Kontrola logu

pajas92 · Příspěvekod **pajas92** » 05 zář 2016 19:41

ComboFix 16-08-31.01 - OEM 05.09.2016 19:16:57.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4030.2490 [GMT 2:00]
Spuštěný z: c:\users\OEM\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\OEM\Desktop\CFScript.txt
AV: Avast Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Avast Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_0459508233b9177f\ntfs.sys --> c:\windows\SysWow64\drivers\ntfs.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-08-05 do 2016-09-05 )))))))))))))))))))))))))))))))
.
.
2016-09-05 17:24 . 2016-09-05 17:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-09-05 17:16 . 2011-03-11 06:41 1659776 ----a-w- c:\windows\SysWow64\drivers\ntfs.sys
2016-09-04 12:36 . 2016-09-04 12:36 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2016-09-03 12:08 . 2016-09-03 12:09 -------- d-----w- c:\program files (x86)\Winamp
2016-09-03 11:46 . 2016-09-04 12:37 -------- d-----w- c:\program files (x86)\Microsoft Works
2016-09-03 11:45 . 2016-09-03 11:45 -------- d-----w- c:\windows\PCHEALTH
2016-09-03 11:41 . 2016-09-03 11:41 -------- d-----w- c:\program files\Microsoft Office
2016-09-03 11:41 . 2016-09-03 11:41 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2016-09-03 11:41 . 2016-09-03 11:45 -------- d-----w- c:\windows\SHELLNEW
2016-09-03 11:38 . 2016-09-03 11:38 -------- d-----r- C:\MSOCache
2016-09-01 21:02 . 2016-09-01 21:02 -------- d-----w- c:\program files (x86)\EASEUS
2016-09-01 20:48 . 2016-09-01 20:48 -------- d-----w- c:\program files\EaseUS
2016-09-01 20:14 . 2016-09-05 16:41 -------- d-----w- c:\programdata\Microsoft Help
2016-09-01 18:45 . 2016-09-01 18:45 -------- d-----w- c:\programdata\APN
2016-09-01 18:44 . 2016-09-01 18:47 -------- d-----w- c:\program files (x86)\The KMPlayer
2016-08-31 16:38 . 2016-08-16 18:18 920168 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2016-08-31 16:37 . 2016-08-31 16:38 -------- dc----w- c:\windows\system32\DRVSTORE
2016-08-31 16:37 . 2016-08-16 18:18 149256 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2016-08-31 16:37 . 2016-08-31 16:37 -------- d-----w- c:\program files\Oracle
2016-08-31 14:02 . 2015-07-16 19:12 6131200 ----a-w- c:\windows\SysWow64\mstscax.dll
2016-08-31 14:02 . 2015-07-16 19:11 7077376 ----a-w- c:\windows\system32\mstscax.dll
2016-08-31 14:02 . 2015-07-16 19:11 1057792 ----a-w- c:\windows\system32\rdvidcrl.dll
2016-08-31 14:02 . 2015-07-11 13:15 429568 ----a-w- c:\windows\system32\wksprt.exe
2016-08-31 14:02 . 2015-07-16 19:12 856064 ----a-w- c:\windows\SysWow64\rdvidcrl.dll
2016-08-31 14:02 . 2015-07-16 19:12 53248 ----a-w- c:\windows\SysWow64\tsgqec.dll
2016-08-31 14:02 . 2015-07-16 19:11 62976 ----a-w- c:\windows\system32\tsgqec.dll
2016-08-31 13:35 . 2016-08-31 13:04 24064 ----a-w- c:\windows\zoek-delete.exe
2016-08-31 13:04 . 2016-08-31 13:33 -------- d-----w- C:\zoek_backup
2016-08-31 07:18 . 2015-12-20 14:08 243200 ----a-w- c:\windows\system32\rdpudd.dll
2016-08-31 07:18 . 2015-12-20 18:50 3180544 ----a-w- c:\windows\system32\rdpcorets.dll
2016-08-31 07:18 . 2015-12-20 18:50 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2016-08-31 07:18 . 2014-12-11 17:47 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
2016-08-31 02:05 . 2016-08-31 02:05 -------- d-----w- c:\windows\SysWow64\Wat
2016-08-31 02:05 . 2016-08-31 02:05 -------- d-----w- c:\windows\system32\Wat
2016-08-31 01:30 . 2016-08-31 14:03 -------- d-----w- c:\programdata\Skype
2016-08-31 01:28 . 2013-10-02 01:10 44544 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2016-08-31 01:28 . 2013-10-02 04:38 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2016-08-31 01:28 . 2013-10-02 02:22 56832 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2016-08-31 01:28 . 2013-10-02 02:11 13824 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2016-08-31 01:28 . 2013-10-02 02:08 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2016-08-31 01:28 . 2013-10-02 01:48 56832 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2016-08-31 01:28 . 2013-10-02 01:48 18944 ----a-w- c:\windows\system32\wksprtPS.dll
2016-08-31 01:28 . 2013-10-02 00:14 50176 ----a-w- c:\windows\SysWow64\MsRdpWebAccess.dll
2016-08-31 01:28 . 2013-10-02 00:14 17920 ----a-w- c:\windows\SysWow64\wksprtPS.dll
2016-08-31 01:28 . 2013-10-01 23:31 1147392 ----a-w- c:\windows\system32\mstsc.exe
