Prosím o kontrolu logu

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: memphisto, Mods_senior, Security team

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 38707
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 23 led 2018 10:00

Ještě to další.


Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Reklama
jindob
nováček
Příspěvky: 24
Registrován: leden 18
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod jindob » 24 led 2018 09:33

Zemana AntiMalware 2.74.2.150 (instalační verze)

-------------------------------------------------------
Scan Result : Dokončeno
Scan Date : 2018.1.24
Operating System : Windows 7 64-bit
Processor : 4X Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
BIOS Mode : UEFI
CUID : 121045D37DC9BA2C60CC7F
Scan Type : Skenování systému
Duration : 13m 51s
Scanned Objects : 155219
Detected Objects : 1
Excluded Objects : 0
Read Level : Normal
Auto Upload : Zapnuto
Detect All Extensions : Vypnuto
Scan Documents : Vypnuto
Domain Info : FS,1,3

Detected Objects
-------------------------------------------------------

NlaSvc Manual Proxies
Status : Skenováno
Object : HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\@
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Potenciálně nechtěné modifikace
Cleaning Action : Vymazat
Related Objects :
Záznam registru - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\@ = 1proxy7032.fs.mfcr.cz:3128

AvisMEAgent.exe
Status : Neúspěšné
Object : %programfiles%\avismegfr\testess\avismeagent.exe
MD5 : 2F285E021F37788B95D677347FE1D72E
Publisher : -
Size : 550912
Version : 9.0.0.1915
Detection :
Cleaning Action : Karanténa
Related Objects :
Soubor - %programfiles%\avismegfr\testess\avismeagent.exe
Odkaz - C:\Users\Public\Desktop\Test ESS AvisMe GFR.lnk
Odkaz - C:\Users\Public\Desktop\Test AvisMe GFR.lnk

AvisMEAgent.exe
Status : Neúspěšné
Object : %programfiles%\avismegfr\o\avismeagent.exe
MD5 : 2F285E021F37788B95D677347FE1D72E
Publisher : -
Size : 550912
Version : 9.0.0.1915
Detection :
Cleaning Action : Karanténa
Related Objects :
Soubor - %programfiles%\avismegfr\o\avismeagent.exe
Odkaz - C:\Users\Public\Desktop\Test ESS AvisMe GFR.lnk
Odkaz - C:\Users\Public\Desktop\Test AvisMe GFR.lnk
Odkaz - C:\Users\Public\Desktop\ESS AvisMe GFR.lnk
Odkaz - C:\Users\Public\Desktop\AvisMe GFR.lnk

AvisMEAgent.exe
Status : Neúspěšné
Object : %programfiles%\avismegfr\ostra\avismeagent.exe
MD5 : 2F285E021F37788B95D677347FE1D72E
Publisher : -
Size : 550912
Version : 9.0.0.1915
Detection :
Cleaning Action : Karanténa
Related Objects :
Soubor - %programfiles%\avismegfr\ostra\avismeagent.exe
Odkaz - C:\Users\Public\Desktop\Test ESS AvisMe GFR.lnk
Odkaz - C:\Users\Public\Desktop\Test AvisMe GFR.lnk
Odkaz - C:\Users\Public\Desktop\ESS AvisMe GFR.lnk
Odkaz - C:\Users\Public\Desktop\AvisMe GFR.lnk


Cleaning Result
-------------------------------------------------------
Cleaned : 1
Reported as safe : 0
Failed : 0

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 38707
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 24 led 2018 10:09

Ještě to další.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

jindob
nováček
Příspěvky: 24
Registrován: leden 18
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod jindob » 24 led 2018 10:16

