Zoek.exe v5.0.0.0 Updated 05-September-2014
Tool run by Tomas on so 06.09.2014 at 11:11:50,47.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Tomas\Desktop\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-09-05-135133.log 6011 bytes
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\ahtc53dc.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\ahtc53dc.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
==== Firefox Extensions ======================
ProfilePath: C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\ahtc53dc.default
- S3.Google Translator - %ProfilePath%\extensions\s3google@translator.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\ahtc53dc.default
9EE20E6E2E3F94714D44F739B9A228F4 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll - Shockwave Flash
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Reset Google Chrome ======================
Nothing found to reset
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Tomas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Tomas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=3 folders=1 789 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Tomas\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Tomas\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on so 06.09.2014 at 11:24:37,45 ======================
ComboFix 14-09-05.01 - Tomas 06.09.2014 11:29:18.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4095.2569 [GMT 2:00]
Spuštěný z: c:\users\Tomas\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msxml4-KB954430-enu.LOG
c:\windows\msxml4-KB973688-enu.LOG
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-08-06 do 2014-09-06 )))))))))))))))))))))))))))))))
.
.
2014-09-06 09:32 . 2014-09-06 09:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-06 09:20 . 2014-09-06 09:11 24064 ----a-w- c:\windows\zoek-delete.exe
2014-09-05 15:41 . 2014-08-20 18:43 11319192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4CB7408A-CD64-4EDD-9F71-73C160A2BC01}\mpengine.dll
2014-09-05 13:41 . 2014-09-05 13:48 -------- d-----w- C:\zoek_backup
2014-09-04 17:32 . 2014-08-20 18:43 11319192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-09-04 17:28 . 2014-09-05 13:32 36456 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-09-04 17:28 . 2014-09-04 17:28 -------- d-----w- c:\programdata\RogueKiller
2014-09-04 17:12 . 2014-09-04 17:12 -------- d-----w- c:\windows\ERUNT
2014-09-04 16:43 . 2014-09-04 17:19 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-04 16:42 . 2014-09-04 16:43 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-09-04 16:42 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-09-04 16:42 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-04 16:42 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-04 16:42 . 2014-09-04 16:42 -------- d-----w- c:\programdata\Malwarebytes
2014-09-04 16:31 . 2014-09-04 17:10 -------- d-----w- C:\AdwCleaner
2014-09-02 16:38 . 2014-09-02 16:38 -------- d-----w- c:\program files (x86)\Common Files\Solveig Multimedia
2014-09-01 21:40 . 2014-09-01 21:40 -------- d-----w- c:\program files\Microsoft Silverlight
2014-09-01 21:40 . 2014-09-01 21:40 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2014-09-01 20:22 . 2014-09-01 20:22 -------- d-----w- c:\program files (x86)\MSXML 4.0
2014-08-31 16:58 . 2010-05-26 09:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
2014-08-31 16:58 . 2010-05-26 09:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2014-08-31 16:58 . 2010-05-26 09:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2014-08-31 16:58 . 2010-05-26 09:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2014-08-31 16:58 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2014-08-31 16:58 . 2010-05-26 09:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2014-08-31 16:57 . 2014-08-09 00:22 1291280 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-08-31 16:57 . 2014-08-09 00:22 1126480 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-08-31 16:57 . 2014-08-09 00:22 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-08-31 16:57 . 2014-08-09 00:22 1283136 ----a-w- c:\windows\system32\nvspcap64.dll
2014-08-31 11:10 . 2014-08-31 11:10 -------- d-----w- c:\program files\Zoner
2014-08-31 10:29 . 2006-12-09 02:55 27648 ----a-w- c:\windows\system32\Spool\prtprocs\x64\sugg1pc.dll
2014-08-31 10:04 . 2014-03-05 21:19 7670 --s-a-w- c:\windows\SysWow64\mncyphyl.vbe
2014-08-31 10:04 . 2014-08-31 10:12 -------- d-----w- c:\windows\SysWow64\bitstreams
2014-08-31 10:04 . 2013-10-26 19:30 538126 --s-a-w- c:\windows\SysWow64\libcurl-4.dll
2014-08-31 10:04 . 2013-10-26 19:30 364544 --s-a-w- c:\windows\SysWow64\ssleay32.dll
2014-08-31 10:04 . 2013-10-26 19:30 192512 --s-a-w- c:\windows\SysWow64\libidn-11.dll
2014-08-31 10:04 . 2013-10-26 19:30 171008 --s-a-w- c:\windows\SysWow64\libssh2.dll
2014-08-31 10:04 . 2013-10-26 19:30 1704448 --s-a-w- c:\windows\SysWow64\libeay32.dll
2014-08-31 10:04 . 2013-10-26 19:30 133632 --s-a-w- c:\windows\SysWow64\librtmp.dll
2014-08-31 10:04 . 2013-06-12 14:15 119888 --s-a-w- c:\windows\SysWow64\pthreadGC2.dll
2014-08-31 10:04 . 2013-06-12 14:15 100864 --s-a-w- c:\windows\SysWow64\zlib1.dll
2014-08-31 10:04 . 2012-09-25 22:46 472424 --s-a-w- c:\windows\SysWow64\cudart32_50_35.dll
2014-08-31 10:04 . 2012-05-27 00:36 55808 --s-a-w- c:\windows\SysWow64\pthreadVC2.dll
2014-08-30 13:19 . 2014-07-31 23:41 348856 ----a-w- c:\windows\system32\iedkcs32.dll
2014-08-30 12:47 . 2014-08-30 12:48 -------- d-----w- c:\windows\system32\appmgmt
2014-08-30 12:23 . 2014-08-30 13:28 -------- d-----w- c:\programdata\TechSmith
2014-08-30 10:15 . 2014-08-26 19:23 1169712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-08-30 10:15 . 2014-08-26 19:23 1169712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{42DD791C-69C2-4D27-8F27-BF27317F4E5D}\gapaengine.dll
2014-08-29 17:28 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-08-29 17:28 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-08-29 17:28 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2014-08-29 17:28 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2014-08-29 17:28 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2014-08-29 17:20 . 2014-08-29 17:20 -------- d-----w- c:\windows\Migration
