015 18:30 156856]
R1 uzmymzq1;AVZ-RK Kernel Driver;c:\windows\system32\drivers\uzmymzq1.sys [27. 1. 2016 0:52 11264]
R2 KaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\KaraokeSer.exe [2. 5. 2015 3:11 88696]
R2 kldisk;kldisk;c:\windows\system32\drivers\kldisk.sys [6. 6. 2015 8:48 66976]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12. 3. 2016 3:10 701512]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [21. 8. 2011 21:56 35088]
R2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [25. 12. 2015 23:24 1872504]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [31. 3. 2015 7:30 1023728]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\drivers\dtlitescsibus.sys [2. 5. 2015 13:14 25104]
R3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\drivers\klflt.sys [25. 3. 2016 23:32 150408]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [19. 4. 2013 10:44 36448]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [4. 6. 2015 16:38 36024]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [7. 6. 2015 1:44 37040]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12. 3. 2016 2:51 21104]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2. 5. 2015 3:11 2561968]
S2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [31. 5. 2016 11:58 2934048]
S3 AVP16.0.0;Služba Kaspersky Anti-Virus 16.0.0;c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe [6. 12. 2015 11:23 194000]
S3 cpuz138;cpuz138; [x]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\NCSOFT\BnS\bin\GameGuard\dump_wmimmc.sys --> c:\program files\NCSOFT\BnS\bin\GameGuard\dump_wmimmc.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [27. 3. 2016 20:21 10320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-03-14 21:28 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.87\Installer\chrmstp.exe
.
.
------- Doplňkový sken -------
.
mStart Page = about:blank
uSearchAssistant = about:blank
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
TCP: DhcpNameServer = 192.168.0.1
.
.
------- Asociace souborů -------
.
inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-30754490.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-11-04 23:18
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(4056)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Comodo\Chromodo\chromodo_updater.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\IObit\IObit Uninstaller\UninstallMonitor.exe
.
**************************************************************************
.
Celkový čas: 2016-11-04 23:22:08 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-11-04 22:22
ComboFix2.txt 2016-03-17 20:38
ComboFix3.txt 2016-03-16 13:50
ComboFix4.txt 2016-03-15 09:04
.
Před spuštěním: Volných bajtů: 1 730 676 424 704
Po spuštění: Volných bajtů: 1 730 591 567 872
.
- - End Of File - - 8340675BAEA1F46D52873155FAA8A8E9
671B81004FDD1588FA9ED1331C9CECA9
-
Orcus
- člen Security týmu
-
Elite Level 10.5
- Příspěvky: 10645
- Registrován: duben 10
- Bydliště: Okolo rostou 3 růže =o)
- Pohlaví:
- Stav:
Offline
Re: Trojan-Banker
Combofix ještě jednou a z Plochy, jak je psáno v návodu prosím. 
"Spuštěný z: c:\documents and settings\1234\Dokumenty\Downloads\ComboFix.exe"
"Spuštěný z: c:\documents and settings\1234\Dokumenty\Downloads\ComboFix.exe"
Láska hřeje, ale uhlí je uhlí. 
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Re: Trojan-Banker
ComboFix 16-10-23.01 - 1234 . 11. 2016 10:14:35.5.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2760 [GMT 1:00]
Spuštěný z: c:\documents and settings\1234\Plocha\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-10-05 do 2016-11-05 )))))))))))))))))))))))))))))))
.
.
2016-11-03 19:35 . 2016-11-03 19:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ProductData
2016-11-03 19:35 . 2016-11-03 19:35 -------- d-----w- c:\documents and settings\1234\Data aplikací\ProductData
2016-11-03 19:33 . 2016-11-03 19:20 24064 ----a-w- c:\windows\zoek-delete.exe
2016-11-02 22:18 . 2016-11-02 22:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Sophos
2016-11-02 22:17 . 2016-11-02 22:17 -------- d-----w- c:\program files\Sophos
2016-10-24 23:13 . 2016-10-24 23:13 -------- d-----w- c:\program files\Codemasters
2016-10-15 16:05 . 2016-10-31 17:45 -------- d-----w- c:\documents and settings\1234\Data aplikací\TS3Client
2016-10-15 14:00 . 2016-10-15 14:00 -------- d-----w- c:\documents and settings\1234\Local Settings\Data aplikací\CEF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-11-03 05:30 . 2016-03-10 22:15 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-09-24 20:36 . 2016-09-24 20:36 141768 ----a-w- c:\windows\system32\vpncmd.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-06-01 6405912]
"Adobe Reader Synchronizer"="c:\program files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe" [2014-05-08 746376]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2015-03-31 4557552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-10-29 15678752]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Battle.net\\Battle.net.exe"=
"c:\\Program Files\\Hearthstone\\Hearthstone.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\Adam\\Data aplikací\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetService\\NvNetworkService.exe"=
"c:\\Program Files\\Microsoft Visual Studio\\Common\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"c:\\Python23\\pythonw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Games\\World_of_Tanks\\WoTLauncher.exe"=
"c:\\Games\\World_of_Tanks\\WorldOfTanks.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 cm_km;Kaspersky Lab ZAO Cryptographic Module x86 (Weak);c:\windows\system32\drivers\cm_km.sys [6. 7. 2015 0:10 201912]
R0 klbackupdisk;Kaspersky Lab klbackupdisk;c:\windows\system32\drivers\klbackupdisk.sys [6. 6. 2015 8:50 46776]
R0 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [27. 3. 2016 20:21 15688]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [1. 5. 2015 21:39 23840]
R1 klbackupflt;Kaspersky Lab klbackupflt;c:\windows\system32\drivers\klbackupflt.sys [27. 6. 2015 0:00 57712]
R1 klhk;Kaspersky Lab service driver;c:\windows\system32\drivers\klhk.sys [25. 3. 2016 23:32 44216]
R1 klpd;Kaspersky Lab format recognizer driver;c:\windows\system32\drivers\klpd.sys [6. 12. 2015 11:23 39304]
R1 kltdf;kltdf;c:\windows\system32\drivers\kltdf.sys [10. 6. 2015 18:16 73912]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [11. 6. 2015 15:52 54328]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [23. 6. 2015 18:30 156856]
R1 uzmymzq1;AVZ-RK Kernel Driver;c:\windows\system32\drivers\uzmymzq1.sys [27. 1. 2016 0:52 11264]
R2 KaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\KaraokeSer.exe [2. 5. 2015 3:11 88696]
R2 kldisk;kldisk;c:\windows\system32\drivers\kldisk.sys [6. 6. 2015 8:48 66976]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [21. 8. 2011 21:56 35088]
R2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [25. 12. 2015 23:24 1872504]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [31. 3. 2015 7:30 1023728]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\drivers\dtlitescsibus.sys [2. 5. 2015 13:14 25104]
R3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\drivers\klflt.sys [25. 3. 2016 23:32 150408]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [19. 4. 2013 10:44 36448]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [4. 6. 2015 16:38 36024]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [7. 6. 2015 1:44 37040]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2. 5. 2015 3:11 2561968]
S2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [31. 5. 2016 11:58 2934048]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12. 3. 2016 3:10 701512]
S3 AVP16.0.0;Služba Kaspersky Anti-Virus 16.0.0;c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe [6. 12. 2015 11:23 194000]
S3 cpuz138;cpuz138; [x]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\NCSOFT\BnS\bin\GameGuard\dump_wmimmc.sys --> c:\program files\NCSOFT\BnS\bin\GameGuard\dump_wmimmc.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12. 3. 2016 2:51 21104]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [27. 3. 2016 20:21 10320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-03-14 21:28 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.87\Installer\chrmstp.exe
.