ComboFix 18-01-10.01 - w801769 24.01.2018 9:56.1.4 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1250.420.1029.18.8053.6324 [GMT 1:00]
Spuštěný z: c:\instal\hijackthis\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
SP: Symantec Endpoint Protection *Disabled/Updated* {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
f:\spravce is\SOAE216.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2017-12-24 do 2018-01-24 )))))))))))))))))))))))))))))))
.
.
2018-01-24 08:07 . 2018-01-24 08:07 -------- d-----w- c:\users\w801769\AppData\Local\Zemana
2018-01-24 07:56 . 2018-01-24 07:56 118 ----a-w- c:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-01-24 06:44 . 2018-01-24 08:46 -------- d-----w- c:\program files (x86)\Zemana AntiMalware
2018-01-24 06:44 . 2018-01-24 06:44 -------- d-----w- c:\users\Administrator\AppData\Local\Zemana
2018-01-24 06:44 . 2018-01-24 06:44 -------- d-----w- c:\users\Administrator\AppData\Local\Programs
2018-01-24 06:22 . 2018-01-24 06:22 -------- d-----w- c:\users\Administrator\AppData\Roaming\GHISLER
2018-01-23 14:13 . 2018-01-23 14:13 -------- d-----w- c:\users\Administrator\AppData\Local\Symantec
2018-01-23 07:24 . 2018-01-23 07:24 -------- d-----w- C:\zoek_backup
2018-01-18 12:59 . 2018-01-23 06:48 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2018-01-18 12:58 . 2018-01-18 13:23 -------- d-----w- c:\programdata\RogueKiller
2018-01-18 06:41 . 2018-01-18 06:44 -------- d-----w- c:\users\w801769\AppData\Roaming\ImgBurn
2018-01-18 06:06 . 2018-01-18 06:06 -------- d-----w- c:\users\w801769\AppData\Local\CEF
2018-01-18 06:05 . 2018-01-18 06:06 -------- d-----w- c:\users\w801769\AppData\Local\Adobe
2018-01-18 05:59 . 2018-01-18 05:59 -------- d-----w- c:\users\w801769\AppData\Roaming\GHISLER
2018-01-17 13:45 . 2017-11-29 08:11 77432 ----a-w- c:\windows\system32\drivers\mbae64.sys
2018-01-17 13:45 . 2018-01-17 13:45 -------- d-----w- c:\programdata\Malwarebytes
2018-01-17 13:45 . 2018-01-17 13:45 -------- d-----w- c:\program files\Malwarebytes
2018-01-17 13:26 . 2018-01-18 11:57 -------- d-----w- C:\AdwCleaner
2018-01-17 13:11 . 2018-01-17 13:11 -------- d-----w- c:\users\p801769\AppData\Local\CEF
2018-01-17 13:11 . 2018-01-17 13:11 -------- d-----w- c:\users\p801769\AppData\Local\Adobe
2018-01-17 07:22 . 2017-11-14 03:43 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2018-01-11 05:52 . 2018-01-11 05:50 98816 ----a-w- c:\windows\SysWow64\KOBDrvAPIIF.DLL
2018-01-11 05:52 . 2018-01-11 05:50 160768 ----a-w- c:\windows\KOBDrvAPIW64.EXE
2018-01-11 05:52 . 2018-01-11 05:50 117248 ----a-w- c:\windows\system32\KOBDrvAPIIF.DLL
2018-01-11 05:52 . 2018-01-11 05:50 92672 ----a-w- c:\windows\system32\Spool\prtprocs\x64\KOAYJJ_P.DLL
2018-01-08 06:05 . 2018-01-08 06:13 -------- d-----w- c:\users\p801769\AppData\Roaming\avidemux
2018-01-08 06:05 . 2018-01-08 06:05 -------- d-----w- c:\program files\Avidemux 2.7 - 64 bits
2018-01-05 09:46 . 2018-01-05 09:46 -------- d-----w- c:\programdata\I.CA PKIServiceHost
2018-01-05 09:46 . 2018-01-05 09:46 -------- d-----w- c:\program files (x86)\I.CA
2018-01-05 09:45 . 2018-01-05 09:45 -------- d-----w- c:\programdata\ICA
2018-01-05 09:43 . 2018-01-05 09:43 -------- d-----w- c:\program files (x86)\Common Files\Java
2018-01-05 09:41 . 2018-01-05 09:41 110144 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2018-01-05 09:41 . 2018-01-05 09:41 -------- d-----w- c:\program files\Java
2018-01-05 09:16 . 2017-11-16 09:48 631416 ----a-w- c:\windows\SysWow64\icapki.dll
2018-01-05 08:35 . 2018-01-05 08:35 -------- d--h--w- c:\programdata\RICOH_DRV
2018-01-05 08:30 . 2013-12-26 14:44 28160 ----a-w- c:\windows\system32\ricu0dlm.dll
2018-01-04 12:00 . 2018-01-04 12:01 -------- d-----w- c:\windows\WindowsMobile
2017-12-27 12:02 . 2017-12-27 12:03 -------- d-----w- c:\program files (x86)\Lame For Audacity
