Virus bitcoinu

xXMaster · Příspěvekod **xXMaster** » 03 črc 2014 21:56

ComboFix 14-07-03.01 - Mal 03.07.2014 21:39:28.3.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1033.18.3914.2712 [GMT 2:00]
Spuštěný z: c:\users\Mal\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Mal\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\{3f538614-b636-4023-9ec2-564ada4b07b3}w64.sys"
"c:\windows\system32\drivers\{b2db3058-74ee-4ace-bcd8-8cd0fbe3a4f6}w64.sys"
"c:\windows\system32\drivers\aswsnx.sys.1403432169076"
"c:\windows\system32\drivers\aswsp.sys.1403432169076"
"c:\windows\system32\drivers\aswstm.sys.1403432169076"
"c:\windows\SysWOW64\Drivers\X6va015"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-972917567-3220589774-1664920983-1000Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-972917567-3220589774-1664920983-1000UA.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Update
c:\program files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
c:\program files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
c:\program files (x86)\Google\Update\1.3.22.5\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.22.5\GoogleUpdateBroker.exe
c:\program files (x86)\Google\Update\1.3.22.5\GoogleUpdateHelper.msi
c:\program files (x86)\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe
c:\program files (x86)\Google\Update\1.3.22.5\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\1.3.22.5\goopdate.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_am.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_ar.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_bg.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_bn.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_ca.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_cs.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_da.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_de.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_el.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_en-GB.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_en.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_es-419.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_es.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_et.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_fa.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_fi.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_fil.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_fr.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_gu.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_hi.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_hr.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_hu.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_id.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_is.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_it.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_iw.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_ja.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_kn.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_ko.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_lt.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_lv.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_ml.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_mr.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_ms.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_nl.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_no.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_pl.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_pt-BR.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_pt-PT.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_ro.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_ru.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_sk.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_sl.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_sr.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_sv.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_sw.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_ta.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_te.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_th.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_tr.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_uk.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_ur.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_vi.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_zh-CN.dll
c:\program files (x86)\Google\Update\1.3.22.5\goopdateres_zh-TW.dll
c:\program files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
c:\program files (x86)\Google\Update\1.3.22.5\psmachine.dll
c:\program files (x86)\Google\Update\1.3.22.5\psuser.dll
c:\program files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.22.5\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\33.0.1750.154\33.0.1750.154_33.0.1750.146_chrome_updater.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Skype\Updater\Updater.dll
c:\program files (x86)\Skype\Updater\Updater.exe
c:\users\Mal\AppData\Local\Facebook\Update
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\FacebookCrashHandler.exe
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdate.exe
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdateHelper.msi