2016-08-31 01:28 . 2013-10-01 22:34 1068544 ----a-w- c:\windows\SysWow64\mstsc.exe
2016-08-31 01:23 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2016-08-31 01:23 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2016-08-31 01:23 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2016-08-31 01:13 . 2016-08-31 01:13 -------- d-----w- c:\program files\Microsoft Silverlight
2016-08-31 01:13 . 2016-08-31 01:13 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2016-08-31 01:08 . 2015-12-16 18:55 69120 ----a-w- c:\windows\system32\nlsbres.dll
2016-08-31 01:08 . 2015-12-16 18:47 69120 ----a-w- c:\windows\SysWow64\nlsbres.dll
2016-08-31 01:08 . 2015-12-16 18:53 7168 ----a-w- c:\windows\system32\KBDAZEL.DLL
2016-08-31 01:08 . 2015-12-16 18:53 7168 ----a-w- c:\windows\system32\KBDAZE.DLL
2016-08-31 01:08 . 2015-12-16 18:48 6656 ----a-w- c:\windows\SysWow64\KBDAZEL.DLL
2016-08-31 01:08 . 2015-12-16 18:53 7168 ----a-w- c:\windows\system32\kbdgeoqw.dll
2016-08-31 01:08 . 2015-12-16 18:48 6656 ----a-w- c:\windows\SysWow64\kbdgeoqw.dll
2016-08-31 01:00 . 2016-07-07 15:36 1896168 ----a-w- c:\windows\system32\drivers\tcpip.sys
2016-08-31 01:00 . 2016-07-07 15:36 377576 ----a-w- c:\windows\system32\drivers\netio.sys
2016-08-31 01:00 . 2016-07-07 15:36 287976 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2016-08-31 01:00 . 2016-07-07 15:08 46080 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2016-08-31 01:00 . 2016-07-01 15:31 976896 ----a-w- c:\windows\system32\inetcomm.dll
2016-08-31 01:00 . 2016-07-01 15:31 84480 ----a-w- c:\windows\system32\INETRES.dll
2016-08-31 01:00 . 2016-07-01 15:13 84480 ----a-w- c:\windows\SysWow64\INETRES.dll
2016-08-31 01:00 . 2016-07-01 15:13 741888 ----a-w- c:\windows\SysWow64\inetcomm.dll
2016-08-31 01:00 . 2016-07-01 14:56 405504 ----a-w- c:\windows\system32\drivers\srv2.sys
2016-08-31 01:00 . 2016-07-01 14:56 168960 ----a-w- c:\windows\system32\drivers\srvnet.sys
2016-08-31 01:00 . 2016-07-01 14:56 464896 ----a-w- c:\windows\system32\drivers\srv.sys
2016-08-31 00:38 . 2016-08-31 00:38 -------- d-s---w- c:\windows\system32\CompatTel
2016-08-31 00:38 . 2016-08-31 00:38 -------- d-----w- c:\windows\system32\appraiser
2016-08-31 00:20 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2016-08-31 00:20 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2016-08-30 22:16 . 2016-08-30 22:53 -------- d-----w- C:\FRST
2016-08-30 22:11 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2016-08-30 22:11 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2016-08-30 22:11 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2016-08-30 22:11 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2016-08-30 22:11 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2016-08-30 22:11 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2016-08-30 22:11 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2016-08-30 22:11 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2016-08-30 22:11 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2016-08-30 21:51 . 2016-08-02 05:38 806400 ----a-w- c:\windows\system32\msfeeds.dll
2016-08-30 19:51 . 2016-08-31 12:39 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-08-30 19:51 . 2016-08-30 19:51 -------- d-----w- c:\programdata\RogueKiller
2016-08-30 04:14 . 2012-07-26 07:40 2560 ----a-w- c:\windows\system32\drivers\cs-CZ\wdf01000.sys.mui
2016-08-30 04:14 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2016-08-30 01:45 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2016-08-30 01:45 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2016-08-30 01:45 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2016-08-30 01:45 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2016-08-30 01:45 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2016-08-30 01:45 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2016-08-30 01:45 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2016-08-30 01:10 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2016-08-30 01:10 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2016-08-30 01:10 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2016-08-30 00:32 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2016-08-30 00:32 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2016-08-30 00:32 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2016-08-30 00:32 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2016-08-30 00:32 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2016-08-30 00:32 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2016-08-30 00:31 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2016-08-30 00:31 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2016-08-30 00:26 . 2015-01-09 03:14 91136 ----a-w- c:\windows\system32\wdi.dll