2017-12-27 11:26 . 2018-01-08 07:00 -------- d-----w- c:\users\p801769\AppData\Roaming\audacity
2017-12-27 11:25 . 2017-12-27 11:26 -------- d-----w- c:\program files (x86)\Audacity
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-01-11 05:50 . 2016-03-05 00:43 25600 ----a-w- c:\windows\system32\KOAYJJ_L.DLL
2017-12-21 14:08 . 2017-12-21 14:08 268896 ----a-w- c:\windows\system32\drivers\BazisPortableCDBus.sys
2017-12-19 10:38 . 2017-12-19 10:38 1717912 ----a-w- c:\windows\system32\drivers\symefasi\0603000.018\symefasi.sys
2017-12-19 10:38 . 2017-12-19 10:38 102608 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2017-12-19 10:37 . 2017-12-19 10:37 94440 ----a-w- c:\windows\system32\snacnp.dll
2017-12-19 10:37 . 2017-12-19 10:37 83688 ----a-w- c:\windows\SysWow64\snacnp.dll
2017-12-19 10:37 . 2017-12-19 10:37 607976 ----a-w- c:\windows\system32\SymVPN.dll
2017-12-19 10:37 . 2017-12-19 10:37 507112 ----a-w- c:\windows\system32\sysfer.dll
2017-12-19 10:37 . 2017-12-19 10:37 483560 ----a-w- c:\windows\SysWow64\SymVPN.dll
2017-12-19 10:37 . 2017-12-19 10:37 47672 ----a-w- c:\windows\system32\drivers\WGX64.SYS
2017-12-19 10:37 . 2017-12-19 10:37 435944 ----a-w- c:\windows\SysWow64\sysfer.dll
2017-12-19 10:37 . 2017-12-19 10:37 222440 ----a-w- c:\windows\system32\FwsVpn.dll
2017-12-19 10:37 . 2017-12-19 10:37 217832 ----a-w- c:\windows\SysWow64\FwsVpn.dll
2017-12-19 10:37 . 2017-12-19 10:37 197992 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2017-12-13 09:23 . 2017-12-20 06:33 311808 ----a-w- c:\windows\SysWow64\MFPKI.dll
2017-12-11 16:39 . 2017-12-20 06:33 2028016 ----a-w- c:\windows\SysWow64\CryptSignX.ocx
2017-12-08 08:11 . 2017-12-08 08:11 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-12-08 08:11 . 2017-12-08 08:11 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-12-03 10:15 . 2017-12-03 10:15 829600 ----a-w- c:\windows\system32\drivers\SEP\0E000EA8\03E8.105\x64\srtsp64.sys
2017-12-03 10:15 . 2017-12-03 10:15 567968 ----a-w- c:\windows\system32\drivers\SEP\0E000EA8\03E8.105\x64\symnets.sys
2017-12-03 10:15 . 2017-12-03 10:15 49312 ----a-w- c:\windows\system32\drivers\SEP\0E000EA8\03E8.105\x64\srtspx64.sys
2017-12-03 10:15 . 2017-12-03 10:15 308896 ----a-w- c:\windows\system32\drivers\SEP\0E000EA8\03E8.105\x64\ironx64.sys
2017-12-03 10:15 . 2017-12-03 10:15 179360 ----a-w- c:\windows\system32\drivers\SEP\0E000EA8\03E8.105\x64\ccSetx64.sys
2017-11-16 09:49 . 2017-12-08 08:10 910968 ----a-w- c:\windows\system32\icapki64.dll
2017-11-16 09:48 . 2017-12-08 08:10 631416 ----a-w- c:\windows\SysWow64\icapki.old
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ICAMaintenance_ICAPKIService_RegKeysRefresh"="-mode loader -op refreshICAPKIServiceRegistryKeys" [X]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2015-02-17 296216]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2017-09-05 587288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"LogonType"= 0 (0x0)
"ReportControllerMissing"= 1 (0x1)
"MaxGPOScriptWait"= 1200 (0x4b0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWebServices"= 1 (0x1)
"NoOnlinePrintsWizard"= 1 (0x1)
"NoPublishingWizard"= 1 (0x1)
"NoAutorun"= 1 (0x1)
"PreXPSP2ShellProtocolBehavior"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x]
R1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SepMasterService;Symantec Endpoint Protection;c:\program files (x86)\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Bin\ccSvcHst.exe;c:\program files (x86)\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Bin\ccSvcHst.exe [x]
R3 BazisPortableCDBus;Portable WinCDEmu driver;c:\windows\system32\drivers\BazisPortableCDBus.sys;c:\windows\SYSNATIVE\drivers\BazisPortableCDBus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 lppsvc;Microsoft Policy Platform Processor;c:\program files\Microsoft Policy Platform\policyHost.exe;c:\program files\Microsoft Policy Platform\policyHost.exe [x]
