Výsledek:2%scannerů(1/39)nelezlo malware! Behavior
VirSCAN.org Scanned Report :
Scanned time : 2015-04-09 10:55:01
Scanner results: 2%的杀软(1/39)报告发现病毒
File Name : user32.dll
File Size : 833024 byte
File Type : application/x-dosexec
MD5 : 2c9cc9f492ca596b1b9fc1ae5e916356
SHA1 : 553a6b184f2c4f77a2483daf9ea027e4e35a1516
Online report : http://r.virscan.org/report/0dd4456db67 ... c3dec08ae1
Scanner Engine Ver Sig Ver Sig Date Time Scan result
ahnlab 9.9.9 9.9.9 2013-05-28 10 没有发现病毒
antivir 1.9.2.0 1.9.159.0 7.11.223.52 16 没有发现病毒
antiy AVL SDK 3.0 2014112615531100 2014-11-26 1 Trojan/Win32.SGeneric
arcavir 1.0 2011 2014-05-30 8 没有发现病毒
asquared 9.0.0.4157 9.0.0.4157 2014-07-30 2 没有发现病毒
avast 150226-0 4.7.4 2015-02-26 31 没有发现病毒
avg 2109/8526 10.0.1405 2015-01-30 6 没有发现病毒
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 3 没有发现病毒
baidusd 1.0 1.0 2014-04-02 1 没有发现病毒
bitdefender 7.58879 7.90123 2015-01-16 1 没有发现病毒
clamav 20293 0.97.5 2015-04-08 2 没有发现病毒
comodo 15023 5.1 2014-11-24 4 没有发现病毒
ctch 4.6.5 5.3.14 2013-12-01 1 没有发现病毒
drweb 5.0.2.3300 5.0.1.1 2015-04-07 31 没有发现病毒
fortinet 25.256, 25.256,5.1.158 2015-04-08 1 没有发现病毒
fprot 4.6.2.117 6.5.1.5418 2015-04-08 1 没有发现病毒
fsecure 2014-04-02-01 9.13 2014-04-02 6 没有发现病毒
gdata 24.3819 24.3819 2014-08-29 8 没有发现病毒
hauri 2.73 2.73 2014-06-13 1 没有发现病毒
ikarus 1.06.01 V1.32.31.0 2015-04-08 15 没有发现病毒
jiangmin 16.0.100 1.0.0.0 2014-07-28 60 没有发现病毒
kaspersky 5.5.33 5.5.33 2014-04-01 19 没有发现病毒
kingsoft 2.1 2.1 2013-09-22 3 没有发现病毒
mcafee 7638 5400.1158 2014-11-30 7 没有发现病毒
nod32 1405 3.0.21 2015-03-31 1 没有发现病毒
panda 9.05.01 9.05.01 2014-06-15 10 没有发现病毒
pcc 11.590.05 9.500-1005 2015-04-08 2 没有发现病毒
qh360 1.0.1 1.0.1 1.0.1 21 没有发现病毒
qqphone 1.0.0.0 1.0.0.0 2015-04-09 1 没有发现病毒
quickheal 14.00 14.00 2014-06-14 3 没有发现病毒
rising 25.17.00.04 25.17.00.04 2014-06-02 4 没有发现病毒
sophos 5.08 3.55.0 2014-12-01 7 没有发现病毒
sunbelt 3.9.2589.2 3.9.2589.2 2014-06-13 3 没有发现病毒
symantec 20150407.001 1.3.0.24 2015-04-07 1 没有发现病毒
tachyon 9.9.9 9.9.9 2013-12-27 5 没有发现病毒
thehacker 6.8.0.5 6.8.0.5 2014-06-12 1 没有发现病毒
tws 17.47.17308 1.0.2.2108 2014-06-16 2 没有发现病毒
vba 3.12.26.3 3.12.26.3 2015-04-08 3 没有发现病毒
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 15 没有发现病毒
Prosím o kontrolu logu Vyřešeno
Re: Prosím o kontrolu logu
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2015-04-10 10:10:33
-----------------------------
10:10:33.876 OS Version: Windows x64 6.1.7601 Service Pack 1
10:10:33.876 Number of processors: 4 586 0x3A09
10:10:33.876 ComputerName: DOMA-PC UserName: DOMA
10:10:34.456 Initialize success
10:10:34.506 VM: initialized successfully
10:10:34.506 VM: Intel CPU BiosDisabled
10:10:43.606 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:10:43.616 Disk 0 Vendor: WDC_WD5000AAKX-00ERMA0 15.01H15 Size: 476940MB BusType: 3
10:10:43.706 Disk 0 MBR read successfully
10:10:43.716 Disk 0 MBR scan
10:10:43.716 Disk 0 Windows 7 default MBR code
10:10:43.716 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 313 MB offset 63
10:10:43.726 Disk 0 Boot: NTFS code=1
10:10:43.746 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476623 MB offset 642600
10:10:43.766 Disk 0 scanning C:\Windows\system32\drivers
10:10:48.936 Service scanning
10:10:51.106 Service ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys **LOCKED** 5
10:10:51.346 Service epfw C:\Windows\system32\DRIVERS\epfw.sys **LOCKED** 5
10:10:51.386 Service EpfwLWF C:\Windows\system32\DRIVERS\EpfwLWF.sys **LOCKED** 5
10:10:51.426 Service epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys **LOCKED** 5
10:10:59.806 Modules scanning
10:10:59.806 Disk 0 trace - called modules:
10:10:59.826 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
10:10:59.836 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004713060]
10:10:59.836 3 CLASSPNP.SYS[fffff880018ce43f] -> nt!IofCallDriver -> [0xfffffa800416b580]
10:10:59.846 5 ACPI.sys[fffff88000f3e7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800416d060]
10:10:59.846 Disk 0 statistics 89376/0/0 @ 9,45 MB/s
10:10:59.856 Scan finished successfully
10:11:20.676 Disk 0 MBR has been saved successfully to "C:\Users\DOMA\Desktop\MBR.dat"
10:11:20.706 The log file has been saved successfully to "C:\Users\DOMA\Desktop\aswMBR.txt"
Run date: 2015-04-10 10:10:33
-----------------------------
10:10:33.876 OS Version: Windows x64 6.1.7601 Service Pack 1
10:10:33.876 Number of processors: 4 586 0x3A09
10:10:33.876 ComputerName: DOMA-PC UserName: DOMA
10:10:34.456 Initialize success
10:10:34.506 VM: initialized successfully
10:10:34.506 VM: Intel CPU BiosDisabled
10:10:43.606 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:10:43.616 Disk 0 Vendor: WDC_WD5000AAKX-00ERMA0 15.01H15 Size: 476940MB BusType: 3
10:10:43.706 Disk 0 MBR read successfully
10:10:43.716 Disk 0 MBR scan
10:10:43.716 Disk 0 Windows 7 default MBR code
10:10:43.716 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 313 MB offset 63
10:10:43.726 Disk 0 Boot: NTFS code=1
10:10:43.746 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476623 MB offset 642600
10:10:43.766 Disk 0 scanning C:\Windows\system32\drivers
10:10:48.936 Service scanning
10:10:51.106 Service ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys **LOCKED** 5
10:10:51.346 Service epfw C:\Windows\system32\DRIVERS\epfw.sys **LOCKED** 5
10:10:51.386 Service EpfwLWF C:\Windows\system32\DRIVERS\EpfwLWF.sys **LOCKED** 5
10:10:51.426 Service epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys **LOCKED** 5
10:10:59.806 Modules scanning
10:10:59.806 Disk 0 trace - called modules:
10:10:59.826 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
10:10:59.836 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004713060]
10:10:59.836 3 CLASSPNP.SYS[fffff880018ce43f] -> nt!IofCallDriver -> [0xfffffa800416b580]
10:10:59.846 5 ACPI.sys[fffff88000f3e7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800416d060]
10:10:59.846 Disk 0 statistics 89376/0/0 @ 9,45 MB/s
10:10:59.856 Scan finished successfully
10:11:20.676 Disk 0 MBR has been saved successfully to "C:\Users\DOMA\Desktop\MBR.dat"
10:11:20.706 The log file has been saved successfully to "C:\Users\DOMA\Desktop\aswMBR.txt"
-
Orcus
- člen Security týmu
-
Elite Level 10.5
- Příspěvky: 10645
- Registrován: duben 10
- Bydliště: Okolo rostou 3 růže =o)
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
A CF, který měl být jako první je kde?