2014-08-29 17:17 . 2013-10-14 16:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2014-08-29 17:10 . 2014-08-29 17:10 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-08-29 16:30 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-29 16:30 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-29 16:30 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-29 16:30 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-29 16:30 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-29 16:30 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-29 16:29 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-29 16:29 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-29 16:26 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2014-08-29 16:26 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2014-08-29 16:26 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-08-29 16:26 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll
2014-08-29 16:26 . 2013-07-04 11:50 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
2014-08-29 16:26 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2014-08-29 16:26 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2014-08-29 16:26 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2014-08-29 16:26 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2014-08-29 16:26 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2014-08-29 16:25 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2014-08-29 16:25 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2014-08-29 16:23 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys
2014-08-29 16:22 . 2014-06-16 02:10 985536 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-08-29 16:21 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2014-08-29 16:12 . 2014-08-29 16:12 -------- d-----w- c:\program files (x86)\ADATA
2014-08-28 21:24 . 2014-08-28 21:24 -------- d-----w- c:\windows\system32\SPReview
2014-08-28 21:24 . 2014-08-28 21:24 -------- d-----w- c:\windows\system32\EventProviders
2014-08-28 19:11 . 2010-11-20 13:27 605696 ----a-w- c:\windows\system32\wmpeffects.dll
2014-08-28 19:10 . 2010-11-20 13:27 47104 ----a-w- c:\windows\system32\wshbth.dll
2014-08-28 19:09 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2014-08-28 18:48 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2014-08-28 18:48 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2014-08-28 18:48 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2014-08-28 18:48 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2014-08-28 18:48 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2014-08-28 18:48 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2014-08-28 18:48 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2014-08-28 18:48 . 2011-03-11 04:37 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
2014-08-28 18:48 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2014-08-28 18:48 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2014-08-28 18:47 . 2014-08-31 11:41 699568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-28 18:47 . 2014-08-31 11:41 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-28 18:47 . 2014-08-28 18:47 -------- d-----w- c:\windows\SysWow64\Macromed
2014-08-28 18:47 . 2014-08-28 18:47 -------- d-----w- c:\windows\system32\Macromed
2014-08-26 19:38 . 2014-08-26 19:38 -------- d-----w- c:\program files (x86)\totalcmd
2014-08-26 19:19 . 2014-08-26 19:19 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2014-08-26 19:19 . 2014-08-26 19:19 -------- d-----w- c:\program files\Microsoft Security Client
2014-08-26 18:57 . 2014-08-26 18:57 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2014-08-26 18:57 . 2014-07-02 17:44 609240 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-08-26 18:53 . 2014-08-26 18:53 -------- d-----w- c:\program files (x86)\Microsoft.NET
2014-08-26 18:53 . 2014-09-01 21:41 -------- d-sh--w- c:\windows\Installer
2014-08-26 18:45 . 2014-09-04 16:17 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2014-08-26 18:45 . 2014-08-26 18:45 -------- d-----w- c:\windows\SysWow64\Wat
2014-08-26 18:45 . 2014-08-26 18:45 -------- d-----w- c:\windows\system32\Wat
2014-08-26 18:40 . 2014-08-29 16:29 -------- d-s---w- c:\windows\system32\CompatTel
2014-08-26 18:35 . 2014-08-26 17:41 -------- d-----w- c:\windows\Panther
2014-08-26 18:25 . 2012-07-26 07:40 2560 ----a-w- c:\windows\system32\drivers\cs-CZ\wdf01000.sys.mui
2014-08-26 18:25 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2014-08-26 18:25 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2014-08-26 18:23 . 2014-08-26 18:24 -------- d-----w- c:\windows\system32\MRT
2014-08-26 18:17 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2014-08-26 18:09 . 2014-01-19 07:38 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-08-26 18:07 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-08-26 18:07 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-08-26 18:07 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-08-26 18:07 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-08-26 18:07 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-08-26 18:07 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2014-08-26 18:07 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2014-08-26 18:06 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-29 17:11 . 2014-08-29 17:11 208384 ----a-w- c:\windows\SysWow64\webcheck.dll
2014-08-29 17:11 . 2014-08-29 17:11 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-08-29 15:51 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2014-08-29 15:51 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2014-07-02 20:48 . 2014-03-20 21:03 965312 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-07-02 20:48 . 2014-03-20 21:02 3196816 ----a-w- c:\windows\system32\nvapi64.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mncyphylSrv"="c:\windows\system32\mncyphyl.vbe" [2014-03-05 7670]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-09-11 614400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 ADATA ToolBox Service;ADATA ToolBox Service;c:\program files (x86)\ADATA\SSD ToolBox\ToolBoxSvc.exe;c:\program files (x86)\ADATA\SSD ToolBox\ToolBoxSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8187.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2014-09-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-28 11:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-08-09 2403288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-08-09 1283136]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\ahtc53dc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-09-06 11:34:15
ComboFix-quarantined-files.txt 2014-09-06 09:34
.