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ar.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_bg.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_bn.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ca.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_cs.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_da.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_de.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_el.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_en-GB.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_en.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_es-419.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_es.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_et.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fa.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fi.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fil.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fr.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_gu.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hi.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hr.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hu.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_id.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_is.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_it.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_iw.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ja.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_kn.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ko.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_lt.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_lv.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ml.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_mr.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ms.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_nl.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_no.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_or.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pl.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pt-BR.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pt-PT.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ro.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ru.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sk.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sl.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sr.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sv.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ta.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_te.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_th.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_tr.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_uk.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ur.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_vi.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_zh-CN.dll
c:\users\Mal\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_zh-TW.dll
c:\users\Mal\AppData\Local\Facebook\Update\FacebookUpdate.exe
c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP\WiseCustomCalla.dll
c:\windows\system32\drivers\{3f538614-b636-4023-9ec2-564ada4b07b3}w64.sys
c:\windows\system32\drivers\{b2db3058-74ee-4ace-bcd8-8cd0fbe3a4f6}w64.sys
c:\windows\system32\drivers\aswsnx.sys.1403432169076
c:\windows\system32\drivers\aswsp.sys.1403432169076
c:\windows\system32\drivers\aswstm.sys.1403432169076
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-972917567-3220589774-1664920983-1000Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-972917567-3220589774-1664920983-1000UA.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_X6VA015
-------\Legacy_{3F538614-B636-4023-9EC2-564ADA4B07B3}W64
-------\Legacy_{B2DB3058-74EE-4ACE-BCD8-8CD0FBE3A4F6}W64
-------\Service_{3f538614-b636-4023-9ec2-564ada4b07b3}w64
-------\Service_{b2db3058-74ee-4ace-bcd8-8cd0fbe3a4f6}w64
-------\Service_SkypeUpdate
-------\Service_X6va015
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-06-03 do 2014-07-03 )))))))))))))))))))))))))))))))
.
.
2014-07-03 19:48 . 2014-07-03 19:48 -------- d-----w- c:\users\HomeGroupUser$\AppData\Local\temp
2014-07-03 19:48 . 2014-07-03 19:48 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-07-03 19:48 . 2014-07-03 19:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-03 19:48 . 2014-07-03 19:48 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-07-02 23:03 . 2014-07-03 08:48 -------- d-----w- c:\programdata\GFACE
2014-07-02 23:02 . 2014-07-03 09:34 -------- d-----w- c:\users\Mal\AppData\Local\wf-launcher
2014-07-02 16:58 . 2014-07-02 16:58 -------- d-----w- c:\users\Mal\AppData\Local\CrashDumps
2014-07-01 21:04 . 2014-06-17 00:57 10779000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{888AC7C0-85CD-4AE1-ACDD-5ADE26916C54}\mpengine.dll
2014-07-01 08:24 . 2014-07-01 08:43 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-07-01 08:24 . 2014-07-01 08:43 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-07-01 08:24 . 2014-07-01 02:08 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
2014-06-29 17:11 . 2014-06-29 17:11 -------- d-----w- c:\programdata\RogueKiller
2014-06-29 17:03 . 2014-06-29 17:03 -------- d-----w- c:\windows\ERUNT
2014-06-29 15:42 . 2014-06-29 15:42 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-29 15:41 . 2014-06-29 15:42 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-06-29 15:41 . 2014-06-29 15:41 -------- d-----w- c:\programdata\Malwarebytes
2014-06-29 15:41 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-06-29 15:41 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-29 15:41 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-06-29 15:35 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-06-29 15:34 . 2014-06-29 16:57 -------- d-----w- C:\AdwCleaner
2014-06-29 14:12 . 2014-06-29 14:17 -------- d-----w- c:\program files (x86)\HammerMT2 Server 1 2014
2014-06-29 08:19 . 2014-06-29 08:19 -------- d-----w- c:\program files (x86)\RoboSSAver
2014-06-29 08:08 . 2014-06-29 08:08 687 ----a-w- C:\awh3D4D.tmp
2014-06-29 08:00 . 2014-06-29 08:00 687 ----a-w- C:\awh4EBB.tmp
2014-06-27 13:36 . 2014-06-27 13:36 -------- d-----w- c:\users\Mal\AppData\Local\Black_Tree_Gaming
2014-06-27 13:35 . 2014-06-30 11:34 -------- d-----w- c:\program files\Nexus Mod Manager
2014-06-27 12:38 . 2014-06-27 12:38 687 ----a-w- C:\awh6B21.tmp
2014-06-27 06:01 . 2014-06-27 06:01 687 ----a-w- C:\awh3BD7.tmp
2014-06-26 21:32 . 2014-06-26 21:32 687 ----a-w- C:\awh7AC4.tmp
2014-06-26 21:26 . 2014-06-29 08:17 -------- d-----w- c:\program files (x86)\Common Files\Config
2014-06-22 11:37 . 2014-06-22 11:37 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-06-22 11:35 . 2014-06-22 11:34 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-06-22 11:34 . 2014-06-22 11:34 -------- d-----w- c:\program files (x86)\Java
2014-06-15 14:38 . 2014-06-15 14:38 -------- d-----w- c:\users\Mal\AppData\Local\Fallout3