Láska hřeje, ale uhlí je uhlí. 
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Re: Prosím o kontrolu logu
Omlouvám se zapomněl jsem odeslat.
ComboFix 15-04-09.01 - DOMA 10.04.2015 8:56.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4048.2747 [GMT 2:00]
Spuštěný z: c:\users\DOMA\Desktop\ComboFix.exe
AV: ESET Smart Security 8.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personální firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 8.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-03-10 do 2015-04-10 )))))))))))))))))))))))))))))))
.
.
2015-04-10 07:01 . 2015-04-10 07:01 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-04-10 07:01 . 2015-04-10 07:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-09 15:59 . 2015-04-09 15:59 -------- d-----w- c:\users\DOMA\AppData\Roaming\10620
2015-04-09 10:08 . 2015-04-09 10:08 -------- d-----w- c:\users\DOMA\AppData\Local\ESET
2015-04-09 07:02 . 2015-03-23 03:25 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-04-09 07:02 . 2015-03-23 03:25 769536 ----a-w- c:\windows\system32\invagent.dll
2015-04-09 07:02 . 2015-03-23 03:24 419840 ----a-w- c:\windows\system32\devinv.dll
2015-04-09 07:02 . 2015-03-23 03:24 957952 ----a-w- c:\windows\system32\appraiser.dll
2015-04-09 07:02 . 2015-03-23 03:24 30720 ----a-w- c:\windows\system32\acmigration.dll
2015-04-09 07:02 . 2015-03-23 03:24 192000 ----a-w- c:\windows\system32\aepic.dll
2015-04-09 07:02 . 2015-03-23 03:17 1111552 ----a-w- c:\windows\system32\aeinv.dll
2015-04-09 07:02 . 2015-03-23 03:24 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-04-08 18:00 . 2015-04-08 18:00 -------- d-----w- C:\_OTL
2015-04-08 14:53 . 2015-04-08 14:53 -------- d-----w- c:\users\DOMA\AppData\Roaming\10415
2015-04-07 17:59 . 2015-04-07 17:59 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-04-07 08:07 . 2015-04-10 07:01 -------- d-----w- c:\users\DOMA\AppData\Local\Temp
2015-04-07 08:07 . 2014-02-13 21:59 24064 ----a-w- c:\windows\zoek-delete.exe
2015-04-07 06:47 . 2015-04-07 06:47 -------- d-----w- c:\users\DOMA\AppData\Local\Adobe
2015-04-07 06:03 . 2015-03-14 10:02 12002392 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{68D84384-E834-4883-A2C4-02C5BC843237}\mpengine.dll
2015-04-04 16:04 . 2015-04-07 07:54 -------- d-----w- c:\users\DOMA\AppData\Local\CrashDumps
2015-04-04 16:03 . 2015-04-04 16:03 -------- d-----w- C:\RegBackup
2015-04-04 09:52 . 2015-04-07 13:13 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-04 09:52 . 2015-04-04 09:52 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-04-04 09:52 . 2015-03-17 04:15 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-04 09:52 . 2015-03-17 04:15 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-04 09:52 . 2015-03-17 04:15 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-04 09:47 . 2015-04-04 11:30 -------- d-----w- C:\AdwCleaner
2015-04-03 16:42 . 2015-04-03 16:42 -------- d-----w- c:\users\DOMA\AppData\Roaming\TuneUp Software
2015-04-03 16:39 . 2015-04-03 17:47 -------- d-----w- c:\programdata\MFAData
2015-04-03 16:39 . 2015-04-03 16:39 -------- d-----w- c:\users\DOMA\AppData\Local\MFAData
2015-04-01 08:30 . 2015-04-01 08:30 -------- d-s---w- c:\windows\system32\GWX
2015-04-01 08:30 . 2015-04-01 08:30 -------- d-s---w- c:\windows\SysWow64\GWX
2015-03-28 15:42 . 2015-03-28 15:42 -------- d-----w- c:\users\DOMA\AppData\Local\Garmin_Ltd._or_its_subsid
2015-03-21 17:08 . 2015-03-21 17:26 -------- d-----w- c:\programdata\RogueKiller
2015-03-13 12:27 . 2015-03-24 19:25 -------- d-----w- c:\program files (x86)\VSO
2015-03-12 12:19 . 2015-02-03 03:31 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-03-12 12:16 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-03-12 12:16 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-07 17:58 . 2014-10-18 17:49 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-04-07 07:44 . 2014-09-29 16:15 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-03-31 09:58 . 2013-07-17 17:06 778928 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-03-31 09:58 . 2013-07-17 17:06 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-24 19:39 . 2014-01-06 15:43 82816 ----a-w- c:\users\DOMA\AppData\Roaming\pcouffin.sys
2015-03-06 05:42 . 2015-03-12 12:19 341504 ----a-w- c:\windows\system32\schannel.dll
2015-03-06 05:10 . 2015-03-12 12:19 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-02-24 03:17 . 2013-07-17 10:54 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-02-18 09:56 . 2015-02-18 09:56 6295288 ----a-w- c:\windows\SysWow64\nvopencl.dll
2015-02-18 09:55 . 2015-02-18 09:55 7639952 ----a-w- c:\windows\system32\nvopencl.dll
2015-02-18 09:55 . 2015-02-18 09:55 26341704 ----a-w- c:\windows\system32\nvoglv64.dll