.
------- Doplňkový sken -------
.
mStart Page = about:blank
uSearchAssistant = about:blank
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
TCP: DhcpNameServer = 192.168.0.1
.
.
------- Asociace souborů -------
.
inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-11-05 10:20
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1572)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2016-11-05 10:21:25
ComboFix-quarantined-files.txt 2016-11-05 09:21
ComboFix2.txt 2016-11-04 22:22
ComboFix3.txt 2016-03-17 20:38
ComboFix4.txt 2016-03-16 13:50
ComboFix5.txt 2016-11-05 09:11
.
Před spuštěním: Volných bajtů: 1 730 597 863 424
Po spuštění: Volných bajtů: 1 730 576 781 312
.
- - End Of File - - 7C3EA0408575E85CC112AEC4D2CEA4E0
671B81004FDD1588FA9ED1331C9CECA9
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2760 [GMT 1:00]
Spuštěný z: c:\documents and settings\1234\Plocha\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-10-05 do 2016-11-05 )))))))))))))))))))))))))))))))
.
.
2016-11-03 19:35 . 2016-11-03 19:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ProductData
2016-11-03 19:35 . 2016-11-03 19:35 -------- d-----w- c:\documents and settings\1234\Data aplikací\ProductData
2016-11-03 19:33 . 2016-11-03 19:20 24064 ----a-w- c:\windows\zoek-delete.exe
2016-11-02 22:18 . 2016-11-02 22:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Sophos
2016-11-02 22:17 . 2016-11-02 22:17 -------- d-----w- c:\program files\Sophos
2016-10-24 23:13 . 2016-10-24 23:13 -------- d-----w- c:\program files\Codemasters
2016-10-15 16:05 . 2016-10-31 17:45 -------- d-----w- c:\documents and settings\1234\Data aplikací\TS3Client
2016-10-15 14:00 . 2016-10-15 14:00 -------- d-----w- c:\documents and settings\1234\Local Settings\Data aplikací\CEF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-11-03 05:30 . 2016-03-10 22:15 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-09-24 20:36 . 2016-09-24 20:36 141768 ----a-w- c:\windows\system32\vpncmd.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-06-01 6405912]
"Adobe Reader Synchronizer"="c:\program files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe" [2014-05-08 746376]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2015-03-31 4557552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-10-29 15678752]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Battle.net\\Battle.net.exe"=
"c:\\Program Files\\Hearthstone\\Hearthstone.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\Adam\\Data aplikací\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetService\\NvNetworkService.exe"=
"c:\\Program Files\\Microsoft Visual Studio\\Common\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"c:\\Python23\\pythonw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Games\\World_of_Tanks\\WoTLauncher.exe"=
"c:\\Games\\World_of_Tanks\\WorldOfTanks.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 cm_km;Kaspersky Lab ZAO Cryptographic Module x86 (Weak);c:\windows\system32\drivers\cm_km.sys [6. 7. 2015 0:10 201912]
R0 klbackupdisk;Kaspersky Lab klbackupdisk;c:\windows\system32\drivers\klbackupdisk.sys [6. 6. 2015 8:50 46776]
R0 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [27. 3. 2016 20:21 15688]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [1. 5. 2015 21:39 23840]
R1 klbackupflt;Kaspersky Lab klbackupflt;c:\windows\system32\drivers\klbackupflt.sys [27. 6. 2015 0:00 57712]
R1 klhk;Kaspersky Lab service driver;c:\windows\system32\drivers\klhk.sys [25. 3. 2016 23:32 44216]
R1 klpd;Kaspersky Lab format recognizer driver;c:\windows\system32\drivers\klpd.sys [6. 12. 2015 11:23 39304]
R1 kltdf;kltdf;c:\windows\system32\drivers\kltdf.sys [10. 6. 2015 18:16 73912]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [11. 6. 2015 15:52 54328]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [23. 6. 2015 18:30 156856]
R1 uzmymzq1;AVZ-RK Kernel Driver;c:\windows\system32\drivers\uzmymzq1.sys [27. 1. 2016 0:52 11264]
R2 KaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\KaraokeSer.exe [2. 5. 2015 3:11 88696]
R2 kldisk;kldisk;c:\windows\system32\drivers\kldisk.sys [6. 6. 2015 8:48 66976]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [21. 8. 2011 21:56 35088]
R2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [25. 12. 2015 23:24 1872504]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [31. 3. 2015 7:30 1023728]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\drivers\dtlitescsibus.sys [2. 5. 2015 13:14 25104]
R3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\drivers\klflt.sys [25. 3. 2016 23:32 150408]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [19. 4. 2013 10:44 36448]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [4. 6. 2015 16:38 36024]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [7. 6. 2015 1:44 37040]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2. 5. 2015 3:11 2561968]
S2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [31. 5. 2016 11:58 2934048]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12. 3. 2016 3:10 701512]
S3 AVP16.0.0;Služba Kaspersky Anti-Virus 16.0.0;c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe [6. 12. 2015 11:23 194000]
S3 cpuz138;cpuz138; [x]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\NCSOFT\BnS\bin\GameGuard\dump_wmimmc.sys --> c:\program files\NCSOFT\BnS\bin\GameGuard\dump_wmimmc.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12. 3. 2016 2:51 21104]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [27. 3. 2016 20:21 10320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-03-14 21:28 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.87\Installer\chrmstp.exe
.
.
------- Doplňkový sken -------
.
mStart Page = about:blank
uSearchAssistant = about:blank
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
TCP: DhcpNameServer = 192.168.0.1
.
.
------- Asociace souborů -------
.
inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-11-05 10:20
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1572)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2016-11-05 10:21:25
ComboFix-quarantined-files.txt 2016-11-05 09:21
ComboFix2.txt 2016-11-04 22:22
ComboFix3.txt 2016-03-17 20:38
ComboFix4.txt 2016-03-16 13:50
ComboFix5.txt 2016-11-05 09:11
.
Před spuštěním: Volných bajtů: 1 730 597 863 424
Po spuštění: Volných bajtů: 1 730 576 781 312
.
- - End Of File - - 7C3EA0408575E85CC112AEC4D2CEA4E0
671B81004FDD1588FA9ED1331C9CECA9
-
jerabina
- člen Security týmu
-
Level 6
- Příspěvky: 3647
- Registrován: březen 13
- Bydliště: Litoměřice
- Pohlaví:
- Stav:
Offline
Re: Trojan-Banker
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť:
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému.
Toto otestuj na Virustotal
c:\windows\system32\vpncmd.exe
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Kód: Vybrat vše
ClearJavaCache::
KillAll::
Folder::
c:\program files\IObit
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=-
"DAEMON Tools Lite"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-
Driver::
LiveUpdateSvc
DDS::
mStart Page = about:blank
uSearchAssistant = about:blankZvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť:
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému.