Před spuštěním: Volných bajtů: 31 923 564 544
Po spuštění: Volných bajtů: 31 769 153 536
.
- - End Of File - - ED57D01783A40A76DFD29A1A93E361EC
5FB38429D5D77768867C76DCBDB35194
prosím o kontrolu Vyřešeno
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosím o kontrolu
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
ClearJavaCache::
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
ClearJavaCache::
Kód: Vybrat vše
KillAll::
File::
c:\windows\SysWow64\mncyphyl.vbe
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: prosím o kontrolu
ComboFix 14-09-05.01 - Tomas 07.09.2014 16:31:42.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4095.3137 [GMT 2:00]
Spuštěný z: c:\users\Tomas\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Tomas\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\SysWow64\mncyphyl.vbe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\mncyphyl.vbe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-08-07 do 2014-09-07 )))))))))))))))))))))))))))))))
.
.
2014-09-07 14:35 . 2014-09-07 14:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-07 08:16 . 2014-08-20 18:43 11319192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93C9FD91-11C7-4EA1-AA58-E3533E60A36A}\mpengine.dll
2014-09-06 09:45 . 2014-08-20 18:43 11319192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-09-06 09:20 . 2014-09-06 09:11 24064 ----a-w- c:\windows\zoek-delete.exe
2014-09-05 13:41 . 2014-09-05 13:48 -------- d-----w- C:\zoek_backup
2014-09-04 17:28 . 2014-09-05 13:32 36456 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-09-04 17:28 . 2014-09-04 17:28 -------- d-----w- c:\programdata\RogueKiller
2014-09-04 17:12 . 2014-09-04 17:12 -------- d-----w- c:\windows\ERUNT
2014-09-04 16:43 . 2014-09-04 17:19 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-04 16:42 . 2014-09-04 16:43 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-09-04 16:42 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-09-04 16:42 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-04 16:42 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-04 16:42 . 2014-09-04 16:42 -------- d-----w- c:\programdata\Malwarebytes
2014-09-04 16:31 . 2014-09-04 17:10 -------- d-----w- C:\AdwCleaner
2014-09-02 16:38 . 2014-09-02 16:38 -------- d-----w- c:\program files (x86)\Common Files\Solveig Multimedia
2014-09-01 21:40 . 2014-09-01 21:40 -------- d-----w- c:\program files\Microsoft Silverlight
2014-09-01 21:40 . 2014-09-01 21:40 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2014-09-01 20:22 . 2014-09-01 20:22 -------- d-----w- c:\program files (x86)\MSXML 4.0
2014-08-31 16:58 . 2010-05-26 09:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
2014-08-31 16:58 . 2010-05-26 09:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2014-08-31 16:58 . 2010-05-26 09:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2014-08-31 16:58 . 2010-05-26 09:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2014-08-31 16:58 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2014-08-31 16:58 . 2010-05-26 09:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2014-08-31 16:57 . 2014-08-09 00:22 1291280 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-08-31 16:57 . 2014-08-09 00:22 1126480 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-08-31 16:57 . 2014-08-09 00:22 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-08-31 16:57 . 2014-08-09 00:22 1283136 ----a-w- c:\windows\system32\nvspcap64.dll
2014-08-31 11:10 . 2014-08-31 11:10 -------- d-----w- c:\program files\Zoner
2014-08-31 10:29 . 2006-12-09 02:55 27648 ----a-w- c:\windows\system32\Spool\prtprocs\x64\sugg1pc.dll
2014-08-31 10:04 . 2014-08-31 10:12 -------- d-----w- c:\windows\SysWow64\bitstreams
2014-08-31 10:04 . 2013-10-26 19:30 538126 --s-a-w- c:\windows\SysWow64\libcurl-4.dll
2014-08-31 10:04 . 2013-10-26 19:30 364544 --s-a-w- c:\windows\SysWow64\ssleay32.dll
2014-08-31 10:04 . 2013-10-26 19:30 192512 --s-a-w- c:\windows\SysWow64\libidn-11.dll
2014-08-31 10:04 . 2013-10-26 19:30 171008 --s-a-w- c:\windows\SysWow64\libssh2.dll
2014-08-31 10:04 . 2013-10-26 19:30 1704448 --s-a-w- c:\windows\SysWow64\libeay32.dll
2014-08-31 10:04 . 2013-10-26 19:30 133632 --s-a-w- c:\windows\SysWow64\librtmp.dll
2014-08-31 10:04 . 2013-06-12 14:15 119888 --s-a-w- c:\windows\SysWow64\pthreadGC2.dll
2014-08-31 10:04 . 2013-06-12 14:15 100864 --s-a-w- c:\windows\SysWow64\zlib1.dll
2014-08-31 10:04 . 2012-09-25 22:46 472424 --s-a-w- c:\windows\SysWow64\cudart32_50_35.dll
2014-08-31 10:04 . 2012-05-27 00:36 55808 --s-a-w- c:\windows\SysWow64\pthreadVC2.dll
2014-08-30 13:19 . 2014-07-31 23:41 348856 ----a-w- c:\windows\system32\iedkcs32.dll
2014-08-30 12:47 . 2014-08-30 12:48 -------- d-----w- c:\windows\system32\appmgmt
2014-08-30 12:23 . 2014-08-30 13:28 -------- d-----w- c:\programdata\TechSmith
2014-08-30 10:15 . 2014-08-26 19:23 1169712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-08-30 10:15 . 2014-08-26 19:23 1169712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{42DD791C-69C2-4D27-8F27-BF27317F4E5D}\gapaengine.dll