2015-02-18 09:55 . 2015-02-18 09:55 19916432 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2015-02-18 09:55 . 2015-02-18 09:55 13585736 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2015-02-18 09:55 . 2015-02-18 09:55 1510728 ----a-w- c:\windows\system32\nvdispgenco6430908.dll
2015-02-18 09:55 . 2015-02-18 09:55 1801544 ----a-w- c:\windows\system32\nvdispco6430908.dll
2015-02-18 09:55 . 2009-07-13 21:59 18320440 ----a-w- c:\windows\system32\nvd3dumx.dll
2015-02-18 09:55 . 2015-02-18 09:55 2748232 ----a-w- c:\windows\system32\nvcuvid.dll
2015-02-18 09:55 . 2015-02-18 09:55 2576200 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2015-02-18 09:55 . 2013-02-19 20:32 15373568 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2015-02-18 09:55 . 2015-02-18 09:55 9185504 ----a-w- c:\windows\system32\nvcuda.dll
2015-02-18 09:55 . 2015-02-18 09:55 7755632 ----a-w- c:\windows\SysWow64\nvcuda.dll
2015-02-18 09:55 . 2015-02-18 09:55 2220176 ----a-w- c:\windows\system32\nvcuvenc.dll
2015-02-18 09:55 . 2015-02-18 09:55 1868104 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2015-02-18 09:55 . 2015-02-18 09:55 17559184 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2015-02-18 09:55 . 2015-02-18 09:55 25255568 ----a-w- c:\windows\system32\nvcompiler.dll
2015-02-18 09:55 . 2015-02-18 09:55 2447000 ----a-w- c:\windows\SysWow64\nvapi.dll
2015-02-18 09:55 . 2013-02-19 20:32 2753952 ----a-w- c:\windows\system32\nvapi64.dll
2015-02-17 14:19 . 2015-02-17 14:19 1614496 ----a-w- c:\windows\system32\FM20.DLL
2015-02-13 11:47 . 2015-02-13 11:47 4575232 ----a-w- c:\windows\SysWow64\GPhotos.scr
2015-01-31 00:57 . 2013-07-16 09:27 6223680 ----a-w- c:\windows\system32\nvcpl.dll
2015-01-31 00:57 . 2013-07-16 09:27 3299472 ----a-w- c:\windows\system32\nvsvc64.dll
2015-01-31 00:57 . 2013-07-16 09:27 878400 ----a-w- c:\windows\system32\nvvsvc.exe
2015-01-31 00:57 . 2013-07-16 09:27 62792 ----a-w- c:\windows\system32\nvshext.dll
2015-01-31 00:57 . 2013-07-16 09:27 2558272 ----a-w- c:\windows\system32\nvsvcr.dll
2015-01-31 00:57 . 2013-07-16 09:27 117392 ----a-w- c:\windows\system32\nvmctray.dll
2015-01-27 23:36 . 2015-02-11 14:51 1239720 ----a-w- c:\windows\system32\aitstatic.exe
2015-01-26 23:23 . 2015-01-26 23:23 14464 ----a-w- c:\windows\system32\drivers\wdcsam64.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\erdnt\cache64\user32.dll
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2010-11-20 . E573BD9AB55C8E333C202B9E255F972E . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2014-10-04 . 2C9CC9F492CA596B1B9FC1AE5E916356 . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\erdnt\cache86\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zoner Photo Studio Autoupdate"="c:\program files\Zoner\Photo Studio 17\Program32\ZPSTRAY.EXE" [2015-04-02 563416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-03-07 335232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 ESETCleanersDriver;ESET Cleaner Service;c:\windows\system32\Drivers\ESETCleanersDriver.sys;c:\windows\SYSNATIVE\Drivers\ESETCleanersDriver.sys [x]
R3 Garmin Device Interaction Service;Garmin Device Interaction Service;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 t_mouse.sys;HID-compliand device;c:\windows\system32\DRIVERS\t_mouse.sys;c:\windows\SYSNATIVE\DRIVERS\t_mouse.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-03 08:05 1061704 ----a-w- c:\program files (x86)\Google\Chrome\Application\41.0.2272.118\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2014-10-01 5595336]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 213.46.172.37 213.46.172.36
FF - ProfilePath - c:\users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\omtt2d0x.default-1413530589483\
FF - prefs.js: browser.startup.homepage - hxxps://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
AddRemove-{714dc1e5-69a4-4ecd-9552-93397e084298} - c:\programdata\Package Cache\{714dc1e5-69a4-4ecd-9552-93397e084298}\GarminExpressInstaller.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
AddRemove-{d2970a7c-aaef-4f35-a1d5-338c3a92404f} - c:\programdata\Package Cache\{d2970a7c-aaef-4f35-a1d5-338c3a92404f}\GarminExpressInstaller.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2015-04-10 09:04:10
ComboFix-quarantined-files.txt 2015-04-10 07:04
.
Před spuštěním: Volných bajtů: 349 252 403 200
Po spuštění: Volných bajtů: 348 942 082 048
.
- - End Of File - - F0B14C00FBDF82B5C2CBA0162682E40B
A36C5E4F47E84449FF07ED3517B43A31
ComboFix 15-04-09.01 - DOMA 10.04.2015 8:56.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4048.2747 [GMT 2:00]
Spuštěný z: c:\users\DOMA\Desktop\ComboFix.exe
AV: ESET Smart Security 8.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personální firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 8.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-03-10 do 2015-04-10 )))))))))))))))))))))))))))))))
.
.