Toto otestuj na Virustotal
c:\windows\system32\vpncmd.exe
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
Re: Trojan-Banker
jerabina píše:Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť:
V průběhu skenu vyskočilo okno s chybovou hláškou: data na adrese ... nemohou být přepsána. Bohužel jsem přišel o screenshot chybového hlášení, protože se na konci skenu PC restartoval. Sken probíhal bez dalších problémů.
ComboFix 16-10-23.01 - 1234 . 11. 2016 21:46:27.6.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2818 [GMT 1:00]
Spuštěný z: c:\documents and settings\1234\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\1234\Plocha\CFScript.txt
AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
* Vytvořen nový Bod Obnovení
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\IObit
c:\program files\IObit\IObit Uninstaller\AUpdate.exe
c:\program files\IObit\IObit Uninstaller\BigUpgrade_IU.exe
c:\program files\IObit\IObit Uninstaller\BigUpgrade_IUASC.exe
c:\program files\IObit\IObit Uninstaller\DatabaseDownload.exe
c:\program files\IObit\IObit Uninstaller\datastate.dll
c:\program files\IObit\IObit Uninstaller\EULA.rtf
c:\program files\IObit\IObit Uninstaller\InfoHelp.dll
c:\program files\IObit\IObit Uninstaller\Install_PintoStartMenu.exe
c:\program files\IObit\IObit Uninstaller\IObitUninstaler.exe
c:\program files\IObit\IObit Uninstaller\IU_KillAllFile.exe
c:\program files\IObit\IObit Uninstaller\IUPluginNotice.exe
c:\program files\IObit\IObit Uninstaller\iupsinfo.dbd
c:\program files\IObit\IObit Uninstaller\lang.dbd
c:\program files\IObit\IObit Uninstaller\Language\Arabic.lng
c:\program files\IObit\IObit Uninstaller\Language\Armenian.lng
c:\program files\IObit\IObit Uninstaller\Language\Belarusian.lng
c:\program files\IObit\IObit Uninstaller\Language\Bosnian.lng
c:\program files\IObit\IObit Uninstaller\Language\Catalan.lng
c:\program files\IObit\IObit Uninstaller\Language\Czech.lng
c:\program files\IObit\IObit Uninstaller\Language\Danish.lng
c:\program files\IObit\IObit Uninstaller\Language\Dutch.lng
c:\program files\IObit\IObit Uninstaller\Language\English.lng
c:\program files\IObit\IObit Uninstaller\Language\Finnish.lng
c:\program files\IObit\IObit Uninstaller\Language\Flemish.lng
c:\program files\IObit\IObit Uninstaller\Language\French.lng
c:\program files\IObit\IObit Uninstaller\Language\Georgian.lng
c:\program files\IObit\IObit Uninstaller\Language\German.lng
c:\program files\IObit\IObit Uninstaller\Language\Hebrew.lng
c:\program files\IObit\IObit Uninstaller\Language\Hungarian.lng
c:\program files\IObit\IObit Uninstaller\Language\ChineseSimp.lng
c:\program files\IObit\IObit Uninstaller\Language\ChineseTrad.lng
c:\program files\IObit\IObit Uninstaller\Language\Indonesian.lng
c:\program files\IObit\IObit Uninstaller\Language\Italian.lng
c:\program files\IObit\IObit Uninstaller\Language\Japanese.lng
c:\program files\IObit\IObit Uninstaller\Language\Korean.lng
c:\program files\IObit\IObit Uninstaller\Language\Latvian.lng
c:\program files\IObit\IObit Uninstaller\Language\Malayalam.lng
c:\program files\IObit\IObit Uninstaller\Language\Maltese.lng
c:\program files\IObit\IObit Uninstaller\Language\Mongolian.lng
c:\program files\IObit\IObit Uninstaller\Language\Persian.lng
c:\program files\IObit\IObit Uninstaller\Language\Polish.lng
c:\program files\IObit\IObit Uninstaller\Language\Portuguese(PT-BR).lng
c:\program files\IObit\IObit Uninstaller\Language\Portuguese(PT-PT).lng
c:\program files\IObit\IObit Uninstaller\Language\Romanian.lng
c:\program files\IObit\IObit Uninstaller\Language\Russian.lng
c:\program files\IObit\IObit Uninstaller\Language\Serbian(Cyrillic).lng
c:\program files\IObit\IObit Uninstaller\Language\Serbian(Latin).lng
c:\program files\IObit\IObit Uninstaller\Language\Slovak.lng
c:\program files\IObit\IObit Uninstaller\Language\Slovenian.lng
c:\program files\IObit\IObit Uninstaller\Language\Spanish.lng
c:\program files\IObit\IObit Uninstaller\Language\Swedish.lng
c:\program files\IObit\IObit Uninstaller\Language\Telugu.lng
c:\program files\IObit\IObit Uninstaller\Language\Thai.lng
c:\program files\IObit\IObit Uninstaller\Language\Turkish.lng
c:\program files\IObit\IObit Uninstaller\Language\Ukrainian.lng
c:\program files\IObit\IObit Uninstaller\Language\Vietnamese.lng
c:\program files\IObit\IObit Uninstaller\LatestNews\LatestNews.ini
c:\program files\IObit\IObit Uninstaller\madbasic_.bpl
c:\program files\IObit\IObit Uninstaller\maddisAsm_.bpl
c:\program files\IObit\IObit Uninstaller\madexcept_.bpl
c:\program files\IObit\IObit Uninstaller\PPUninstaller.exe
c:\program files\IObit\IObit Uninstaller\pr.dat
c:\program files\IObit\IObit Uninstaller\ProductStatistics.dll
c:\program files\IObit\IObit Uninstaller\rtl120.bpl
c:\program files\IObit\IObit Uninstaller\SendBugReportNew.exe
c:\program files\IObit\IObit Uninstaller\Skin\classic.rcc
c:\program files\IObit\IObit Uninstaller\Skin\white.rcc
c:\program files\IObit\IObit Uninstaller\sqlite3.dll
c:\program files\IObit\IObit Uninstaller\SysRest.dll
c:\program files\IObit\IObit Uninstaller\taskmgr.dll
c:\program files\IObit\IObit Uninstaller\unins000.dat
c:\program files\IObit\IObit Uninstaller\unins000.exe
c:\program files\IObit\IObit Uninstaller\unins000.msg
c:\program files\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe
c:\program files\IObit\IObit Uninstaller\Uninstall_Mitor.exe
c:\program files\IObit\IObit Uninstaller\UninstallExplorer.dll
c:\program files\IObit\IObit Uninstaller\UninstallHistory.exe
c:\program files\IObit\IObit Uninstaller\UninstallMenuRight.dll
c:\program files\IObit\IObit Uninstaller\UninstallMonitor.exe
c:\program files\IObit\IObit Uninstaller\UninstallPromote.exe
c:\program files\IObit\IObit Uninstaller\update\freeware.ini
c:\program files\IObit\IObit Uninstaller\vcl120.bpl
c:\program files\IObit\IObit Uninstaller\vclx120.bpl
c:\program files\IObit\IObit Uninstaller\webres.dll
c:\program files\IObit\LiveUpdate\Downloader.log
c:\program files\IObit\LiveUpdate\Language\Arabic.lng
c:\program files\IObit\LiveUpdate\Language\Belarusian.lng
c:\program files\IObit\LiveUpdate\Language\Czech.lng
c:\program files\IObit\LiveUpdate\Language\Danish.lng
c:\program files\IObit\LiveUpdate\Language\Dinka.lng
c:\program files\IObit\LiveUpdate\Language\Dutch.lng
c:\program files\IObit\LiveUpdate\Language\English.lng
c:\program files\IObit\LiveUpdate\Language\Finnish.lng
c:\program files\IObit\LiveUpdate\Language\Flemish.lng
c:\program files\IObit\LiveUpdate\Language\French.lng
c:\program files\IObit\LiveUpdate\Language\German.lng
c:\program files\IObit\LiveUpdate\Language\Greek.lng
c:\program files\IObit\LiveUpdate\Language\Hebrew.lng
c:\program files\IObit\LiveUpdate\Language\Hungarian.lng
c:\program files\IObit\LiveUpdate\Language\ChineseSimp.lng
