preventivní kontrola HJT logu Vyřešeno
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: preventivní kontrola HJT logu
Ten Defender je k ničemu. Nulová detekce. To bych raději nainstaloval nějaký ověřený jako AVAST, AVG, Avira... Jinak jeden odinstaluj a udělej zase Combofix, ale přesuň jej na plochu před skenem!
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
-
c.johnson
- Level 1.5
- Příspěvky: 144
- Registrován: listopad 07
- Bydliště: Los Santos
- Pohlaví:
- Stav:
Offline
Re: preventivní kontrola HJT logu
OK. Někde jsem viděl výsledky testu antivirů na Windows 8 a jeden z nejlepších tam byl tuším Bitdefender, tak si ho zkusím sehnat. Jaký antivir bys mi třeba doporučil ty? Ideálně ten který je nejméně náročný na víkend počítače.
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: preventivní kontrola HJT logu
Dořešíme potom. Udělej co psal jaro na předchozí straně
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
-
c.johnson
- Level 1.5
- Příspěvky: 144
- Registrován: listopad 07
- Bydliště: Los Santos
- Pohlaví:
- Stav:
Offline
Re: preventivní kontrola HJT logu
ComboFix 13-09-22.01 - michy9 . 09. 2013 0:44.2.2 - x64
Microsoft Windows 8 6.2.9200.0.1250.420.1029.18.3507.1983 [GMT 2:00]
Spuštěný z: c:\users\michy9\Desktop\ComboFix.exe
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-23 do 2013-09-23 )))))))))))))))))))))))))))))))
.
.
2013-09-23 23:02 . 2013-09-23 23:02 -------- d-----w- c:\users\michy9\AppData\Local\temp
2013-09-23 23:02 . 2013-09-23 23:02 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-09-23 23:02 . 2013-09-23 23:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-22 17:48 . 2013-09-22 17:48 -------- d-----w- c:\windows\ERUNT
2013-09-22 16:56 . 2013-09-22 16:56 -------- d-----w- c:\users\michy9\AppData\Roaming\Malwarebytes
2013-09-22 16:56 . 2013-09-22 16:56 -------- d-----w- c:\programdata\Malwarebytes
2013-09-22 16:56 . 2013-09-22 16:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-22 16:56 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-19 07:01 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4BC72889-78EC-4DFE-BCD9-F1701FE697B5}\mpengine.dll
2013-09-17 10:51 . 2013-09-17 10:51 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2013-09-17 10:51 . 2013-09-17 10:51 -------- d-----w- c:\windows\PCHEALTH
2013-09-17 10:51 . 2013-09-17 10:51 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2013-09-17 10:51 . 2013-09-17 10:51 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2013-09-17 10:50 . 2013-09-17 10:50 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2013-09-17 10:49 . 2013-09-17 10:49 -------- d-----w- c:\program files\Microsoft Office
2013-09-17 10:49 . 2013-09-17 10:49 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2013-09-17 10:48 . 2013-09-17 10:48 -------- d-----r- C:\MSOCache
2013-09-14 19:54 . 2013-09-14 19:54 -------- d-sh--w- c:\programdata\SecuROM
2013-09-14 19:54 . 2013-09-14 19:54 -------- d-----w- c:\users\michy9\AppData\Local\Rockstar Games
2013-09-12 20:54 . 2013-09-12 20:54 265392 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10216.bin
2013-09-11 15:18 . 2013-08-21 04:11 19246592 ----a-w- c:\windows\system32\mshtml.dll
2013-09-11 15:17 . 2013-07-06 00:16 1025024 ----a-w- c:\windows\system32\localspl.dll
2013-09-07 20:15 . 2013-09-07 20:15 -------- d-----w- C:\__temp
2013-09-07 18:27 . 2013-09-07 18:27 59816 ----a-r- c:\users\michy9\AppData\Roaming\Microsoft\Installer\{053ACA98-6B07-4DD0-9DB3-F51E3EB1780C}\ARPPRODUCTICON.exe
2013-09-07 18:26 . 2013-09-07 18:26 -------- d-----w- c:\users\michy9\AppData\Local\Downloaded Installations
2013-09-07 18:26 . 2013-09-07 18:26 59816 ----a-r- c:\users\michy9\AppData\Roaming\Microsoft\Installer\{C6FB6B4A-1378-4CD3-9CD3-42BA69FCBD43}\ARPPRODUCTICON.exe
2013-09-07 18:26 . 2013-09-07 18:26 -------- d-----w- c:\users\michy9\AppData\Local\Programs
2013-09-07 18:26 . 2013-09-07 18:26 -------- d-----w- C:\DRIVERS
2013-09-07 12:46 . 2013-09-07 12:46 -------- d-----w- c:\users\michy9\AppData\Roaming\2K Sports
2013-09-06 17:18 . 2013-09-06 17:18 -------- d-----w- c:\users\michy9\AppData\Local\Microsoft Help
2013-09-06 17:18 . 2013-09-17 10:54 -------- d-----w- c:\programdata\Microsoft Help
2013-09-03 20:10 . 2013-09-03 20:10 -------- d-----w- c:\users\michy9\AppData\Local\LucasArts