2015-04-10 07:01 . 2015-04-10 07:01 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-04-10 07:01 . 2015-04-10 07:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-09 15:59 . 2015-04-09 15:59 -------- d-----w- c:\users\DOMA\AppData\Roaming\10620
2015-04-09 10:08 . 2015-04-09 10:08 -------- d-----w- c:\users\DOMA\AppData\Local\ESET
2015-04-09 07:02 . 2015-03-23 03:25 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-04-09 07:02 . 2015-03-23 03:25 769536 ----a-w- c:\windows\system32\invagent.dll
2015-04-09 07:02 . 2015-03-23 03:24 419840 ----a-w- c:\windows\system32\devinv.dll
2015-04-09 07:02 . 2015-03-23 03:24 957952 ----a-w- c:\windows\system32\appraiser.dll
2015-04-09 07:02 . 2015-03-23 03:24 30720 ----a-w- c:\windows\system32\acmigration.dll
2015-04-09 07:02 . 2015-03-23 03:24 192000 ----a-w- c:\windows\system32\aepic.dll
2015-04-09 07:02 . 2015-03-23 03:17 1111552 ----a-w- c:\windows\system32\aeinv.dll
2015-04-09 07:02 . 2015-03-23 03:24 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-04-08 18:00 . 2015-04-08 18:00 -------- d-----w- C:\_OTL
2015-04-08 14:53 . 2015-04-08 14:53 -------- d-----w- c:\users\DOMA\AppData\Roaming\10415
2015-04-07 17:59 . 2015-04-07 17:59 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-04-07 08:07 . 2015-04-10 07:01 -------- d-----w- c:\users\DOMA\AppData\Local\Temp
2015-04-07 08:07 . 2014-02-13 21:59 24064 ----a-w- c:\windows\zoek-delete.exe
2015-04-07 06:47 . 2015-04-07 06:47 -------- d-----w- c:\users\DOMA\AppData\Local\Adobe
2015-04-07 06:03 . 2015-03-14 10:02 12002392 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{68D84384-E834-4883-A2C4-02C5BC843237}\mpengine.dll
2015-04-04 16:04 . 2015-04-07 07:54 -------- d-----w- c:\users\DOMA\AppData\Local\CrashDumps
2015-04-04 16:03 . 2015-04-04 16:03 -------- d-----w- C:\RegBackup
2015-04-04 09:52 . 2015-04-07 13:13 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-04 09:52 . 2015-04-04 09:52 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-04-04 09:52 . 2015-03-17 04:15 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-04 09:52 . 2015-03-17 04:15 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-04 09:52 . 2015-03-17 04:15 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-04 09:47 . 2015-04-04 11:30 -------- d-----w- C:\AdwCleaner
2015-04-03 16:42 . 2015-04-03 16:42 -------- d-----w- c:\users\DOMA\AppData\Roaming\TuneUp Software
2015-04-03 16:39 . 2015-04-03 17:47 -------- d-----w- c:\programdata\MFAData
2015-04-03 16:39 . 2015-04-03 16:39 -------- d-----w- c:\users\DOMA\AppData\Local\MFAData
2015-04-01 08:30 . 2015-04-01 08:30 -------- d-s---w- c:\windows\system32\GWX
2015-04-01 08:30 . 2015-04-01 08:30 -------- d-s---w- c:\windows\SysWow64\GWX
2015-03-28 15:42 . 2015-03-28 15:42 -------- d-----w- c:\users\DOMA\AppData\Local\Garmin_Ltd._or_its_subsid
2015-03-21 17:08 . 2015-03-21 17:26 -------- d-----w- c:\programdata\RogueKiller
2015-03-13 12:27 . 2015-03-24 19:25 -------- d-----w- c:\program files (x86)\VSO
2015-03-12 12:19 . 2015-02-03 03:31 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-03-12 12:16 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-03-12 12:16 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-07 17:58 . 2014-10-18 17:49 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-04-07 07:44 . 2014-09-29 16:15 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-03-31 09:58 . 2013-07-17 17:06 778928 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-03-31 09:58 . 2013-07-17 17:06 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-24 19:39 . 2014-01-06 15:43 82816 ----a-w- c:\users\DOMA\AppData\Roaming\pcouffin.sys
2015-03-06 05:42 . 2015-03-12 12:19 341504 ----a-w- c:\windows\system32\schannel.dll
2015-03-06 05:10 . 2015-03-12 12:19 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-02-24 03:17 . 2013-07-17 10:54 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-02-18 09:56 . 2015-02-18 09:56 6295288 ----a-w- c:\windows\SysWow64\nvopencl.dll
2015-02-18 09:55 . 2015-02-18 09:55 7639952 ----a-w- c:\windows\system32\nvopencl.dll
2015-02-18 09:55 . 2015-02-18 09:55 26341704 ----a-w- c:\windows\system32\nvoglv64.dll
2015-02-18 09:55 . 2015-02-18 09:55 19916432 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2015-02-18 09:55 . 2015-02-18 09:55 13585736 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2015-02-18 09:55 . 2015-02-18 09:55 1510728 ----a-w- c:\windows\system32\nvdispgenco6430908.dll
2015-02-18 09:55 . 2015-02-18 09:55 1801544 ----a-w- c:\windows\system32\nvdispco6430908.dll
2015-02-18 09:55 . 2009-07-13 21:59 18320440 ----a-w- c:\windows\system32\nvd3dumx.dll
2015-02-18 09:55 . 2015-02-18 09:55 2748232 ----a-w- c:\windows\system32\nvcuvid.dll
2015-02-18 09:55 . 2015-02-18 09:55 2576200 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2015-02-18 09:55 . 2013-02-19 20:32 15373568 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2015-02-18 09:55 . 2015-02-18 09:55 9185504 ----a-w- c:\windows\system32\nvcuda.dll
2015-02-18 09:55 . 2015-02-18 09:55 7755632 ----a-w- c:\windows\SysWow64\nvcuda.dll
2015-02-18 09:55 . 2015-02-18 09:55 2220176 ----a-w- c:\windows\system32\nvcuvenc.dll
2015-02-18 09:55 . 2015-02-18 09:55 1868104 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2015-02-18 09:55 . 2015-02-18 09:55 17559184 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2015-02-18 09:55 . 2015-02-18 09:55 25255568 ----a-w- c:\windows\system32\nvcompiler.dll
2015-02-18 09:55 . 2015-02-18 09:55 2447000 ----a-w- c:\windows\SysWow64\nvapi.dll
2015-02-18 09:55 . 2013-02-19 20:32 2753952 ----a-w- c:\windows\system32\nvapi64.dll
2015-02-17 14:19 . 2015-02-17 14:19 1614496 ----a-w- c:\windows\system32\FM20.DLL
2015-02-13 11:47 . 2015-02-13 11:47 4575232 ----a-w- c:\windows\SysWow64\GPhotos.scr
2015-01-31 00:57 . 2013-07-16 09:27 6223680 ----a-w- c:\windows\system32\nvcpl.dll
2015-01-31 00:57 . 2013-07-16 09:27 3299472 ----a-w- c:\windows\system32\nvsvc64.dll
2015-01-31 00:57 . 2013-07-16 09:27 878400 ----a-w- c:\windows\system32\nvvsvc.exe