c:\program files\IObit\LiveUpdate\Language\ChineseTrad.lng
c:\program files\IObit\LiveUpdate\Language\Indonesia.lng
c:\program files\IObit\LiveUpdate\Language\Italian.lng
c:\program files\IObit\LiveUpdate\Language\Japanese.lng
c:\program files\IObit\LiveUpdate\Language\Korean.lng
c:\program files\IObit\LiveUpdate\Language\Latvian.lng
c:\program files\IObit\LiveUpdate\Language\Malayalam.lng
c:\program files\IObit\LiveUpdate\Language\Polish.lng
c:\program files\IObit\LiveUpdate\Language\Portuguese(PT-BR).lng
c:\program files\IObit\LiveUpdate\Language\Portuguese(PT-PT).lng
c:\program files\IObit\LiveUpdate\Language\Romanian.lng
c:\program files\IObit\LiveUpdate\Language\Russian.lng
c:\program files\IObit\LiveUpdate\Language\Serbian (cyrillic).lng
c:\program files\IObit\LiveUpdate\Language\Serbian (latin).lng
c:\program files\IObit\LiveUpdate\Language\Slovak.lng
c:\program files\IObit\LiveUpdate\Language\Slovenian.lng
c:\program files\IObit\LiveUpdate\Language\Spanish.lng
c:\program files\IObit\LiveUpdate\Language\Swedish.lng
c:\program files\IObit\LiveUpdate\Language\Turkish.lng
c:\program files\IObit\LiveUpdate\Language\Ukrainian.lng
c:\program files\IObit\LiveUpdate\Language\Vietnamese.lng
c:\program files\IObit\LiveUpdate\LiveUpdate.exe
c:\program files\IObit\LiveUpdate\LiveUpdate.log
c:\program files\IObit\LiveUpdate\LiveUpdateSrvUpt.log
c:\program files\IObit\LiveUpdate\ProductStatistics.dll
c:\program files\IObit\LiveUpdate\ProductUpt.log
c:\program files\IObit\LiveUpdate\system.ini
c:\program files\IObit\LiveUpdate\update\Surfing Protection\Adblock\db\easylist.txt.dat
c:\program files\IObit\LiveUpdate\update\Surfing Protection\Adblock\db\WhiteList.txt.dat
c:\program files\IObit\LiveUpdate\update\Surfing Protection\Database\ASCSpecialUrl.db.dat
c:\program files\IObit\LiveUpdate\update\Surfing Protection\FFPluginCleaner.exe.dat
c:\program files\IObit\LiveUpdate\update\UninstallerFree\BigUpgrade_IUASC.exe.dat
c:\program files\IObit\LiveUpdate\update\UninstallerFreeWeb\BigUpgrade_IU.exe.dat
c:\program files\IObit\LiveUpdate\update\update.spt
c:\program files\IObit\Surfing Protection\Adblock\db\easylist.txt
c:\program files\IObit\Surfing Protection\Adblock\db\WhiteList.txt
c:\program files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
c:\program files\IObit\Surfing Protection\BrowerProtect\ascsurfingprotection@iobit.com\chrome.manifest
c:\program files\IObit\Surfing Protection\BrowerProtect\ascsurfingprotection@iobit.com\chrome\content\ascsurfingprotection.js
c:\program files\IObit\Surfing Protection\BrowerProtect\ascsurfingprotection@iobit.com\chrome\content\ascsurfingprotection.xul
c:\program files\IObit\Surfing Protection\BrowerProtect\ascsurfingprotection@iobit.com\chrome\content\imagemgr.js
c:\program files\IObit\Surfing Protection\BrowerProtect\ascsurfingprotection@iobit.com\chrome\content\languagemgr.js
c:\program files\IObit\Surfing Protection\BrowerProtect\ascsurfingprotection@iobit.com\chrome\content\popbox.css
c:\program files\IObit\Surfing Protection\BrowerProtect\ascsurfingprotection@iobit.com\chrome\content\protectpage.js
c:\program files\IObit\Surfing Protection\BrowerProtect\ascsurfingprotection@iobit.com\chrome\content\searchresultmgr.js
c:\program files\IObit\Surfing Protection\BrowerProtect\ascsurfingprotection@iobit.com\chrome\content\urlbaricon.js
c:\program files\IObit\Surfing Protection\BrowerProtect\ascsurfingprotection@iobit.com\icon.png
c:\program files\IObit\Surfing Protection\BrowerProtect\ascsurfingprotection@iobit.com\install.rdf
c:\program files\IObit\Surfing Protection\BrowerProtect\ASCUrlScanner.dll
c:\program files\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\manifest.json
c:\program files\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\background.html
c:\program files\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\background.js
c:\program files\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\Ex.js
c:\program files\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\Img\asc.png
c:\program files\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\Img\popbox_btn_close.png
c:\program files\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\Img\popbox_btn_ok.png
c:\program files\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\Img\risk.png
c:\program files\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\Img\risk_logo.png
c:\program files\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\Img\safe.png
c:\program files\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\Img\safe_logo.png
c:\program files\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\Img\tip_details.png
c:\program files\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\Img\window_risk.png
c:\program files\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\Img\window_safe.png
c:\program files\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\Img\wraningBg.png
c:\program files\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\popup.html
c:\program files\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\popup.js
c:\program files\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\SPNativeMessage.exe
c:\program files\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\tips.js
c:\program files\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\warning.bak
c:\program files\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\warning.html
c:\program files\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\warning.js
c:\program files\IObit\Surfing Protection\BrowerProtect\errorpage.html
c:\program files\IObit\Surfing Protection\BrowerProtect\images\asc.png
c:\program files\IObit\Surfing Protection\BrowerProtect\images\icon_gray.png
c:\program files\IObit\Surfing Protection\BrowerProtect\images\ie_risk.png
c:\program files\IObit\Surfing Protection\BrowerProtect\images\ie_safe.png
c:\program files\IObit\Surfing Protection\BrowerProtect\images\ie_tip_details.gif
c:\program files\IObit\Surfing Protection\BrowerProtect\images\ie_wraningBg.png
c:\program files\IObit\Surfing Protection\BrowerProtect\images\popbox_btn_close.png
c:\program files\IObit\Surfing Protection\BrowerProtect\images\popbox_btn_ok.png
c:\program files\IObit\Surfing Protection\BrowerProtect\images\risk.png
c:\program files\IObit\Surfing Protection\BrowerProtect\images\risk_logo.png
c:\program files\IObit\Surfing Protection\BrowerProtect\images\safe.png
c:\program files\IObit\Surfing Protection\BrowerProtect\images\safe_logo.png
c:\program files\IObit\Surfing Protection\BrowerProtect\images\tip_details.png
c:\program files\IObit\Surfing Protection\BrowerProtect\images\window_risk.png
c:\program files\IObit\Surfing Protection\BrowerProtect\images\window_safe.png
c:\program files\IObit\Surfing Protection\BrowerProtect\images\wraningBg.png