R3 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SyDvCtrl;SyDvCtrl;c:\program files (x86)\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Bin64\SyDvCtrl64.sys;c:\program files (x86)\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Bin64\SyDvCtrl64.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R4 CmRcService;Vzdálené řízení nástroje Configuration Manager;c:\windows\CCM\RemCtrl\CmRcService.exe;c:\windows\CCM\RemCtrl\CmRcService.exe [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 SymEFASI;Symantec Extended File Attributes (SI);c:\windows\system32\drivers\symefasi\0603000.018\symefasi.sys;c:\windows\SYSNATIVE\drivers\symefasi\0603000.018\symefasi.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Data\Definitions\BASHDefs\20180117.005\BHDrvx64.sys;c:\programdata\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Data\Definitions\BASHDefs\20180117.005\BHDrvx64.sys [x]
S1 ccSettings_{048EFA22-DB32-43D5-879D-841B6EA67048};Symantec Endpoint Protection 14.0.3752.1000.105 Settings Manager;c:\windows\system32\Drivers\SEP\0E000EA8\03E8.105\x64\ccSetx64.sys;c:\windows\SYSNATIVE\Drivers\SEP\0E000EA8\03E8.105\x64\ccSetx64.sys [x]
S1 IDSvia64;IDSvia64;c:\programdata\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Data\Definitions\IPSDefs\20180123.040\IDSvia64.sys;c:\programdata\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Data\Definitions\IPSDefs\20180123.040\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\Drivers\SEP\0E000EA8\03E8.105\x64\Ironx64.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0E000EA8\03E8.105\x64\Ironx64.SYS [x]
S1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\Drivers\SEP\0E000EA8\03E8.105\x64\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0E000EA8\03E8.105\x64\SYMNETS.SYS [x]
S2 602XML Updater;602Updater;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d62x64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 lpasvc;Microsoft Policy Platform Local Authority;c:\program files\Microsoft Policy Platform\policyHost.exe;c:\program files\Microsoft Policy Platform\policyHost.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2017-04-05 00:38 323664 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Obsah adresáře 'Naplánované úlohy'
.
2018-01-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-08 08:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2015-01-27 36352]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2016-01-27 8844032]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.cz/?gws_rd=ssl
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.fs.mfcr.cz;<local>
uInternet Settings,ProxyServer = proxy7032:3128
Trusted Zone: *.capgemini.com
Trusted Zone: *.csob.cz
Trusted Zone: *.csob.sk
Trusted Zone: *.erasvet.cz
Trusted Zone: *.ica.cz
Trusted Zone: *.postovnisporitelna.cz
Trusted Zone: s7000mg0705
TCP: Interfaces\{1608A894-3BCE-4CE7-90B7-D60B2357EB4C}: NameServer = 172.30.1.132,10.59.17.25,172.26.1.134
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SepMasterService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files (x86)\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Bin\sms.dll\" /prefetch:1"
"ImagePath"="system32\Drivers\SEP\0E000EA8\03E8.105\x64\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\bin;c:\program files (x86)\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\bin64"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\WINDOWS\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\WINDOWS\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\WINDOWS\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\WINDOWS\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2018-01-24 10:02:28
ComboFix-quarantined-files.txt 2018-01-24 09:02
.
Před spuštěním: Volných bajtů: 136 955 396 096
Po spuštění: Volných bajtů: 136 546 439 168
.
- - End Of File - - 58EB660BEFAA954873785126C5A8560D
5FB38429D5D77768867C76DCBDB35194