2015-01-31 00:57 . 2013-07-16 09:27 62792 ----a-w- c:\windows\system32\nvshext.dll
2015-01-31 00:57 . 2013-07-16 09:27 2558272 ----a-w- c:\windows\system32\nvsvcr.dll
2015-01-31 00:57 . 2013-07-16 09:27 117392 ----a-w- c:\windows\system32\nvmctray.dll
2015-01-27 23:36 . 2015-02-11 14:51 1239720 ----a-w- c:\windows\system32\aitstatic.exe
2015-01-26 23:23 . 2015-01-26 23:23 14464 ----a-w- c:\windows\system32\drivers\wdcsam64.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\erdnt\cache64\user32.dll
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2010-11-20 . E573BD9AB55C8E333C202B9E255F972E . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2014-10-04 . 2C9CC9F492CA596B1B9FC1AE5E916356 . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\erdnt\cache86\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zoner Photo Studio Autoupdate"="c:\program files\Zoner\Photo Studio 17\Program32\ZPSTRAY.EXE" [2015-04-02 563416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-03-07 335232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 ESETCleanersDriver;ESET Cleaner Service;c:\windows\system32\Drivers\ESETCleanersDriver.sys;c:\windows\SYSNATIVE\Drivers\ESETCleanersDriver.sys [x]
R3 Garmin Device Interaction Service;Garmin Device Interaction Service;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 t_mouse.sys;HID-compliand device;c:\windows\system32\DRIVERS\t_mouse.sys;c:\windows\SYSNATIVE\DRIVERS\t_mouse.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-03 08:05 1061704 ----a-w- c:\program files (x86)\Google\Chrome\Application\41.0.2272.118\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2014-10-01 5595336]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 213.46.172.37 213.46.172.36
FF - ProfilePath - c:\users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\omtt2d0x.default-1413530589483\
FF - prefs.js: browser.startup.homepage - hxxps://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
AddRemove-{714dc1e5-69a4-4ecd-9552-93397e084298} - c:\programdata\Package Cache\{714dc1e5-69a4-4ecd-9552-93397e084298}\GarminExpressInstaller.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
AddRemove-{d2970a7c-aaef-4f35-a1d5-338c3a92404f} - c:\programdata\Package Cache\{d2970a7c-aaef-4f35-a1d5-338c3a92404f}\GarminExpressInstaller.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2015-04-10 09:04:10
ComboFix-quarantined-files.txt 2015-04-10 07:04
.
Před spuštěním: Volných bajtů: 349 252 403 200
Po spuštění: Volných bajtů: 348 942 082 048
.
- - End Of File - - F0B14C00FBDF82B5C2CBA0162682E40B
A36C5E4F47E84449FF07ED3517B43A31
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Ten script v Combofixu ještě jednou , v nouz. režimu.
+
Vlož nový log z HJT + informuj o problémech.
+
Vlož nový log z HJT + informuj o problémech.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu
ComboFix 15-04-09.01 - DOMA 11.04.2015 13:43:16.3.4 - x64 MINIMAL
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4048.3361 [GMT 2:00]
Spuštěný z: c:\users\DOMA\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\DOMA\Desktop\CFScript.txt
AV: ESET Smart Security 8.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personální firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 8.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-03-11 do 2015-04-11 )))))))))))))))))))))))))))))))
.
.
2015-04-11 11:50 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BE90B80A-E630-4CAA-A73E-A1684E6EF759}\mpengine.dll
2015-04-11 11:48 . 2015-04-11 11:48 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-04-11 11:48 . 2015-04-11 11:48 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-04-11 11:48 . 2015-04-11 11:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-09 15:59 . 2015-04-09 15:59 -------- d-----w- c:\users\DOMA\AppData\Roaming\10620
2015-04-09 10:08 . 2015-04-09 10:08 -------- d-----w- c:\users\DOMA\AppData\Local\ESET
2015-04-09 07:02 . 2015-03-23 03:25 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-04-09 07:02 . 2015-03-23 03:25 769536 ----a-w- c:\windows\system32\invagent.dll
2015-04-09 07:02 . 2015-03-23 03:24 419840 ----a-w- c:\windows\system32\devinv.dll
2015-04-09 07:02 . 2015-03-23 03:24 957952 ----a-w- c:\windows\system32\appraiser.dll
2015-04-09 07:02 . 2015-03-23 03:24 30720 ----a-w- c:\windows\system32\acmigration.dll
2015-04-09 07:02 . 2015-03-23 03:24 192000 ----a-w- c:\windows\system32\aepic.dll
2015-04-09 07:02 . 2015-03-23 03:17 1111552 ----a-w- c:\windows\system32\aeinv.dll
2015-04-09 07:02 . 2015-03-23 03:24 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-04-08 18:00 . 2015-04-08 18:00 -------- d-----w- C:\_OTL
2015-04-08 14:53 . 2015-04-08 14:53 -------- d-----w- c:\users\DOMA\AppData\Roaming\10415
2015-04-07 17:59 . 2015-04-07 17:59 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-04-07 08:07 . 2015-04-11 11:50 -------- d-----w- c:\users\DOMA\AppData\Local\Temp
2015-04-07 08:07 . 2014-02-13 21:59 24064 ----a-w- c:\windows\zoek-delete.exe
2015-04-07 06:47 . 2015-04-07 06:47 -------- d-----w- c:\users\DOMA\AppData\Local\Adobe
2015-04-07 06:03 . 2015-03-14 10:02 12002392 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{68D84384-E834-4883-A2C4-02C5BC843237}\mpengine.dll
2015-04-04 16:04 . 2015-04-07 07:54 -------- d-----w- c:\users\DOMA\AppData\Local\CrashDumps
2015-04-04 16:03 . 2015-04-04 16:03 -------- d-----w- C:\RegBackup
2015-04-04 09:52 . 2015-04-07 13:13 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-04 09:52 . 2015-04-04 09:52 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-04-04 09:52 . 2015-03-17 04:15 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-04 09:52 . 2015-03-17 04:15 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-04 09:52 . 2015-03-17 04:15 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-04 09:47 . 2015-04-04 11:30 -------- d-----w- C:\AdwCleaner
2015-04-03 16:42 . 2015-04-03 16:42 -------- d-----w- c:\users\DOMA\AppData\Roaming\TuneUp Software
2015-04-03 16:39 . 2015-04-03 17:47 -------- d-----w- c:\programdata\MFAData