c:\program files\IObit\Surfing Protection\BrowerProtect\script.js
c:\program files\IObit\Surfing Protection\BrowerProtect\SPAD_script.js
c:\program files\IObit\Surfing Protection\BrowerProtect\V8_manifest.json
c:\program files\IObit\Surfing Protection\Database\ASCSpecialUrl.db
c:\program files\IObit\Surfing Protection\Database\base_safe_browse_0919
c:\program files\IObit\Surfing Protection\Database\base_safe_browse_1014
c:\program files\IObit\Surfing Protection\Database\base_upt_add
c:\program files\IObit\Surfing Protection\Database\spupdate.utp
c:\program files\IObit\Surfing Protection\DownErrorConfig.txt
c:\program files\IObit\Surfing Protection\Extensions.plist
c:\program files\IObit\Surfing Protection\FFPluginCleaner.exe
c:\program files\IObit\Surfing Protection\Language\Arabic.lng
c:\program files\IObit\Surfing Protection\Language\Belarusian.lng
c:\program files\IObit\Surfing Protection\Language\Czech.lng
c:\program files\IObit\Surfing Protection\Language\Dutch.lng
c:\program files\IObit\Surfing Protection\Language\English.lng
c:\program files\IObit\Surfing Protection\Language\Finnish.lng
c:\program files\IObit\Surfing Protection\Language\Hungarian.lng
c:\program files\IObit\Surfing Protection\Language\ChineseSimp.lng
c:\program files\IObit\Surfing Protection\Language\ChineseTrad.lng
c:\program files\IObit\Surfing Protection\Language\Japanese.lng
c:\program files\IObit\Surfing Protection\Language\Korean.lng
c:\program files\IObit\Surfing Protection\Language\Polish.lng
c:\program files\IObit\Surfing Protection\Language\Portuguese(PT-BR).lng
c:\program files\IObit\Surfing Protection\Language\Romanian.lng
c:\program files\IObit\Surfing Protection\Language\Russian.lng
c:\program files\IObit\Surfing Protection\Language\Serbian (cyrillic).lng
c:\program files\IObit\Surfing Protection\Language\Serbian (latin).lng
c:\program files\IObit\Surfing Protection\Language\Slovenian.lng
c:\program files\IObit\Surfing Protection\Language\Spanish.lng
c:\program files\IObit\Surfing Protection\Language\Swedish.lng
c:\program files\IObit\Surfing Protection\Language\Turkish.lng
c:\program files\IObit\Surfing Protection\Language\Vietnamese.lng
c:\program files\IObit\Surfing Protection\NativeMsg.json
c:\program files\IObit\Surfing Protection\PluginInstall.exe
c:\program files\IObit\Surfing Protection\SPInit.log
c:\program files\IObit\Surfing Protection\SPUpdate.exe
c:\program files\IObit\Surfing Protection\sqlite3.dll
c:\program files\IObit\Surfing Protection\unins000.dat
c:\program files\IObit\Surfing Protection\unins000.exe
c:\program files\IObit\Surfing Protection\unins000.msg
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_LIVEUPDATESVC
-------\Service_LiveUpdateSvc
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-10-07 do 2016-11-07 )))))))))))))))))))))))))))))))
.
.
2016-11-05 16:22 . 2016-11-05 16:22 -------- d-----w- c:\documents and settings\1234\Data aplikací\.minecraft
2016-11-05 15:53 . 2016-11-05 15:53 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2016-11-05 15:52 . 2016-11-06 08:59 -------- d-----w- c:\documents and settings\Default User\Local Settings\Data aplikací\LogMeIn Hamachi
2016-11-05 15:52 . 2016-08-31 14:46 26176 ---ha-w- c:\windows\system32\hamachi.sys
2016-11-05 15:52 . 2016-11-05 15:52 -------- d-----w- c:\program files\LogMeIn Hamachi
2016-11-05 15:51 . 2016-11-07 20:55 -------- d-----w- c:\documents and settings\1234\Local Settings\Data aplikací\LogMeIn Hamachi
2016-11-05 15:51 . 2016-11-05 15:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\LogMeIn
2016-11-05 15:51 . 2016-11-05 15:51 -------- d-----w- c:\documents and settings\1234\Local Settings\Data aplikací\LogMeIn
2016-11-05 15:51 . 2016-11-07 20:55 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\LogMeIn Hamachi
2016-11-05 11:01 . 2016-11-05 16:15 -------- d-----w- c:\documents and settings\1234\Data aplikací\.technic
2016-11-05 11:01 . 2016-11-05 11:01 -------- d-----w- c:\program files\Common Files\Java
2016-11-05 11:00 . 2016-11-05 11:00 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2016-11-05 10:51 . 2016-11-05 11:00 145408 ----a-w- c:\windows\system32\javacpl.cpl
2016-11-03 19:35 . 2016-11-03 19:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ProductData
2016-11-03 19:35 . 2016-11-03 19:35 -------- d-----w- c:\documents and settings\1234\Data aplikací\ProductData
2016-11-03 19:33 . 2016-11-03 19:20 24064 ----a-w- c:\windows\zoek-delete.exe
2016-11-02 22:18 . 2016-11-02 22:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Sophos
2016-11-02 22:17 . 2016-11-02 22:17 -------- d-----w- c:\program files\Sophos
2016-10-24 23:13 . 2016-10-24 23:13 -------- d-----w- c:\program files\Codemasters
2016-10-15 16:05 . 2016-10-31 17:45 -------- d-----w- c:\documents and settings\1234\Data aplikací\TS3Client
2016-10-15 14:00 . 2016-10-15 14:00 -------- d-----w- c:\documents and settings\1234\Local Settings\Data aplikací\CEF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-11-03 05:30 . 2016-03-10 22:15 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-09-24 20:36 . 2016-09-24 20:36 141768 ----a-w- c:\windows\system32\vpncmd.exe
2016-08-31 14:46 . 2016-08-31 14:46 26176 ---ha-w- c:\windows\system32\drivers\hamachi.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Synchronizer"="c:\program files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe" [2014-05-08 746376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-10-29 15678752]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2016-09-13 5565960]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Battle.net\\Battle.net.exe"=
"c:\\Program Files\\Hearthstone\\Hearthstone.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\Adam\\Data aplikací\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetService\\NvNetworkService.exe"=
"c:\\Program Files\\Microsoft Visual Studio\\Common\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"c:\\Python23\\pythonw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Games\\World_of_Tanks\\WoTLauncher.exe"=
"c:\\Games\\World_of_Tanks\\WorldOfTanks.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 cm_km;Kaspersky Lab ZAO Cryptographic Module x86 (Weak);c:\windows\system32\drivers\cm_km.sys [6. 7. 2015 0:10 201912]
R0 klbackupdisk;Kaspersky Lab klbackupdisk;c:\windows\system32\drivers\klbackupdisk.sys [6. 6. 2015 8:50 46776]
R0 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [27. 3. 2016 20:21 15688]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [1. 5. 2015 21:39 23840]
R1 klbackupflt;Kaspersky Lab klbackupflt;c:\windows\system32\drivers\klbackupflt.sys [27. 6. 2015 0:00 57712]
R1 klhk;Kaspersky Lab service driver;c:\windows\system32\drivers\klhk.sys [25. 3. 2016 23:32 44216]
R1 klpd;Kaspersky Lab format recognizer driver;c:\windows\system32\drivers\klpd.sys [6. 12. 2015 11:23 39304]