2014-08-29 17:28 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-08-29 17:28 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-08-29 17:28 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2014-08-29 17:28 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2014-08-29 17:28 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2014-08-29 17:20 . 2014-08-29 17:20 -------- d-----w- c:\windows\Migration
2014-08-29 17:17 . 2013-10-14 16:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2014-08-29 17:10 . 2014-08-29 17:10 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-08-29 16:30 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-29 16:30 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-29 16:30 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-29 16:30 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-29 16:30 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-29 16:30 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-29 16:29 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-29 16:29 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-29 16:26 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2014-08-29 16:26 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2014-08-29 16:26 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-08-29 16:26 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll
2014-08-29 16:26 . 2013-07-04 11:50 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
2014-08-29 16:26 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2014-08-29 16:26 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2014-08-29 16:26 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2014-08-29 16:26 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2014-08-29 16:26 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2014-08-29 16:25 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2014-08-29 16:25 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2014-08-29 16:23 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys
2014-08-29 16:22 . 2014-06-16 02:10 985536 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-08-29 16:21 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2014-08-29 16:12 . 2014-08-29 16:12 -------- d-----w- c:\program files (x86)\ADATA
2014-08-28 21:24 . 2014-08-28 21:24 -------- d-----w- c:\windows\system32\SPReview
2014-08-28 21:24 . 2014-08-28 21:24 -------- d-----w- c:\windows\system32\EventProviders
2014-08-28 19:11 . 2010-11-20 13:27 605696 ----a-w- c:\windows\system32\wmpeffects.dll
2014-08-28 19:10 . 2010-11-20 13:27 47104 ----a-w- c:\windows\system32\wshbth.dll
2014-08-28 19:09 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2014-08-28 18:48 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2014-08-28 18:48 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2014-08-28 18:48 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2014-08-28 18:48 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2014-08-28 18:48 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2014-08-28 18:48 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2014-08-28 18:48 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2014-08-28 18:48 . 2011-03-11 04:37 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
2014-08-28 18:48 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2014-08-28 18:48 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2014-08-28 18:47 . 2014-08-31 11:41 699568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-28 18:47 . 2014-08-31 11:41 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-28 18:47 . 2014-08-28 18:47 -------- d-----w- c:\windows\SysWow64\Macromed
2014-08-28 18:47 . 2014-08-28 18:47 -------- d-----w- c:\windows\system32\Macromed
2014-08-26 19:38 . 2014-09-06 09:35 -------- d-----w- c:\program files (x86)\totalcmd
2014-08-26 19:19 . 2014-08-26 19:19 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2014-08-26 19:19 . 2014-08-26 19:19 -------- d-----w- c:\program files\Microsoft Security Client
2014-08-26 18:57 . 2014-08-26 18:57 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2014-08-26 18:57 . 2014-07-02 17:44 609240 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-08-26 18:53 . 2014-08-26 18:53 -------- d-----w- c:\program files (x86)\Microsoft.NET
2014-08-26 18:53 . 2014-09-01 21:41 -------- d-sh--w- c:\windows\Installer
2014-08-26 18:45 . 2014-09-04 16:17 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2014-08-26 18:45 . 2014-08-26 18:45 -------- d-----w- c:\windows\SysWow64\Wat
2014-08-26 18:45 . 2014-08-26 18:45 -------- d-----w- c:\windows\system32\Wat
2014-08-26 18:40 . 2014-08-29 16:29 -------- d-s---w- c:\windows\system32\CompatTel
2014-08-26 18:35 . 2014-08-26 17:41 -------- d-----w- c:\windows\Panther
2014-08-26 18:25 . 2012-07-26 07:40 2560 ----a-w- c:\windows\system32\drivers\cs-CZ\wdf01000.sys.mui
2014-08-26 18:25 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2014-08-26 18:25 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2014-08-26 18:23 . 2014-08-26 18:24 -------- d-----w- c:\windows\system32\MRT