2015-04-03 16:39 . 2015-04-03 16:39 -------- d-----w- c:\users\DOMA\AppData\Local\MFAData
2015-04-01 08:30 . 2015-04-01 08:30 -------- d-s---w- c:\windows\system32\GWX
2015-04-01 08:30 . 2015-04-01 08:30 -------- d-s---w- c:\windows\SysWow64\GWX
2015-03-28 15:42 . 2015-03-28 15:42 -------- d-----w- c:\users\DOMA\AppData\Local\Garmin_Ltd._or_its_subsid
2015-03-21 17:08 . 2015-03-21 17:26 -------- d-----w- c:\programdata\RogueKiller
2015-03-13 12:27 . 2015-03-24 19:25 -------- d-----w- c:\program files (x86)\VSO
2015-03-12 12:19 . 2015-02-03 03:31 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-03-12 12:16 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-03-12 12:16 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-07 17:58 . 2014-10-18 17:49 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-04-07 07:44 . 2014-09-29 16:15 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-03-31 09:58 . 2013-07-17 17:06 778928 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-03-31 09:58 . 2013-07-17 17:06 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-24 19:39 . 2014-01-06 15:43 82816 ----a-w- c:\users\DOMA\AppData\Roaming\pcouffin.sys
2015-03-06 05:42 . 2015-03-12 12:19 341504 ----a-w- c:\windows\system32\schannel.dll
2015-03-06 05:10 . 2015-03-12 12:19 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-02-24 03:17 . 2013-07-17 10:54 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-02-18 09:56 . 2015-02-18 09:56 6295288 ----a-w- c:\windows\SysWow64\nvopencl.dll
2015-02-18 09:55 . 2015-02-18 09:55 7639952 ----a-w- c:\windows\system32\nvopencl.dll
2015-02-18 09:55 . 2015-02-18 09:55 26341704 ----a-w- c:\windows\system32\nvoglv64.dll
2015-02-18 09:55 . 2015-02-18 09:55 19916432 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2015-02-18 09:55 . 2015-02-18 09:55 13585736 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2015-02-18 09:55 . 2015-02-18 09:55 1510728 ----a-w- c:\windows\system32\nvdispgenco6430908.dll
2015-02-18 09:55 . 2015-02-18 09:55 1801544 ----a-w- c:\windows\system32\nvdispco6430908.dll
2015-02-18 09:55 . 2009-07-13 21:59 18320440 ----a-w- c:\windows\system32\nvd3dumx.dll
2015-02-18 09:55 . 2015-02-18 09:55 2748232 ----a-w- c:\windows\system32\nvcuvid.dll
2015-02-18 09:55 . 2015-02-18 09:55 2576200 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2015-02-18 09:55 . 2013-02-19 20:32 15373568 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2015-02-18 09:55 . 2015-02-18 09:55 9185504 ----a-w- c:\windows\system32\nvcuda.dll
2015-02-18 09:55 . 2015-02-18 09:55 7755632 ----a-w- c:\windows\SysWow64\nvcuda.dll
2015-02-18 09:55 . 2015-02-18 09:55 2220176 ----a-w- c:\windows\system32\nvcuvenc.dll
2015-02-18 09:55 . 2015-02-18 09:55 1868104 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2015-02-18 09:55 . 2015-02-18 09:55 17559184 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2015-02-18 09:55 . 2015-02-18 09:55 25255568 ----a-w- c:\windows\system32\nvcompiler.dll
2015-02-18 09:55 . 2015-02-18 09:55 2447000 ----a-w- c:\windows\SysWow64\nvapi.dll
2015-02-18 09:55 . 2013-02-19 20:32 2753952 ----a-w- c:\windows\system32\nvapi64.dll
2015-02-17 14:19 . 2015-02-17 14:19 1614496 ----a-w- c:\windows\system32\FM20.DLL
2015-02-13 11:47 . 2015-02-13 11:47 4575232 ----a-w- c:\windows\SysWow64\GPhotos.scr
2015-01-31 00:57 . 2013-07-16 09:27 6223680 ----a-w- c:\windows\system32\nvcpl.dll
2015-01-31 00:57 . 2013-07-16 09:27 3299472 ----a-w- c:\windows\system32\nvsvc64.dll
2015-01-31 00:57 . 2013-07-16 09:27 878400 ----a-w- c:\windows\system32\nvvsvc.exe
2015-01-31 00:57 . 2013-07-16 09:27 62792 ----a-w- c:\windows\system32\nvshext.dll
2015-01-31 00:57 . 2013-07-16 09:27 2558272 ----a-w- c:\windows\system32\nvsvcr.dll
2015-01-31 00:57 . 2013-07-16 09:27 117392 ----a-w- c:\windows\system32\nvmctray.dll
2015-01-27 23:36 . 2015-02-11 14:51 1239720 ----a-w- c:\windows\system32\aitstatic.exe
2015-01-26 23:23 . 2015-01-26 23:23 14464 ----a-w- c:\windows\system32\drivers\wdcsam64.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\erdnt\cache64\user32.dll
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2010-11-20 . E573BD9AB55C8E333C202B9E255F972E . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2014-10-04 . 2C9CC9F492CA596B1B9FC1AE5E916356 . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\erdnt\cache86\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zoner Photo Studio Autoupdate"="c:\program files\Zoner\Photo Studio 17\Program32\ZPSTRAY.EXE" [2015-04-02 563416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-03-07 335232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 ESETCleanersDriver;ESET Cleaner Service;c:\windows\system32\Drivers\ESETCleanersDriver.sys;c:\windows\SYSNATIVE\Drivers\ESETCleanersDriver.sys [x]
R3 Garmin Device Interaction Service;Garmin Device Interaction Service;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 t_mouse.sys;HID-compliand device;c:\windows\system32\DRIVERS\t_mouse.sys;c:\windows\SYSNATIVE\DRIVERS\t_mouse.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-03 08:05 1061704 ----a-w- c:\program files (x86)\Google\Chrome\Application\41.0.2272.118\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2014-10-01 5595336]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 213.46.172.37 213.46.172.36
FF - ProfilePath - c:\users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\omtt2d0x.default-1413530589483\
FF - prefs.js: browser.startup.homepage - hxxps://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
AddRemove-{714dc1e5-69a4-4ecd-9552-93397e084298} - c:\programdata\Package Cache\{714dc1e5-69a4-4ecd-9552-93397e084298}\GarminExpressInstaller.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
AddRemove-{d2970a7c-aaef-4f35-a1d5-338c3a92404f} - c:\programdata\Package Cache\{d2970a7c-aaef-4f35-a1d5-338c3a92404f}\GarminExpressInstaller.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
**************************************************************************
.