jindob
nováček
Příspěvky: 24
Registrován: leden 18
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod jindob » 24 led 2018 10:44

Zoek.exe v5.0.0.1 Updated 24-October-2017
Tool run by w801769 on st 24.01.2018 at 10:32:59,09.
Microsoft Windows 7 Enterprise 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Instal\hijackthis\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

24.1.2018 10:36:30 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3043588770-2694071417-673251328-103480\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} deleted successfully
HKEY_USERS\S-1-5-21-3043588770-2694071417-673251328-34011\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.cz/?gws_rd=ssl"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR

==== Reset Google Chrome ======================

Nothing found to reset

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\p801769\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\p801769\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\w801769\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\w801769\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== Empty Temp Folders ======================

C:\Users\Administrator\AppData\Local\temp emptied successfully
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\p801769\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\w801769\AppData\Local\temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

Uživatelský avatar
Orcus
člen Security týmu
Elite Level 10.5
Elite Level 10.5
Příspěvky: 10631
Registrován: duben 10
Bydliště: Okolo rostou 3 růže =o)
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod Orcus » 24 led 2018 11:23

ComboFix 18-01-10.01 - w801769 24.01.2018 9:56.1.4 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1250.420.1029.18.8053.6324 [GMT 1:00]
Spuštěný z: c:\instal\hijackthis\ComboFix.exe

Combofix znovu a z Plochy, jak je v návodu.

Děkuji
Láska hřeje, ale uhlí je uhlí. :fire:



Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.

Pár rad k bezpečnosti PC.

Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a jerabina

Pokud budete spokojeni , můžete podpořit naše fórum.

jindob
nováček
Příspěvky: 24
Registrován: leden 18
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod jindob » 24 led 2018 11:57