2014-08-26 18:17 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2014-08-26 18:09 . 2014-01-19 07:38 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-08-26 18:07 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-08-26 18:07 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-08-26 18:07 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-08-26 18:07 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-08-26 18:07 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-08-26 18:07 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2014-08-26 18:07 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2014-08-26 18:06 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2014-08-26 18:06 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-29 17:11 . 2014-08-29 17:11 208384 ----a-w- c:\windows\SysWow64\webcheck.dll
2014-08-29 17:11 . 2014-08-29 17:11 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-08-29 15:51 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2014-08-29 15:51 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2014-07-02 20:48 . 2014-03-20 21:03 965312 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-07-02 20:48 . 2014-03-20 21:02 3196816 ----a-w- c:\windows\system32\nvapi64.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-09-11 614400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 ADATA ToolBox Service;ADATA ToolBox Service;c:\program files (x86)\ADATA\SSD ToolBox\ToolBoxSvc.exe;c:\program files (x86)\ADATA\SSD ToolBox\ToolBoxSvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8187.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2014-09-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-28 11:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-08-09 2403288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-08-09 1283136]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\ahtc53dc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-mncyphylSrv - c:\windows\system32\mncyphyl.vbe
AddRemove-HyperCam 3 - h:\nahravani z obrazovky hypercam\Uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2014-09-07 16:58:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-09-07 14:58
ComboFix2.txt 2014-09-06 09:34
.
Před spuštěním: Volných bajtů: 31 581 990 912
Po spuštění: Volných bajtů: 31 226 101 760
.
- - End Of File - - 8992B40F55AF04E20575A1855AEFDF78
5FB38429D5D77768867C76DCBDB35194
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 17:12:03, on 7.9.2014
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v11.0 (11.00.9600.17239)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/select/asusTek_sys_ctrl3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: ADATA ToolBox Service - Unknown owner - C:\Program Files (x86)\ADATA\SSD ToolBox\ToolBoxSvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 5610 bytes
aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-09-07 17:14:07
-----------------------------
17:14:07.083 OS Version: Windows x64 6.1.7601 Service Pack 1
17:14:07.083 Number of processors: 2 586 0xF0B
17:14:07.083 ComputerName: TOMAS-PC UserName: Tomas
17:14:07.255 Initialize success
17:14:07.271 VM: initialized successfully
17:14:07.271 VM: Intel CPU supported
17:14:17.964 VM: supported disk I/O ataport.SYS
17:14:23.495 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
17:14:23.495 Disk 0 Vendor: ST3500418AS CC38 Size: 476940MB BusType: 11
17:14:23.511 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
17:14:23.511 Disk 1 Vendor: ADATA_SP800 5.2.5 Size: 61057MB BusType: 11
17:14:23.511 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-3
17:14:23.511 Disk 2 Vendor: ST3320620AS 3.AAK Size: 305245MB BusType: 11
17:14:23.527 VM: Disk 1 MBR read successfully
17:14:23.527 Disk 1 MBR scan
17:14:23.527 Disk 1 Windows 7 default MBR code
17:14:23.542 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:14:23.542 Disk 1 Boot: NTFS code=2
17:14:23.807 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 60955 MB offset 206848
17:14:23.823 Disk 1 scanning C:\Windows\system32\drivers
17:14:24.868 Service scanning
17:14:28.004 Modules scanning
17:14:28.004 Disk 1 trace - called modules:
17:14:28.004 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
17:14:28.019 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80043ef060]
17:14:28.019 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa8003f6a1e0]
17:14:28.019 5 ACPI.sys[fffff88000f177a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003f7c060]
17:14:28.035 Scan finished successfully
17:15:00.062 Disk 1 MBR has been saved successfully to "C:\Users\Tomas\Desktop\cistime pocitac\etapa5\MBR.dat"
17:15:00.062 The log file has been saved successfully to "C:\Users\Tomas\Desktop\cistime pocitac\etapa5\aswMBR.txt"
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4095.3137 [GMT 2:00]
Spuštěný z: c:\users\Tomas\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Tomas\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\SysWow64\mncyphyl.vbe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\mncyphyl.vbe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-08-07 do 2014-09-07 )))))))))))))))))))))))))))))))
.
.