2016-08-30 00:26 . 2015-01-09 03:14 950272 ----a-w- c:\windows\system32\perftrack.dll
2016-08-30 00:26 . 2015-01-09 03:14 29696 ----a-w- c:\windows\system32\powertracker.dll
2016-08-30 00:26 . 2015-01-09 02:48 76800 ----a-w- c:\windows\SysWow64\wdi.dll
2016-08-30 00:25 . 2016-03-16 18:50 156672 ----a-w- c:\windows\system32\mtxoci.dll
2016-08-30 00:25 . 2016-03-16 18:28 111616 ----a-w- c:\windows\SysWow64\mtxoci.dll
2016-08-30 00:25 . 2016-03-16 18:28 176128 ----a-w- c:\windows\SysWow64\msorcl32.dll
2016-08-30 00:25 . 2016-03-16 18:27 286720 ----a-w- c:\program files (x86)\Common Files\System\Ole DB\msdaora.dll
2016-08-30 00:25 . 2015-06-02 00:07 254976 ----a-w- c:\windows\system32\cewmdm.dll
2016-08-30 00:25 . 2015-06-01 23:47 210432 ----a-w- c:\windows\SysWow64\cewmdm.dll
2016-08-30 00:25 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2016-08-30 00:25 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2016-08-30 00:25 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2016-08-30 00:25 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2016-08-30 00:23 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2016-08-30 00:23 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2016-08-30 00:23 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2016-08-30 00:23 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2016-08-30 00:19 . 2016-01-22 06:18 961024 ----a-w- c:\windows\system32\CPFilters.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-08-29 07:57 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2016-08-29 07:57 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2016-08-29 00:30 . 2011-06-10 04:34 116304 ----a-w- c:\windows\system32\RTNUninst64.dll
2016-08-29 00:23 . 2011-05-13 16:58 31040 ----a-w- c:\windows\system32\drivers\hpdskflt.sys
2016-08-02 05:40 . 2016-08-30 21:51 262144 ----a-w- c:\windows\system32\webcheck.dll
2016-08-02 05:16 . 2016-08-30 21:51 230400 ----a-w- c:\windows\SysWow64\webcheck.dll
2016-07-08 15:32 . 2016-08-29 23:59 190464 ----a-w- c:\windows\system32\rpchttp.dll
2016-07-08 15:16 . 2016-08-29 23:59 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2016-06-14 15:21 . 2016-08-30 00:03 2560 ----a-w- c:\windows\apppatch\AcRes.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-08-05 8894680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-09-01 9107104]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxNetAdp;VirtualBox NDIS 6.0 Miniport Service;c:\windows\system32\DRIVERS\VBoxNetAdp6.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp6.sys [x]
S1 VBoxNetLwf;VirtualBox NDIS6 Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetLwf.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetLwf.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RtkBtFilter;Realtek Bluetooth Filter Driver;c:\windows\system32\DRIVERS\RtkBtfilter.sys;c:\windows\SYSNATIVE\DRIVERS\RtkBtfilter.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv64.sys;c:\windows\SYSNATIVE\Drivers\SPUVCbv64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-08-29 21:30 1031520 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2015-06-01 183216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2015-06-01 411056]
"Persistence"="c:\windows\system32\igfxpers.exe" [2015-06-01 453552]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-09-07 1424896]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
TCP: DhcpNameServer = 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_22_0_0_209_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_22_0_0_209_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
.
**************************************************************************
.
Celkový čas: 2016-09-05 19:39:27 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-09-05 17:39
ComboFix2.txt 2016-09-04 19:36
ComboFix3.txt 2016-09-01 17:41
.
Před spuštěním: Volných bajtů: 532 147 613 696
Po spuštění: Volných bajtů: 531 956 703 232
.
- - End Of File - - B707D829A2E650CEBF11325F03EB36DC
A36C5E4F47E84449FF07ED3517B43A31