ComboFix 18-01-10.01 - w801769 24.01.2018 11:33:22.2.4 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1250.420.1029.18.8053.5910 [GMT 1:00]
Spuštěný z: c:\users\p801769\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
SP: Symantec Endpoint Protection *Disabled/Updated* {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2017-12-24 do 2018-01-24 )))))))))))))))))))))))))))))))
.
.
2018-01-24 10:36 . 2018-01-24 10:36 -------- d-----w- c:\users\w801769\AppData\Local\temp
2018-01-24 10:36 . 2018-01-24 10:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2018-01-24 10:36 . 2018-01-24 10:36 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2018-01-24 08:07 . 2018-01-24 08:07 -------- d-----w- c:\users\w801769\AppData\Local\Zemana
2018-01-24 07:56 . 2018-01-24 07:56 118 ----a-w- c:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-01-24 06:44 . 2018-01-24 08:46 -------- d-----w- c:\program files (x86)\Zemana AntiMalware
2018-01-24 06:44 . 2018-01-24 06:44 -------- d-----w- c:\users\Administrator\AppData\Local\Zemana
2018-01-24 06:44 . 2018-01-24 06:44 -------- d-----w- c:\users\Administrator\AppData\Local\Programs
2018-01-24 06:22 . 2018-01-24 06:22 -------- d-----w- c:\users\Administrator\AppData\Roaming\GHISLER
2018-01-23 14:13 . 2018-01-23 14:13 -------- d-----w- c:\users\Administrator\AppData\Local\Symantec
2018-01-18 12:59 . 2018-01-23 06:48 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2018-01-18 12:58 . 2018-01-18 13:23 -------- d-----w- c:\programdata\RogueKiller
2018-01-18 06:41 . 2018-01-18 06:44 -------- d-----w- c:\users\w801769\AppData\Roaming\ImgBurn
2018-01-18 06:06 . 2018-01-18 06:06 -------- d-----w- c:\users\w801769\AppData\Local\CEF
2018-01-18 06:05 . 2018-01-18 06:06 -------- d-----w- c:\users\w801769\AppData\Local\Adobe
2018-01-18 05:59 . 2018-01-18 05:59 -------- d-----w- c:\users\w801769\AppData\Roaming\GHISLER
2018-01-17 13:45 . 2017-11-29 08:11 77432 ----a-w- c:\windows\system32\drivers\mbae64.sys
2018-01-17 13:45 . 2018-01-17 13:45 -------- d-----w- c:\programdata\Malwarebytes
2018-01-17 13:45 . 2018-01-17 13:45 -------- d-----w- c:\program files\Malwarebytes
2018-01-17 13:26 . 2018-01-18 11:57 -------- d-----w- C:\AdwCleaner
2018-01-17 13:11 . 2018-01-17 13:11 -------- d-----w- c:\users\p801769\AppData\Local\CEF
2018-01-17 13:11 . 2018-01-17 13:11 -------- d-----w- c:\users\p801769\AppData\Local\Adobe
2018-01-17 07:22 . 2017-11-14 03:43 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2018-01-11 05:52 . 2018-01-11 05:50 98816 ----a-w- c:\windows\SysWow64\KOBDrvAPIIF.DLL
2018-01-11 05:52 . 2018-01-11 05:50 160768 ----a-w- c:\windows\KOBDrvAPIW64.EXE
2018-01-11 05:52 . 2018-01-11 05:50 117248 ----a-w- c:\windows\system32\KOBDrvAPIIF.DLL
2018-01-11 05:52 . 2018-01-11 05:50 92672 ----a-w- c:\windows\system32\Spool\prtprocs\x64\KOAYJJ_P.DLL
2018-01-08 06:05 . 2018-01-08 06:13 -------- d-----w- c:\users\p801769\AppData\Roaming\avidemux
2018-01-08 06:05 . 2018-01-08 06:05 -------- d-----w- c:\program files\Avidemux 2.7 - 64 bits
2018-01-05 09:46 . 2018-01-05 09:46 -------- d-----w- c:\programdata\I.CA PKIServiceHost
2018-01-05 09:46 . 2018-01-05 09:46 -------- d-----w- c:\program files (x86)\I.CA
2018-01-05 09:45 . 2018-01-05 09:45 -------- d-----w- c:\programdata\ICA
2018-01-05 09:43 . 2018-01-05 09:43 -------- d-----w- c:\program files (x86)\Common Files\Java
2018-01-05 09:41 . 2018-01-05 09:41 110144 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2018-01-05 09:41 . 2018-01-05 09:41 -------- d-----w- c:\program files\Java
2018-01-05 09:16 . 2017-11-16 09:48 631416 ----a-w- c:\windows\SysWow64\icapki.dll
2018-01-05 08:35 . 2018-01-05 08:35 -------- d--h--w- c:\programdata\RICOH_DRV
2018-01-05 08:30 . 2013-12-26 14:44 28160 ----a-w- c:\windows\system32\ricu0dlm.dll
2018-01-04 12:00 . 2018-01-04 12:01 -------- d-----w- c:\windows\WindowsMobile
2017-12-27 12:02 . 2017-12-27 12:03 -------- d-----w- c:\program files (x86)\Lame For Audacity
2017-12-27 11:26 . 2018-01-08 07:00 -------- d-----w- c:\users\p801769\AppData\Roaming\audacity
2017-12-27 11:25 . 2017-12-27 11:26 -------- d-----w- c:\program files (x86)\Audacity
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-01-11 05:50 . 2016-03-05 00:43 25600 ----a-w- c:\windows\system32\KOAYJJ_L.DLL
2017-12-21 14:08 . 2017-12-21 14:08 268896 ----a-w- c:\windows\system32\drivers\BazisPortableCDBus.sys
2017-12-19 10:38 . 2017-12-19 10:38 1717912 ----a-w- c:\windows\system32\drivers\symefasi\0603000.018\symefasi.sys