2014-09-07 14:35 . 2014-09-07 14:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-07 08:16 . 2014-08-20 18:43 11319192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93C9FD91-11C7-4EA1-AA58-E3533E60A36A}\mpengine.dll
2014-09-06 09:45 . 2014-08-20 18:43 11319192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-09-06 09:20 . 2014-09-06 09:11 24064 ----a-w- c:\windows\zoek-delete.exe
2014-09-05 13:41 . 2014-09-05 13:48 -------- d-----w- C:\zoek_backup
2014-09-04 17:28 . 2014-09-05 13:32 36456 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-09-04 17:28 . 2014-09-04 17:28 -------- d-----w- c:\programdata\RogueKiller
2014-09-04 17:12 . 2014-09-04 17:12 -------- d-----w- c:\windows\ERUNT
2014-09-04 16:43 . 2014-09-04 17:19 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-04 16:42 . 2014-09-04 16:43 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-09-04 16:42 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-09-04 16:42 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-04 16:42 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-04 16:42 . 2014-09-04 16:42 -------- d-----w- c:\programdata\Malwarebytes
2014-09-04 16:31 . 2014-09-04 17:10 -------- d-----w- C:\AdwCleaner
2014-09-02 16:38 . 2014-09-02 16:38 -------- d-----w- c:\program files (x86)\Common Files\Solveig Multimedia
2014-09-01 21:40 . 2014-09-01 21:40 -------- d-----w- c:\program files\Microsoft Silverlight
2014-09-01 21:40 . 2014-09-01 21:40 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2014-09-01 20:22 . 2014-09-01 20:22 -------- d-----w- c:\program files (x86)\MSXML 4.0
2014-08-31 16:58 . 2010-05-26 09:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
2014-08-31 16:58 . 2010-05-26 09:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2014-08-31 16:58 . 2010-05-26 09:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2014-08-31 16:58 . 2010-05-26 09:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2014-08-31 16:58 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2014-08-31 16:58 . 2010-05-26 09:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2014-08-31 16:57 . 2014-08-09 00:22 1291280 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-08-31 16:57 . 2014-08-09 00:22 1126480 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-08-31 16:57 . 2014-08-09 00:22 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-08-31 16:57 . 2014-08-09 00:22 1283136 ----a-w- c:\windows\system32\nvspcap64.dll
2014-08-31 11:10 . 2014-08-31 11:10 -------- d-----w- c:\program files\Zoner
2014-08-31 10:29 . 2006-12-09 02:55 27648 ----a-w- c:\windows\system32\Spool\prtprocs\x64\sugg1pc.dll
2014-08-31 10:04 . 2014-08-31 10:12 -------- d-----w- c:\windows\SysWow64\bitstreams
2014-08-31 10:04 . 2013-10-26 19:30 538126 --s-a-w- c:\windows\SysWow64\libcurl-4.dll
2014-08-31 10:04 . 2013-10-26 19:30 364544 --s-a-w- c:\windows\SysWow64\ssleay32.dll
2014-08-31 10:04 . 2013-10-26 19:30 192512 --s-a-w- c:\windows\SysWow64\libidn-11.dll
2014-08-31 10:04 . 2013-10-26 19:30 171008 --s-a-w- c:\windows\SysWow64\libssh2.dll
2014-08-31 10:04 . 2013-10-26 19:30 1704448 --s-a-w- c:\windows\SysWow64\libeay32.dll
2014-08-31 10:04 . 2013-10-26 19:30 133632 --s-a-w- c:\windows\SysWow64\librtmp.dll
2014-08-31 10:04 . 2013-06-12 14:15 119888 --s-a-w- c:\windows\SysWow64\pthreadGC2.dll
2014-08-31 10:04 . 2013-06-12 14:15 100864 --s-a-w- c:\windows\SysWow64\zlib1.dll
2014-08-31 10:04 . 2012-09-25 22:46 472424 --s-a-w- c:\windows\SysWow64\cudart32_50_35.dll
2014-08-31 10:04 . 2012-05-27 00:36 55808 --s-a-w- c:\windows\SysWow64\pthreadVC2.dll
2014-08-30 13:19 . 2014-07-31 23:41 348856 ----a-w- c:\windows\system32\iedkcs32.dll
2014-08-30 12:47 . 2014-08-30 12:48 -------- d-----w- c:\windows\system32\appmgmt
2014-08-30 12:23 . 2014-08-30 13:28 -------- d-----w- c:\programdata\TechSmith
2014-08-30 10:15 . 2014-08-26 19:23 1169712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-08-30 10:15 . 2014-08-26 19:23 1169712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{42DD791C-69C2-4D27-8F27-BF27317F4E5D}\gapaengine.dll
2014-08-29 17:28 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-08-29 17:28 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-08-29 17:28 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2014-08-29 17:28 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2014-08-29 17:28 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2014-08-29 17:20 . 2014-08-29 17:20 -------- d-----w- c:\windows\Migration
2014-08-29 17:17 . 2013-10-14 16:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2014-08-29 17:10 . 2014-08-29 17:10 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-08-29 16:30 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-29 16:30 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-29 16:30 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-29 16:30 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-29 16:30 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-29 16:30 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-29 16:29 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-29 16:29 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-29 16:26 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2014-08-29 16:26 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2014-08-29 16:26 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-08-29 16:26 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll
2014-08-29 16:26 . 2013-07-04 11:50 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