Celkový čas: 2015-04-11 13:54:46 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-04-11 11:54
ComboFix2.txt 2015-04-10 07:04
.
Před spuštěním: Volných bajtů: 333 719 625 728
Po spuštění: Volných bajtů: 333 654 261 760
.
- - End Of File - - 8E012795FB1641684CF0FFEAD97A3DC4
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4048.3361 [GMT 2:00]
Spuštěný z: c:\users\DOMA\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\DOMA\Desktop\CFScript.txt
AV: ESET Smart Security 8.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personální firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 8.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-03-11 do 2015-04-11 )))))))))))))))))))))))))))))))
.
.
2015-04-11 11:50 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BE90B80A-E630-4CAA-A73E-A1684E6EF759}\mpengine.dll
2015-04-11 11:48 . 2015-04-11 11:48 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-04-11 11:48 . 2015-04-11 11:48 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-04-11 11:48 . 2015-04-11 11:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-09 15:59 . 2015-04-09 15:59 -------- d-----w- c:\users\DOMA\AppData\Roaming\10620
2015-04-09 10:08 . 2015-04-09 10:08 -------- d-----w- c:\users\DOMA\AppData\Local\ESET
2015-04-09 07:02 . 2015-03-23 03:25 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-04-09 07:02 . 2015-03-23 03:25 769536 ----a-w- c:\windows\system32\invagent.dll
2015-04-09 07:02 . 2015-03-23 03:24 419840 ----a-w- c:\windows\system32\devinv.dll
2015-04-09 07:02 . 2015-03-23 03:24 957952 ----a-w- c:\windows\system32\appraiser.dll
2015-04-09 07:02 . 2015-03-23 03:24 30720 ----a-w- c:\windows\system32\acmigration.dll
2015-04-09 07:02 . 2015-03-23 03:24 192000 ----a-w- c:\windows\system32\aepic.dll
2015-04-09 07:02 . 2015-03-23 03:17 1111552 ----a-w- c:\windows\system32\aeinv.dll
2015-04-09 07:02 . 2015-03-23 03:24 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-04-08 18:00 . 2015-04-08 18:00 -------- d-----w- C:\_OTL
2015-04-08 14:53 . 2015-04-08 14:53 -------- d-----w- c:\users\DOMA\AppData\Roaming\10415
2015-04-07 17:59 . 2015-04-07 17:59 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-04-07 08:07 . 2015-04-11 11:50 -------- d-----w- c:\users\DOMA\AppData\Local\Temp
2015-04-07 08:07 . 2014-02-13 21:59 24064 ----a-w- c:\windows\zoek-delete.exe
2015-04-07 06:47 . 2015-04-07 06:47 -------- d-----w- c:\users\DOMA\AppData\Local\Adobe
2015-04-07 06:03 . 2015-03-14 10:02 12002392 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{68D84384-E834-4883-A2C4-02C5BC843237}\mpengine.dll
2015-04-04 16:04 . 2015-04-07 07:54 -------- d-----w- c:\users\DOMA\AppData\Local\CrashDumps
2015-04-04 16:03 . 2015-04-04 16:03 -------- d-----w- C:\RegBackup
2015-04-04 09:52 . 2015-04-07 13:13 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-04 09:52 . 2015-04-04 09:52 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-04-04 09:52 . 2015-03-17 04:15 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-04 09:52 . 2015-03-17 04:15 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-04 09:52 . 2015-03-17 04:15 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-04 09:47 . 2015-04-04 11:30 -------- d-----w- C:\AdwCleaner
2015-04-03 16:42 . 2015-04-03 16:42 -------- d-----w- c:\users\DOMA\AppData\Roaming\TuneUp Software
2015-04-03 16:39 . 2015-04-03 17:47 -------- d-----w- c:\programdata\MFAData
2015-04-03 16:39 . 2015-04-03 16:39 -------- d-----w- c:\users\DOMA\AppData\Local\MFAData
2015-04-01 08:30 . 2015-04-01 08:30 -------- d-s---w- c:\windows\system32\GWX
2015-04-01 08:30 . 2015-04-01 08:30 -------- d-s---w- c:\windows\SysWow64\GWX
2015-03-28 15:42 . 2015-03-28 15:42 -------- d-----w- c:\users\DOMA\AppData\Local\Garmin_Ltd._or_its_subsid
2015-03-21 17:08 . 2015-03-21 17:26 -------- d-----w- c:\programdata\RogueKiller
2015-03-13 12:27 . 2015-03-24 19:25 -------- d-----w- c:\program files (x86)\VSO
2015-03-12 12:19 . 2015-02-03 03:31 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-03-12 12:16 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-03-12 12:16 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-07 17:58 . 2014-10-18 17:49 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-04-07 07:44 . 2014-09-29 16:15 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-03-31 09:58 . 2013-07-17 17:06 778928 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-03-31 09:58 . 2013-07-17 17:06 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-24 19:39 . 2014-01-06 15:43 82816 ----a-w- c:\users\DOMA\AppData\Roaming\pcouffin.sys
2015-03-06 05:42 . 2015-03-12 12:19 341504 ----a-w- c:\windows\system32\schannel.dll
2015-03-06 05:10 . 2015-03-12 12:19 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-02-24 03:17 . 2013-07-17 10:54 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-02-18 09:56 . 2015-02-18 09:56 6295288 ----a-w- c:\windows\SysWow64\nvopencl.dll
2015-02-18 09:55 . 2015-02-18 09:55 7639952 ----a-w- c:\windows\system32\nvopencl.dll
2015-02-18 09:55 . 2015-02-18 09:55 26341704 ----a-w- c:\windows\system32\nvoglv64.dll
2015-02-18 09:55 . 2015-02-18 09:55 19916432 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2015-02-18 09:55 . 2015-02-18 09:55 13585736 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2015-02-18 09:55 . 2015-02-18 09:55 1510728 ----a-w- c:\windows\system32\nvdispgenco6430908.dll
2015-02-18 09:55 . 2015-02-18 09:55 1801544 ----a-w- c:\windows\system32\nvdispco6430908.dll
2015-02-18 09:55 . 2009-07-13 21:59 18320440 ----a-w- c:\windows\system32\nvd3dumx.dll
2015-02-18 09:55 . 2015-02-18 09:55 2748232 ----a-w- c:\windows\system32\nvcuvid.dll
2015-02-18 09:55 . 2015-02-18 09:55 2576200 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2015-02-18 09:55 . 2013-02-19 20:32 15373568 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2015-02-18 09:55 . 2015-02-18 09:55 9185504 ----a-w- c:\windows\system32\nvcuda.dll
2015-02-18 09:55 . 2015-02-18 09:55 7755632 ----a-w- c:\windows\SysWow64\nvcuda.dll