2017-12-19 10:38 . 2017-12-19 10:38 102608 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2017-12-19 10:37 . 2017-12-19 10:37 94440 ----a-w- c:\windows\system32\snacnp.dll
2017-12-19 10:37 . 2017-12-19 10:37 83688 ----a-w- c:\windows\SysWow64\snacnp.dll
2017-12-19 10:37 . 2017-12-19 10:37 607976 ----a-w- c:\windows\system32\SymVPN.dll
2017-12-19 10:37 . 2017-12-19 10:37 507112 ----a-w- c:\windows\system32\sysfer.dll
2017-12-19 10:37 . 2017-12-19 10:37 483560 ----a-w- c:\windows\SysWow64\SymVPN.dll
2017-12-19 10:37 . 2017-12-19 10:37 47672 ----a-w- c:\windows\system32\drivers\WGX64.SYS
2017-12-19 10:37 . 2017-12-19 10:37 435944 ----a-w- c:\windows\SysWow64\sysfer.dll
2017-12-19 10:37 . 2017-12-19 10:37 222440 ----a-w- c:\windows\system32\FwsVpn.dll
2017-12-19 10:37 . 2017-12-19 10:37 217832 ----a-w- c:\windows\SysWow64\FwsVpn.dll
2017-12-19 10:37 . 2017-12-19 10:37 197992 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2017-12-13 09:23 . 2017-12-20 06:33 311808 ----a-w- c:\windows\SysWow64\MFPKI.dll
2017-12-11 16:39 . 2017-12-20 06:33 2028016 ----a-w- c:\windows\SysWow64\CryptSignX.ocx
2017-12-08 08:11 . 2017-12-08 08:11 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-12-08 08:11 . 2017-12-08 08:11 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-12-03 10:15 . 2017-12-03 10:15 829600 ----a-w- c:\windows\system32\drivers\SEP\0E000EA8\03E8.105\x64\srtsp64.sys
2017-12-03 10:15 . 2017-12-03 10:15 567968 ----a-w- c:\windows\system32\drivers\SEP\0E000EA8\03E8.105\x64\symnets.sys
2017-12-03 10:15 . 2017-12-03 10:15 49312 ----a-w- c:\windows\system32\drivers\SEP\0E000EA8\03E8.105\x64\srtspx64.sys
2017-12-03 10:15 . 2017-12-03 10:15 308896 ----a-w- c:\windows\system32\drivers\SEP\0E000EA8\03E8.105\x64\ironx64.sys
2017-12-03 10:15 . 2017-12-03 10:15 179360 ----a-w- c:\windows\system32\drivers\SEP\0E000EA8\03E8.105\x64\ccSetx64.sys
2017-11-16 09:49 . 2017-12-08 08:10 910968 ----a-w- c:\windows\system32\icapki64.dll
2017-11-16 09:48 . 2017-12-08 08:10 631416 ----a-w- c:\windows\SysWow64\icapki.old
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ICAMaintenance_ICAPKIService_RegKeysRefresh"="-mode loader -op refreshICAPKIServiceRegistryKeys" [X]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2015-02-17 296216]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2017-09-05 587288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"LogonType"= 0 (0x0)
"ReportControllerMissing"= 1 (0x1)
"MaxGPOScriptWait"= 1200 (0x4b0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWebServices"= 1 (0x1)
"NoOnlinePrintsWizard"= 1 (0x1)
"NoPublishingWizard"= 1 (0x1)
"NoAutorun"= 1 (0x1)
"PreXPSP2ShellProtocolBehavior"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x]
R1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SepMasterService;Symantec Endpoint Protection;c:\program files (x86)\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Bin\ccSvcHst.exe;c:\program files (x86)\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Bin\ccSvcHst.exe [x]
R3 BazisPortableCDBus;Portable WinCDEmu driver;c:\windows\system32\drivers\BazisPortableCDBus.sys;c:\windows\SYSNATIVE\drivers\BazisPortableCDBus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 lpasvc;Microsoft Policy Platform Local Authority;c:\program files\Microsoft Policy Platform\policyHost.exe;c:\program files\Microsoft Policy Platform\policyHost.exe [x]
R3 lppsvc;Microsoft Policy Platform Processor;c:\program files\Microsoft Policy Platform\policyHost.exe;c:\program files\Microsoft Policy Platform\policyHost.exe [x]
R3 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SyDvCtrl;SyDvCtrl;c:\program files (x86)\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Bin64\SyDvCtrl64.sys;c:\program files (x86)\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Bin64\SyDvCtrl64.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R4 CmRcService;Vzdálené řízení nástroje Configuration Manager;c:\windows\CCM\RemCtrl\CmRcService.exe;c:\windows\CCM\RemCtrl\CmRcService.exe [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 SymEFASI;Symantec Extended File Attributes (SI);c:\windows\system32\drivers\symefasi\0603000.018\symefasi.sys;c:\windows\SYSNATIVE\drivers\symefasi\0603000.018\symefasi.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Data\Definitions\BASHDefs\20180117.005\BHDrvx64.sys;c:\programdata\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Data\Definitions\BASHDefs\20180117.005\BHDrvx64.sys [x]