R1 kltdf;kltdf;c:\windows\system32\drivers\kltdf.sys [10. 6. 2015 18:16 73912]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [11. 6. 2015 15:52 54328]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [23. 6. 2015 18:30 156856]
R1 uzmymzq1;AVZ-RK Kernel Driver;c:\windows\system32\drivers\uzmymzq1.sys [27. 1. 2016 0:52 11264]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [13. 9. 2016 18:53 1958408]
R2 KaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\KaraokeSer.exe [2. 5. 2015 3:11 88696]
R2 kldisk;kldisk;c:\windows\system32\drivers\kldisk.sys [6. 6. 2015 8:48 66976]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe [31. 8. 2016 15:47 405424]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [21. 8. 2011 21:56 35088]
R2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [25. 12. 2015 23:24 1872504]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\drivers\dtlitescsibus.sys [2. 5. 2015 13:14 25104]
R3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\drivers\klflt.sys [25. 3. 2016 23:32 150408]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [19. 4. 2013 10:44 36448]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [4. 6. 2015 16:38 36024]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [7. 6. 2015 1:44 37040]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12. 3. 2016 2:51 21104]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2. 5. 2015 3:11 2561968]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12. 3. 2016 3:10 701512]
S3 AVP16.0.0;Služba Kaspersky Anti-Virus 16.0.0;c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe [6. 12. 2015 11:23 194000]
S3 cpuz138;cpuz138; [x]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [31. 3. 2015 7:30 1023728]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\NCSOFT\BnS\bin\GameGuard\dump_wmimmc.sys --> c:\program files\NCSOFT\BnS\bin\GameGuard\dump_wmimmc.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [27. 3. 2016 20:21 10320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-03-14 21:28 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.87\Installer\chrmstp.exe
.
.
------- Doplňkový sken -------
.
uSearchAssistant = about:blank
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
TCP: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-11-07 21:55
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1556)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Comodo\Chromodo\chromodo_updater.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2016-11-07 21:59:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-11-07 20:59
ComboFix2.txt 2016-11-05 09:21
ComboFix3.txt 2016-11-04 22:22
ComboFix4.txt 2016-03-17 20:38
ComboFix5.txt 2016-11-07 20:42
.
Před spuštěním: Volných bajtů: 1 728 417 226 752
Po spuštění: Volných bajtů: 1 728 404 545 536
.
- - End Of File - - C7BC098A836D16DD00DFAB35A7BAD69A
671B81004FDD1588FA9ED1331C9CECA9
https://www.virustotal.com/cs/file/626f ... 478552964/
-
jerabina
- člen Security týmu
-
Level 6
- Příspěvky: 3647
- Registrován: březen 13
- Bydliště: Litoměřice
- Pohlaví:
- Stav:
Offline
Re: Trojan-Banker
V pořádku, důležité je, že se oprava provedla.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
Vyčisti systém CCleanerem
Stáhni si OTC
na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.
Co problémy? + nový log z HJT
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
Vyčisti systém CCleanerem
Stáhni si OTC
na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.
Co problémy? + nový log z HJT
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
Re: Trojan-Banker
Nechám přes noc skenovat PC.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:24:19, on 8. 11. 2016
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Chromodo\chromodo_updater.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\KaraokeSer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\1234\Plocha\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: ScriptInjectionPluginBrowserHelperObject - {C66D064F-82FE-4E1A-B06A-B2490BA48B18} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [Adobe Reader Synchronizer] "C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Služba Kaspersky Anti-Virus 16.0.0 (AVP16.0.0) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe
O23 - Service: COMODO Chromodo Update Service (ChromodoUpdater) - Comodo - C:\Program Files\Comodo\Chromodo\chromodo_updater.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: VIA Karaoke digital mixer Service (KaraokeService) - VIA Technologies, Inc. - C:\WINDOWS\system32\KaraokeSer.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 7530 bytes
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:24:19, on 8. 11. 2016
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Chromodo\chromodo_updater.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\KaraokeSer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\1234\Plocha\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: ScriptInjectionPluginBrowserHelperObject - {C66D064F-82FE-4E1A-B06A-B2490BA48B18} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [Adobe Reader Synchronizer] "C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Služba Kaspersky Anti-Virus 16.0.0 (AVP16.0.0) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe
O23 - Service: COMODO Chromodo Update Service (ChromodoUpdater) - Comodo - C:\Program Files\Comodo\Chromodo\chromodo_updater.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: VIA Karaoke digital mixer Service (KaraokeService) - VIA Technologies, Inc. - C:\WINDOWS\system32\KaraokeSer.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 7530 bytes
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Trojan-Banker
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Ještě stáhni znovu Combofix.
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
+
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Návod
Kód: Vybrat vše
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
Ještě stáhni znovu Combofix.
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Kód: Vybrat vše
KillAll::
Driver::
cpuz138
dump_wmimmc
npggsvc
Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
+
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Trojan-Banker
ComboFix 16-11-06.01 - 1234 . 11. 2016 18:33:46.7.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2786 [GMT 1:00]
Spuštěný z: c:\documents and settings\1234\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\1234\Plocha\CFScript.txt
AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_CPUZ138
-------\Legacy_DUMP_WMIMMC
-------\Service_cpuz138
-------\Service_dump_wmimmc
-------\Service_npggsvc
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-10-09 do 2016-11-09 )))))))))))))))))))))))))))))))
.
.