2015-02-18 09:55 . 2015-02-18 09:55 2220176 ----a-w- c:\windows\system32\nvcuvenc.dll
2015-02-18 09:55 . 2015-02-18 09:55 1868104 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2015-02-18 09:55 . 2015-02-18 09:55 17559184 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2015-02-18 09:55 . 2015-02-18 09:55 25255568 ----a-w- c:\windows\system32\nvcompiler.dll
2015-02-18 09:55 . 2015-02-18 09:55 2447000 ----a-w- c:\windows\SysWow64\nvapi.dll
2015-02-18 09:55 . 2013-02-19 20:32 2753952 ----a-w- c:\windows\system32\nvapi64.dll
2015-02-17 14:19 . 2015-02-17 14:19 1614496 ----a-w- c:\windows\system32\FM20.DLL
2015-02-13 11:47 . 2015-02-13 11:47 4575232 ----a-w- c:\windows\SysWow64\GPhotos.scr
2015-01-31 00:57 . 2013-07-16 09:27 6223680 ----a-w- c:\windows\system32\nvcpl.dll
2015-01-31 00:57 . 2013-07-16 09:27 3299472 ----a-w- c:\windows\system32\nvsvc64.dll
2015-01-31 00:57 . 2013-07-16 09:27 878400 ----a-w- c:\windows\system32\nvvsvc.exe
2015-01-31 00:57 . 2013-07-16 09:27 62792 ----a-w- c:\windows\system32\nvshext.dll
2015-01-31 00:57 . 2013-07-16 09:27 2558272 ----a-w- c:\windows\system32\nvsvcr.dll
2015-01-31 00:57 . 2013-07-16 09:27 117392 ----a-w- c:\windows\system32\nvmctray.dll
2015-01-27 23:36 . 2015-02-11 14:51 1239720 ----a-w- c:\windows\system32\aitstatic.exe
2015-01-26 23:23 . 2015-01-26 23:23 14464 ----a-w- c:\windows\system32\drivers\wdcsam64.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\erdnt\cache64\user32.dll
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2010-11-20 . E573BD9AB55C8E333C202B9E255F972E . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2014-10-04 . 2C9CC9F492CA596B1B9FC1AE5E916356 . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\erdnt\cache86\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zoner Photo Studio Autoupdate"="c:\program files\Zoner\Photo Studio 17\Program32\ZPSTRAY.EXE" [2015-04-02 563416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-03-07 335232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 ESETCleanersDriver;ESET Cleaner Service;c:\windows\system32\Drivers\ESETCleanersDriver.sys;c:\windows\SYSNATIVE\Drivers\ESETCleanersDriver.sys [x]
R3 Garmin Device Interaction Service;Garmin Device Interaction Service;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 t_mouse.sys;HID-compliand device;c:\windows\system32\DRIVERS\t_mouse.sys;c:\windows\SYSNATIVE\DRIVERS\t_mouse.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-03 08:05 1061704 ----a-w- c:\program files (x86)\Google\Chrome\Application\41.0.2272.118\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2014-10-01 5595336]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 213.46.172.37 213.46.172.36
FF - ProfilePath - c:\users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\omtt2d0x.default-1413530589483\
FF - prefs.js: browser.startup.homepage - hxxps://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
AddRemove-{714dc1e5-69a4-4ecd-9552-93397e084298} - c:\programdata\Package Cache\{714dc1e5-69a4-4ecd-9552-93397e084298}\GarminExpressInstaller.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
AddRemove-{d2970a7c-aaef-4f35-a1d5-338c3a92404f} - c:\programdata\Package Cache\{d2970a7c-aaef-4f35-a1d5-338c3a92404f}\GarminExpressInstaller.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
**************************************************************************
.
Celkový čas: 2015-04-11 13:54:46 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-04-11 11:54
ComboFix2.txt 2015-04-10 07:04
.
Před spuštěním: Volných bajtů: 333 719 625 728
Po spuštění: Volných bajtů: 333 654 261 760
.
- - End Of File - - 8E012795FB1641684CF0FFEAD97A3DC4
A36C5E4F47E84449FF07ED3517B43A31
Re: Prosím o kontrolu logu
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:56:09, on 11.4.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17689)
FIREFOX: 37.0.1 (x86 cs)
Boot mode: Normal
Running processes:
C:\Users\DOMA\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] "C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTRAY.EXE"
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Garmin Device Interaction Service - Garmin Ltd. or its subsidiaries - C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 7352 bytes
Scan saved at 13:56:09, on 11.4.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17689)
FIREFOX: 37.0.1 (x86 cs)
Boot mode: Normal
Running processes:
C:\Users\DOMA\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] "C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTRAY.EXE"
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Garmin Device Interaction Service - Garmin Ltd. or its subsidiaries - C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 7352 bytes
Re: Prosím o kontrolu logu
ESS je stále aktuální neodinstaloval se.
-
Orcus
- člen Security týmu
-
Elite Level 10.5
- Příspěvky: 10645
- Registrován: duben 10
- Bydliště: Okolo rostou 3 růže =o)
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Stáhni tento soubor:
http://download.eset.com/special/avremo ... 64_enu.exe
Spusť jej v nouzovém režimu a postupuj podle těchto kroků:
http://kb.eset.com/esetkb/index?page=co ... d=SOLN3527
http://download.eset.com/special/avremo ... 64_enu.exe
Spusť jej v nouzovém režimu a postupuj podle těchto kroků:
http://kb.eset.com/esetkb/index?page=co ... d=SOLN3527
Láska hřeje, ale uhlí je uhlí.
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Re: Prosím o kontrolu logu
Tak prográmek nic nenašel.No aplications found.
ESET AV Remover has not found any antivirus aplications or their incomplete instalation.
Toto bylo napsáno po ukončení programu.No ESS stále funguje.
ESET AV Remover has not found any antivirus aplications or their incomplete instalation.
Toto bylo napsáno po ukončení programu.No ESS stále funguje.
Re: Prosím o kontrolu logu
Když jej chceš odinstalovat pomocí Ovládacích planelů, co Ti to napíše?
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Udělej znovu OTL.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 44 hostů