2014-08-29 16:26 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2014-08-29 16:26 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2014-08-29 16:26 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2014-08-29 16:26 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2014-08-29 16:26 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2014-08-29 16:25 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2014-08-29 16:25 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2014-08-29 16:23 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys
2014-08-29 16:22 . 2014-06-16 02:10 985536 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-08-29 16:21 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2014-08-29 16:12 . 2014-08-29 16:12 -------- d-----w- c:\program files (x86)\ADATA
2014-08-28 21:24 . 2014-08-28 21:24 -------- d-----w- c:\windows\system32\SPReview
2014-08-28 21:24 . 2014-08-28 21:24 -------- d-----w- c:\windows\system32\EventProviders
2014-08-28 19:11 . 2010-11-20 13:27 605696 ----a-w- c:\windows\system32\wmpeffects.dll
2014-08-28 19:10 . 2010-11-20 13:27 47104 ----a-w- c:\windows\system32\wshbth.dll
2014-08-28 19:09 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2014-08-28 18:48 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2014-08-28 18:48 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2014-08-28 18:48 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2014-08-28 18:48 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2014-08-28 18:48 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2014-08-28 18:48 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2014-08-28 18:48 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2014-08-28 18:48 . 2011-03-11 04:37 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
2014-08-28 18:48 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2014-08-28 18:48 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2014-08-28 18:47 . 2014-08-31 11:41 699568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-28 18:47 . 2014-08-31 11:41 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-28 18:47 . 2014-08-28 18:47 -------- d-----w- c:\windows\SysWow64\Macromed
2014-08-28 18:47 . 2014-08-28 18:47 -------- d-----w- c:\windows\system32\Macromed
2014-08-26 19:38 . 2014-09-06 09:35 -------- d-----w- c:\program files (x86)\totalcmd
2014-08-26 19:19 . 2014-08-26 19:19 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2014-08-26 19:19 . 2014-08-26 19:19 -------- d-----w- c:\program files\Microsoft Security Client
2014-08-26 18:57 . 2014-08-26 18:57 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2014-08-26 18:57 . 2014-07-02 17:44 609240 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-08-26 18:53 . 2014-08-26 18:53 -------- d-----w- c:\program files (x86)\Microsoft.NET
2014-08-26 18:53 . 2014-09-01 21:41 -------- d-sh--w- c:\windows\Installer
2014-08-26 18:45 . 2014-09-04 16:17 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2014-08-26 18:45 . 2014-08-26 18:45 -------- d-----w- c:\windows\SysWow64\Wat
2014-08-26 18:45 . 2014-08-26 18:45 -------- d-----w- c:\windows\system32\Wat
2014-08-26 18:40 . 2014-08-29 16:29 -------- d-s---w- c:\windows\system32\CompatTel
2014-08-26 18:35 . 2014-08-26 17:41 -------- d-----w- c:\windows\Panther
2014-08-26 18:25 . 2012-07-26 07:40 2560 ----a-w- c:\windows\system32\drivers\cs-CZ\wdf01000.sys.mui
2014-08-26 18:25 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2014-08-26 18:25 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2014-08-26 18:23 . 2014-08-26 18:24 -------- d-----w- c:\windows\system32\MRT
2014-08-26 18:17 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2014-08-26 18:09 . 2014-01-19 07:38 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-08-26 18:07 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-08-26 18:07 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-08-26 18:07 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-08-26 18:07 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-08-26 18:07 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-08-26 18:07 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2014-08-26 18:07 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2014-08-26 18:06 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2014-08-26 18:06 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-29 17:11 . 2014-08-29 17:11 208384 ----a-w- c:\windows\SysWow64\webcheck.dll
2014-08-29 17:11 . 2014-08-29 17:11 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-08-29 15:51 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2014-08-29 15:51 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2014-07-02 20:48 . 2014-03-20 21:03 965312 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-07-02 20:48 . 2014-03-20 21:02 3196816 ----a-w- c:\windows\system32\nvapi64.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-09-11 614400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 ADATA ToolBox Service;ADATA ToolBox Service;c:\program files (x86)\ADATA\SSD ToolBox\ToolBoxSvc.exe;c:\program files (x86)\ADATA\SSD ToolBox\ToolBoxSvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8187.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2014-09-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-28 11:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-08-09 2403288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-08-09 1283136]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\ahtc53dc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-mncyphylSrv - c:\windows\system32\mncyphyl.vbe
AddRemove-HyperCam 3 - h:\nahravani z obrazovky hypercam\Uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2014-09-07 16:58:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-09-07 14:58
ComboFix2.txt 2014-09-06 09:34
.
Před spuštěním: Volných bajtů: 31 581 990 912
Po spuštění: Volných bajtů: 31 226 101 760
.