2016-11-05 16:22 . 2016-11-05 16:22 -------- d-----w- c:\documents and settings\1234\Data aplikací\.minecraft
2016-11-05 15:53 . 2016-11-05 15:53 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2016-11-05 15:52 . 2016-11-06 08:59 -------- d-----w- c:\documents and settings\Default User\Local Settings\Data aplikací\LogMeIn Hamachi
2016-11-05 15:52 . 2016-08-31 14:46 26176 ---ha-w- c:\windows\system32\hamachi.sys
2016-11-05 15:52 . 2016-11-05 15:52 -------- d-----w- c:\program files\LogMeIn Hamachi
2016-11-05 15:51 . 2016-11-09 17:18 -------- d-----w- c:\documents and settings\1234\Local Settings\Data aplikací\LogMeIn Hamachi
2016-11-05 15:51 . 2016-11-05 15:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\LogMeIn
2016-11-05 15:51 . 2016-11-05 15:51 -------- d-----w- c:\documents and settings\1234\Local Settings\Data aplikací\LogMeIn
2016-11-05 15:51 . 2016-11-09 17:40 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\LogMeIn Hamachi
2016-11-05 11:01 . 2016-11-05 16:15 -------- d-----w- c:\documents and settings\1234\Data aplikací\.technic
2016-11-05 11:01 . 2016-11-05 11:01 -------- d-----w- c:\program files\Common Files\Java
2016-11-05 11:00 . 2016-11-05 11:00 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2016-11-05 10:51 . 2016-11-05 11:00 145408 ----a-w- c:\windows\system32\javacpl.cpl
2016-11-03 19:35 . 2016-11-03 19:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ProductData
2016-11-03 19:35 . 2016-11-03 19:35 -------- d-----w- c:\documents and settings\1234\Data aplikací\ProductData
2016-11-03 19:33 . 2016-11-03 19:20 24064 ----a-w- c:\windows\zoek-delete.exe
2016-11-02 22:18 . 2016-11-02 22:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Sophos
2016-11-02 22:17 . 2016-11-02 22:17 -------- d-----w- c:\program files\Sophos
2016-10-24 23:13 . 2016-10-24 23:13 -------- d-----w- c:\program files\Codemasters
2016-10-15 16:05 . 2016-10-31 17:45 -------- d-----w- c:\documents and settings\1234\Data aplikací\TS3Client
2016-10-15 14:00 . 2016-10-15 14:00 -------- d-----w- c:\documents and settings\1234\Local Settings\Data aplikací\CEF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-11-03 05:30 . 2016-03-10 22:15 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-09-24 20:36 . 2016-09-24 20:36 141768 ----a-w- c:\windows\system32\vpncmd.exe
2016-08-31 14:46 . 2016-08-31 14:46 26176 ---ha-w- c:\windows\system32\drivers\hamachi.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Synchronizer"="c:\program files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe" [2014-05-08 746376]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-06-01 6405912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-10-29 15678752]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2016-09-13 5565960]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Battle.net\\Battle.net.exe"=
"c:\\Program Files\\Hearthstone\\Hearthstone.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\Adam\\Data aplikací\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetService\\NvNetworkService.exe"=
"c:\\Program Files\\Microsoft Visual Studio\\Common\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"c:\\Python23\\pythonw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Games\\World_of_Tanks\\WoTLauncher.exe"=
"c:\\Games\\World_of_Tanks\\WorldOfTanks.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 cm_km;Kaspersky Lab ZAO Cryptographic Module x86 (Weak);c:\windows\system32\drivers\cm_km.sys [6. 7. 2015 0:10 201912]
R0 klbackupdisk;Kaspersky Lab klbackupdisk;c:\windows\system32\drivers\klbackupdisk.sys [6. 6. 2015 8:50 46776]
R0 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [27. 3. 2016 20:21 15688]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [1. 5. 2015 21:39 23840]
R1 klbackupflt;Kaspersky Lab klbackupflt;c:\windows\system32\drivers\klbackupflt.sys [27. 6. 2015 0:00 57712]
R1 klhk;Kaspersky Lab service driver;c:\windows\system32\drivers\klhk.sys [25. 3. 2016 23:32 44216]
R1 klpd;Kaspersky Lab format recognizer driver;c:\windows\system32\drivers\klpd.sys [6. 12. 2015 11:23 39304]
R1 kltdf;kltdf;c:\windows\system32\drivers\kltdf.sys [10. 6. 2015 18:16 73912]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [11. 6. 2015 15:52 54328]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [23. 6. 2015 18:30 156856]
R1 uzmymzq1;AVZ-RK Kernel Driver;c:\windows\system32\drivers\uzmymzq1.sys [27. 1. 2016 0:52 11264]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [13. 9. 2016 18:53 1958408]
R2 KaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\KaraokeSer.exe [2. 5. 2015 3:11 88696]
R2 kldisk;kldisk;c:\windows\system32\drivers\kldisk.sys [6. 6. 2015 8:48 66976]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe [31. 8. 2016 15:47 405424]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [21. 8. 2011 21:56 35088]
R2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [25. 12. 2015 23:24 1872504]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\drivers\dtlitescsibus.sys [2. 5. 2015 13:14 25104]
R3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\drivers\klflt.sys [25. 3. 2016 23:32 150408]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [19. 4. 2013 10:44 36448]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [4. 6. 2015 16:38 36024]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [7. 6. 2015 1:44 37040]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12. 3. 2016 2:51 21104]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2. 5. 2015 3:11 2561968]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12. 3. 2016 3:10 701512]
S3 AVP16.0.0;Služba Kaspersky Anti-Virus 16.0.0;c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe [6. 12. 2015 11:23 194000]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [31. 3. 2015 7:30 1023728]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [27. 3. 2016 20:21 10320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-03-14 21:28 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.87\Installer\chrmstp.exe
.
.
------- Doplňkový sken -------
.
uSearchAssistant = about:blank
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
TCP: DhcpNameServer = 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-IObit Surfing Protection_is1 - c:\program files\IObit\Surfing Protection\unins000.exe
AddRemove-IObitUninstall - c:\program files\IObit\IObit Uninstaller\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-11-09 18:41
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3320)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Comodo\Chromodo\chromodo_updater.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2016-11-09 18:44:29 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-11-09 17:44
.
Před spuštěním: Volných bajtů: 1 732 414 050 304
Po spuštění: Volných bajtů: 1 732 322 959 360
.
- - End Of File - - 6723903A4070CE1CCAA03C8EE9231405
671B81004FDD1588FA9ED1331C9CECA9
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2786 [GMT 1:00]
Spuštěný z: c:\documents and settings\1234\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\1234\Plocha\CFScript.txt
AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_CPUZ138
-------\Legacy_DUMP_WMIMMC
-------\Service_cpuz138
-------\Service_dump_wmimmc
-------\Service_npggsvc
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-10-09 do 2016-11-09 )))))))))))))))))))))))))))))))
.
.