2014-06-15 14:17 . 2014-06-15 14:17 -------- d-----w- c:\windows\SysWow64\xlive
2014-06-15 06:46 . 2014-06-15 06:46 108544 ----a-w- c:\windows\SysWow64\installd.exe
2014-06-13 20:25 . 2014-06-15 17:14 -------- d-----w- c:\users\Mal\AppData\Local\VirtualStore
2014-06-12 16:04 . 2010-02-20 07:25 -------- d-----w- c:\program files\Aliens vs Predator 2010
2014-06-12 09:12 . 2014-06-08 09:13 506368 ----a-w- c:\windows\system32\aepdu.dll
2014-06-12 09:12 . 2014-06-08 09:08 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-06-04 08:46 . 2014-06-04 08:46 -------- d-----w- c:\users\Mal\AppData\Local\Downloaded Installations
2014-06-04 08:45 . 2014-06-04 08:45 -------- d-----w- c:\program files (x86)\HTC
2014-06-04 08:44 . 2014-06-04 08:44 -------- d-----w- c:\programdata\HTC
2014-06-04 08:44 . 2014-06-29 16:23 -------- d---a-w- C:\Temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-01 08:43 . 2014-02-03 14:52 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-07-01 08:24 . 2014-01-09 15:05 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-06-22 11:32 . 2014-06-02 23:46 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-22 11:32 . 2014-06-02 23:46 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-12 12:03 . 2014-01-09 15:53 95414520 ----a-w- c:\windows\system32\MRT.exe
2014-05-25 10:13 . 2014-05-25 10:13 53248 ----a-w- c:\windows\unrar.dll
2014-05-17 15:51 . 2014-05-17 15:51 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2014-05-17 15:50 . 2014-05-17 15:50 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2014-05-16 20:47 . 2011-06-11 00:58 773680 ----a-w- c:\windows\SysWow64\msvcr100.dll
2014-05-16 20:47 . 2011-06-11 00:58 420912 ----a-w- c:\windows\SysWow64\msvcp100.dll
2014-05-09 16:34 . 2014-05-09 16:34 348160 ----a-w- c:\windows\SysWow64\Msvcr71.dll
2014-05-09 16:34 . 2014-05-09 16:34 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2014-05-09 16:34 . 2014-05-09 16:34 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2014-05-09 16:32 . 2014-05-09 16:32 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2014-04-19 11:38 . 2014-04-19 11:38 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2014-04-19 11:38 . 2014-04-19 11:38 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-04-12 02:22 . 2014-05-16 18:56 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:22 . 2014-05-16 18:56 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:19 . 2014-05-16 18:56 136192 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:19 . 2014-05-16 18:55 29184 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:19 . 2014-05-16 18:55 28160 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:19 . 2014-05-16 18:56 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:19 . 2014-05-16 18:56 31232 ----a-w- c:\windows\system32\lsass.exe
2014-04-12 02:12 . 2014-05-16 18:55 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-04-12 02:10 . 2014-05-16 18:55 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{76C2EC23-9B84-43C0-A7F6-F0CDB4DC52BE}"= "c:\program files (x86)\TNT2\Profiles\10809\passport.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{76c2ec23-9b84-43c0-a7f6-f0cdb4dc52be}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"="1" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:3a0d52cc3 /wow /dir:C:\Program
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys;c:\windows\SYSNATIVE\DRIVERS\bcmvwl64.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 16:46 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-07-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-02 11:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe" [2014-01-09 7138816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-23 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-23 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-23 439064]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
mDefault_Page_URL = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.111.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
AddRemove-{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B} - c:\program files (x86)\InstallShield Installation Information\{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}\setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-972917567-3220589774-1664920983-1000\Software\SecuROM\License information*]
"datasecu"=hex:57,b9,8f,35,14,76,f8,d4,2e,8e,6d,95,18,a9,e4,83,f5,3e,a3,65,51,
ea,bd,9f,e3,88,7e,5b,bf,bb,b3,20,07,a8,64,0c,69,eb,2e,90,92,0e,61,90,0d,b8,\
"rkeysecu"=hex:f1,6a,0e,28,38,a2,82,b8,00,1b,e5,6a,a0,62,de,55
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_125_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_125_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Celkový čas: 2014-07-03 21:55:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-07-03 19:55
ComboFix2.txt 2014-07-03 11:37
ComboFix3.txt 2014-06-30 11:23
.
Před spuštěním: 361 556 365 312 bytes free
Po spuštění: 361 486 753 792 bytes free
.
- - End Of File - - 4B6B4255F3D5F93A386697510E8E0F8A
A36C5E4F47E84449FF07ED3517B43A31

Reklama

xXMaster · Příspěvekod **xXMaster** » 03 črc 2014 21:57

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:57:04, on 3.7.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)

Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Mal\Downloads\HijackThis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (file missing)
O3 - Toolbar: FindWide Toolbar - {76C2EC23-9B84-43C0-A7F6-F0CDB4DC52BE} - C:\Program Files (x86)\TNT2\Profiles\10809\passport.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] 1
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - Unknown owner - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Broadcom Corporation - C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 5940 bytes

Příspěvekod **jaro3** » 04 črc 2014 10:12

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (file missing)
O3 - Toolbar: FindWide Toolbar - {76C2EC23-9B84-43C0-A7F6-F0CDB4DC52BE} - C:\Program Files (x86)\TNT2\Profiles\10809\passport.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] 1

Doinstaluj si free antivir.

Co problémy?

Virus bitcoinu

Re: Virus bitcoinu

Re: Virus bitcoinu

Re: Virus bitcoinu

Kdo je online