- - End Of File - - 8992B40F55AF04E20575A1855AEFDF78
5FB38429D5D77768867C76DCBDB35194
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 17:12:03, on 7.9.2014
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v11.0 (11.00.9600.17239)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/select/asusTek_sys_ctrl3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: ADATA ToolBox Service - Unknown owner - C:\Program Files (x86)\ADATA\SSD ToolBox\ToolBoxSvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 5610 bytes
aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-09-07 17:14:07
-----------------------------
17:14:07.083 OS Version: Windows x64 6.1.7601 Service Pack 1
17:14:07.083 Number of processors: 2 586 0xF0B
17:14:07.083 ComputerName: TOMAS-PC UserName: Tomas
17:14:07.255 Initialize success
17:14:07.271 VM: initialized successfully
17:14:07.271 VM: Intel CPU supported
17:14:17.964 VM: supported disk I/O ataport.SYS
17:14:23.495 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
17:14:23.495 Disk 0 Vendor: ST3500418AS CC38 Size: 476940MB BusType: 11
17:14:23.511 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
17:14:23.511 Disk 1 Vendor: ADATA_SP800 5.2.5 Size: 61057MB BusType: 11
17:14:23.511 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-3
17:14:23.511 Disk 2 Vendor: ST3320620AS 3.AAK Size: 305245MB BusType: 11
17:14:23.527 VM: Disk 1 MBR read successfully
17:14:23.527 Disk 1 MBR scan
17:14:23.527 Disk 1 Windows 7 default MBR code
17:14:23.542 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:14:23.542 Disk 1 Boot: NTFS code=2
17:14:23.807 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 60955 MB offset 206848
17:14:23.823 Disk 1 scanning C:\Windows\system32\drivers
17:14:24.868 Service scanning
17:14:28.004 Modules scanning
17:14:28.004 Disk 1 trace - called modules:
17:14:28.004 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
17:14:28.019 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80043ef060]
17:14:28.019 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa8003f6a1e0]
17:14:28.019 5 ACPI.sys[fffff88000f177a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003f7c060]
17:14:28.035 Scan finished successfully
17:15:00.062 Disk 1 MBR has been saved successfully to "C:\Users\Tomas\Desktop\cistime pocitac\etapa5\MBR.dat"
17:15:00.062 The log file has been saved successfully to "C:\Users\Tomas\Desktop\cistime pocitac\etapa5\aswMBR.txt"
-
Orcus
- člen Security týmu
-
Elite Level 10.5
- Příspěvky: 10645
- Registrován: duben 10
- Bydliště: Okolo rostou 3 růže =o)
- Pohlaví:
- Stav:
Offline
Re: prosím o kontrolu
V HJT fixni:
O13 - Gopher Prefix:
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/select/asusTek_sys_ctrl3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
===================================================
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
====================================================
Vyčisti systém CCleanerem
====================================================
Stáhni si zde DelFix
http://general-changelog-team.fr/fr/dow ... e/9-delfix
ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore) .
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci.
Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem. Jinak je zpráva zde:
v C: \ DelFix.txt
Co problémy?
O13 - Gopher Prefix:
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/select/asusTek_sys_ctrl3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
===================================================
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
====================================================
Vyčisti systém CCleanerem
====================================================
Stáhni si zde DelFix
http://general-changelog-team.fr/fr/dow ... e/9-delfix
ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore) .
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci.
Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem. Jinak je zpráva zde:
v C: \ DelFix.txt
Co problémy?
Láska hřeje, ale uhlí je uhlí. 
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Re: prosím o kontrolu
# DelFix v10.8 - Logfile created 08/09/2014 at 18:03:07
# Updated 29/07/2014 by Xplode
# Username : Tomas - TOMAS-PC
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
~ Removing disinfection tools ...
Deleted : C:\AdwCleaner
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR
~ Cleaning system restore ...
Deleted : RP #35 [ComboFix created restore point | 09/08/2014 15:57:30]
New restore point created !
########## - EOF - ##########
Problem je pryč Ten soubor se už nespouští. Mohu se zeptat co to bylo .Program dcgmncyphyl.exe přestal pracovat!
# Updated 29/07/2014 by Xplode
# Username : Tomas - TOMAS-PC
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
~ Removing disinfection tools ...
Deleted : C:\AdwCleaner
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR
~ Cleaning system restore ...
Deleted : RP #35 [ComboFix created restore point | 09/08/2014 15:57:30]
New restore point created !
########## - EOF - ##########
Problem je pryč Ten soubor se už nespouští. Mohu se zeptat co to bylo .Program dcgmncyphyl.exe přestal pracovat!
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: prosím o kontrolu Vyřešeno
Těžko říci, ale pravděpodobně nějaká infiltrace BitCoinMiner nebo něco takového... Muselo by se to hodit na VirusTotal, apod. Pokud tedy nejsou problémy, tak poprosím o zelenou fajku vpravo nahoře 
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 98 hostů