S1 ccSettings_{048EFA22-DB32-43D5-879D-841B6EA67048};Symantec Endpoint Protection 14.0.3752.1000.105 Settings Manager;c:\windows\system32\Drivers\SEP\0E000EA8\03E8.105\x64\ccSetx64.sys;c:\windows\SYSNATIVE\Drivers\SEP\0E000EA8\03E8.105\x64\ccSetx64.sys [x]
S1 IDSvia64;IDSvia64;c:\programdata\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Data\Definitions\IPSDefs\20180123.040\IDSvia64.sys;c:\programdata\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Data\Definitions\IPSDefs\20180123.040\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\Drivers\SEP\0E000EA8\03E8.105\x64\Ironx64.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0E000EA8\03E8.105\x64\Ironx64.SYS [x]
S1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\Drivers\SEP\0E000EA8\03E8.105\x64\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0E000EA8\03E8.105\x64\SYMNETS.SYS [x]
S2 602XML Updater;602Updater;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d62x64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2017-04-05 00:38 323664 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Obsah adresáře 'Naplánované úlohy'
.
2018-01-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-08 08:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2015-01-27 36352]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2016-01-27 8844032]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.fs.mfcr.cz;<local>
uInternet Settings,ProxyServer = proxy7032:3128
Trusted Zone: *.capgemini.com
Trusted Zone: *.csob.cz
Trusted Zone: *.csob.sk
Trusted Zone: *.erasvet.cz
Trusted Zone: *.ica.cz
Trusted Zone: *.postovnisporitelna.cz
Trusted Zone: s7000mg0705
TCP: Interfaces\{1608A894-3BCE-4CE7-90B7-D60B2357EB4C}: NameServer = 172.30.1.132,10.59.17.25,172.26.1.134
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SepMasterService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files (x86)\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Bin\sms.dll\" /prefetch:1"
"ImagePath"="system32\Drivers\SEP\0E000EA8\03E8.105\x64\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\bin;c:\program files (x86)\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\bin64"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\WINDOWS\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\WINDOWS\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\WINDOWS\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\WINDOWS\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2018-01-24 11:38:05
ComboFix-quarantined-files.txt 2018-01-24 10:38
.
Před spuštěním: Volných bajtů: 135 107 850 240
Po spuštění: Volných bajtů: 135 021 031 424
.
- - End Of File - - D66FCDF3B64BEE0D284B505FAB64670E
5FB38429D5D77768867C76DCBDB35194

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 38707
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 24 led 2018 17:43

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\WINDOWS\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\WINDOWS\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\WINDOWS\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\WINDOWS\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)



Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.


V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
c:\windows\system32\KOAYJJ_L.DLL

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

jindob
nováček
Příspěvky: 24
Registrován: leden 18
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod jindob » 25 led 2018 11:12

Spustil jsem znovu combofix dle vašeho návodu a objevilo se okno, ve kterém bylo napsáno, že platnost combofixu vypršela a chcete ho spustit s omezenou funkčností.
Po ukončení skriptu se nevytvořil log a za chvíli nastala BSOD.
Po restartu pc a přihlášení po chvíli znovu BSOD.

jindob
nováček
Příspěvky: 24
Registrován: leden 18
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod jindob » 25 led 2018 11:51

Po spuštění PC s volbou poslední známé funkční konfigurace, zase BSOD.
Mám PC spustit v nouzovém režimu a použít bod obnovy?

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 38707
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 25 led 2018 21:42

Ano , to je dobrá volba.
dej pak vědět.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

jindob
nováček
Příspěvky: 24
Registrován: leden 18
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod jindob » 26 led 2018 09:46

Po obnově PC přestal padat.


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: CommonCrawl [Bot] a 10 hostů