Reklama

pajas92 · Příspěvekod **pajas92** » 05 zář 2016 19:42

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:42:07, on 5.9.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18427)

Boot mode: Normal

Running processes:
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Users\OEM\Desktop\HijackThis (1).exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [NUSB3MON] "c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6313 bytes

pajas92 · Příspěvekod **pajas92** » 05 zář 2016 21:51

Příspěvekod **jerabina** » 05 zář 2016 22:36

Prosím, vymažte ručně složku c:\program files (x86)\IObit

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit Farbar Recovery Scan Tool (FRST)
32bit.:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
64bit.:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
a ulož jej na plochu. ,pak spusť FRST jako správce
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.

pajas92 · Příspěvekod **pajas92** » 06 zář 2016 20:34

Mají velice mnoho znaků, musel bych to rozdělit. Pokud to nevadí, udělal oboje jsem nahrál.

Příspěvekod **jaro3** » 06 zář 2016 22:05

TrustedInstaller.exe is used by the windows service called "Windows Module Installer" (Or rather is the service) Says it has something to do with updating windows, so uninstalling or disabling it could cause some updates to fail. I wouldn't remove or delete the file itself. Simply set the service to start manualy.

1. Start Menu ->Run
2. type msconfig and select Services section.
3. delect the box next to Windows Module Installer
this will keep it from starting up when loading windows

Now to set it to manual start

1. Right click taskbar and select properties
2. Select Start Menu tab and choose Customise..." button
3. In the list, check "Display administrative tools" and click apply and click ok
4. Now go to Start Menu -> Program Files -> Administrative tools -> Services
5. Look in the list for the service "Windows Module Installer"
6. Double click and look for the dropdown menu, this will be on the "General" tab
7. Select "Manual" from the list
8. Click apply, click ok
9. Now restart

FRST:
-pokud bude mít log více než 60.000 znaků , rozděl ho a vlož do více příspěvků

a vlož oba logy , nejen aditions

Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Kdo je online