2016-11-05 16:22 . 2016-11-05 16:22 -------- d-----w- c:\documents and settings\1234\Data aplikací\.minecraft
2016-11-05 15:53 . 2016-11-05 15:53 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2016-11-05 15:52 . 2016-11-06 08:59 -------- d-----w- c:\documents and settings\Default User\Local Settings\Data aplikací\LogMeIn Hamachi
2016-11-05 15:52 . 2016-08-31 14:46 26176 ---ha-w- c:\windows\system32\hamachi.sys
2016-11-05 15:52 . 2016-11-05 15:52 -------- d-----w- c:\program files\LogMeIn Hamachi
2016-11-05 15:51 . 2016-11-09 17:18 -------- d-----w- c:\documents and settings\1234\Local Settings\Data aplikací\LogMeIn Hamachi
2016-11-05 15:51 . 2016-11-05 15:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\LogMeIn
2016-11-05 15:51 . 2016-11-05 15:51 -------- d-----w- c:\documents and settings\1234\Local Settings\Data aplikací\LogMeIn
2016-11-05 15:51 . 2016-11-09 17:40 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\LogMeIn Hamachi
2016-11-05 11:01 . 2016-11-05 16:15 -------- d-----w- c:\documents and settings\1234\Data aplikací\.technic
2016-11-05 11:01 . 2016-11-05 11:01 -------- d-----w- c:\program files\Common Files\Java
2016-11-05 11:00 . 2016-11-05 11:00 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2016-11-05 10:51 . 2016-11-05 11:00 145408 ----a-w- c:\windows\system32\javacpl.cpl
2016-11-03 19:35 . 2016-11-03 19:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ProductData
2016-11-03 19:35 . 2016-11-03 19:35 -------- d-----w- c:\documents and settings\1234\Data aplikací\ProductData
2016-11-03 19:33 . 2016-11-03 19:20 24064 ----a-w- c:\windows\zoek-delete.exe
2016-11-02 22:18 . 2016-11-02 22:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Sophos
2016-11-02 22:17 . 2016-11-02 22:17 -------- d-----w- c:\program files\Sophos
2016-10-24 23:13 . 2016-10-24 23:13 -------- d-----w- c:\program files\Codemasters
2016-10-15 16:05 . 2016-10-31 17:45 -------- d-----w- c:\documents and settings\1234\Data aplikací\TS3Client
2016-10-15 14:00 . 2016-10-15 14:00 -------- d-----w- c:\documents and settings\1234\Local Settings\Data aplikací\CEF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-11-03 05:30 . 2016-03-10 22:15 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-09-24 20:36 . 2016-09-24 20:36 141768 ----a-w- c:\windows\system32\vpncmd.exe
2016-08-31 14:46 . 2016-08-31 14:46 26176 ---ha-w- c:\windows\system32\drivers\hamachi.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Synchronizer"="c:\program files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe" [2014-05-08 746376]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-06-01 6405912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-10-29 15678752]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2016-09-13 5565960]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Battle.net\\Battle.net.exe"=
"c:\\Program Files\\Hearthstone\\Hearthstone.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\Adam\\Data aplikací\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetService\\NvNetworkService.exe"=
"c:\\Program Files\\Microsoft Visual Studio\\Common\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"c:\\Python23\\pythonw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Games\\World_of_Tanks\\WoTLauncher.exe"=
"c:\\Games\\World_of_Tanks\\WorldOfTanks.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 cm_km;Kaspersky Lab ZAO Cryptographic Module x86 (Weak);c:\windows\system32\drivers\cm_km.sys [6. 7. 2015 0:10 201912]
R0 klbackupdisk;Kaspersky Lab klbackupdisk;c:\windows\system32\drivers\klbackupdisk.sys [6. 6. 2015 8:50 46776]
R0 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [27. 3. 2016 20:21 15688]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [1. 5. 2015 21:39 23840]
R1 klbackupflt;Kaspersky Lab klbackupflt;c:\windows\system32\drivers\klbackupflt.sys [27. 6. 2015 0:00 57712]
R1 klhk;Kaspersky Lab service driver;c:\windows\system32\drivers\klhk.sys [25. 3. 2016 23:32 44216]
R1 klpd;Kaspersky Lab format recognizer driver;c:\windows\system32\drivers\klpd.sys [6. 12. 2015 11:23 39304]
R1 kltdf;kltdf;c:\windows\system32\drivers\kltdf.sys [10. 6. 2015 18:16 73912]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [11. 6. 2015 15:52 54328]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [23. 6. 2015 18:30 156856]
R1 uzmymzq1;AVZ-RK Kernel Driver;c:\windows\system32\drivers\uzmymzq1.sys [27. 1. 2016 0:52 11264]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [13. 9. 2016 18:53 1958408]
R2 KaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\KaraokeSer.exe [2. 5. 2015 3:11 88696]
R2 kldisk;kldisk;c:\windows\system32\drivers\kldisk.sys [6. 6. 2015 8:48 66976]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe [31. 8. 2016 15:47 405424]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [21. 8. 2011 21:56 35088]
R2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [25. 12. 2015 23:24 1872504]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\drivers\dtlitescsibus.sys [2. 5. 2015 13:14 25104]
R3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\drivers\klflt.sys [25. 3. 2016 23:32 150408]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [19. 4. 2013 10:44 36448]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [4. 6. 2015 16:38 36024]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [7. 6. 2015 1:44 37040]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12. 3. 2016 2:51 21104]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2. 5. 2015 3:11 2561968]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12. 3. 2016 3:10 701512]
S3 AVP16.0.0;Služba Kaspersky Anti-Virus 16.0.0;c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe [6. 12. 2015 11:23 194000]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [31. 3. 2015 7:30 1023728]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [27. 3. 2016 20:21 10320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-03-14 21:28 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.87\Installer\chrmstp.exe
.
.
------- Doplňkový sken -------
.
uSearchAssistant = about:blank
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
TCP: DhcpNameServer = 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-IObit Surfing Protection_is1 - c:\program files\IObit\Surfing Protection\unins000.exe
AddRemove-IObitUninstall - c:\program files\IObit\IObit Uninstaller\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-11-09 18:41
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3320)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Comodo\Chromodo\chromodo_updater.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2016-11-09 18:44:29 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-11-09 17:44
.
Před spuštěním: Volných bajtů: 1 732 414 050 304
Po spuštění: Volných bajtů: 1 732 322 959 360
.
- - End Of File - - 6723903A4070CE1CCAA03C8EE9231405
671B81004FDD1588FA9ED1331C9CECA9
Re: Trojan-Banker
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:47:33, on 9. 11. 2016
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Chromodo\chromodo_updater.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\KaraokeSer.exe
C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\1234\Plocha\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: ScriptInjectionPluginBrowserHelperObject - {C66D064F-82FE-4E1A-B06A-B2490BA48B18} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [Adobe Reader Synchronizer] "C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Služba Kaspersky Anti-Virus 16.0.0 (AVP16.0.0) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe
O23 - Service: COMODO Chromodo Update Service (ChromodoUpdater) - Comodo - C:\Program Files\Comodo\Chromodo\chromodo_updater.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: VIA Karaoke digital mixer Service (KaraokeService) - VIA Technologies, Inc. - C:\WINDOWS\system32\KaraokeSer.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 6970 bytes
Scan saved at 18:47:33, on 9. 11. 2016
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Chromodo\chromodo_updater.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\KaraokeSer.exe
C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\1234\Plocha\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: ScriptInjectionPluginBrowserHelperObject - {C66D064F-82FE-4E1A-B06A-B2490BA48B18} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [Adobe Reader Synchronizer] "C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Služba Kaspersky Anti-Virus 16.0.0 (AVP16.0.0) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe
O23 - Service: COMODO Chromodo Update Service (ChromodoUpdater) - Comodo - C:\Program Files\Comodo\Chromodo\chromodo_updater.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: VIA Karaoke digital mixer Service (KaraokeService) - VIA Technologies, Inc. - C:\WINDOWS\system32\KaraokeSer.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 6970 bytes
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 52 hostů