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-11 15:26 . 2013-07-20 21:03 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-09-05 20:09 . 2013-07-22 18:05 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-05 20:09 . 2013-07-22 18:05 694232 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-17 14:41 . 2013-08-17 14:41 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2013-08-04 14:37 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-07-21 00:26 . 2013-07-21 00:26 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-21 00:26 . 2013-07-21 00:26 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-21 00:26 . 2013-07-21 00:26 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-07-20 19:30 . 2013-07-20 19:30 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-07-20 19:30 . 2013-07-20 19:30 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-07-20 04:12 . 2013-07-20 04:12 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-07-16 03:02 . 2013-08-18 12:35 941720 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D0617E9-D274-4AB2-A823-D8E65F3EC4F7}\gapaengine.dll
2013-07-13 06:18 . 2013-08-14 08:59 337408 ----a-w- c:\windows\system32\wintrust.dll
2013-07-13 06:16 . 2013-08-14 08:59 1889280 ----a-w- c:\windows\system32\crypt32.dll
2013-07-13 06:16 . 2013-08-14 08:59 68096 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-13 06:15 . 2013-08-14 08:59 98304 ----a-w- c:\windows\system32\apprepsync.dll
2013-07-13 06:15 . 2013-08-14 08:59 124416 ----a-w- c:\windows\system32\apprepapi.dll
2013-07-13 04:24 . 2013-08-14 08:59 261120 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-13 04:23 . 2013-08-14 08:59 1568256 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-13 04:23 . 2013-08-14 08:59 87040 ----a-w- c:\windows\SysWow64\apprepapi.dll
2013-07-13 04:23 . 2013-08-14 08:59 74240 ----a-w- c:\windows\SysWow64\apprepsync.dll
2013-07-09 06:07 . 2013-08-14 09:02 2233168 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-07-02 00:44 . 2013-08-14 10:47 36288 ----a-w- c:\windows\system32\drivers\WdBoot.sys
2013-07-01 22:08 . 2013-08-14 10:47 247216 ----a-w- c:\windows\system32\drivers\WdFilter.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-07-03 3673184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2012-05-02 59392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-12-14 383544]
"DynamicUSB"="c:\program files (x86)\DynamicUSBTool\DynamicUSB.exe" [2007-03-03 94208]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2012-8-27 1346936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
R3 LSCWinService;LSCWinService;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [x]
R3 vmicheartbeat;Služba prezenčního signálu technologie Hyper-V;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S0 amd_sata;amd_sata;c:\windows\System32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\System32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 APXACC;AppEx Networks Accelerator LWF;c:\windows\system32\DRIVERS\appexDrv.sys;c:\windows\SYSNATIVE\DRIVERS\appexDrv.sys [x]
S2 BcmBtRSupport;Bluetooth Radio Control Service;c:\windows\system32\BtwRSupportService.exe;c:\windows\SYSNATIVE\BtwRSupportService.exe [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 FPLService;TrueSuiteService;c:\program files\Lenovo Fingerprint Reader\TrueSuiteService.exe;c:\program files\Lenovo Fingerprint Reader\TrueSuiteService.exe [x]
S2 Lenovo QuickSnip Service;Lenovo QuickSnip Service;c:\program files\lenovo\QuickSnipService\QuickSnipService.exe;c:\program files\lenovo\QuickSnipService\QuickSnipService.exe [x]
S2 Lenovo System Agent Service;Lenovo System Agent Service;c:\program files\lenovo\SystemAgent\SystemAgentService.exe;c:\program files\lenovo\SystemAgent\SystemAgentService.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;c:\program files\Lenovo\Communications Utility\vcamsvc.exe;c:\program files\Lenovo\Communications Utility\vcamsvc.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 LnvHotSpotSvc;LnvMHService;c:\program files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe;c:\program files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [x]
S2 LocationTaskManager;Location Task Manager;c:\program files (x86)\Lenovo\LocationAware\loctaskmgr.exe;c:\program files (x86)\Lenovo\LocationAware\loctaskmgr.exe [x]
S2 Power Manager DBC Service;Lenovo Settings Power Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 X5XSEx_Pr148;X5XSEx_Pr148;c:\program files (x86)\FreeRide Games\X5XSEx_Pr148.Sys;c:\program files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 BthLEEnum;Ovladač úspory energie technologie Bluetooth;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x]
S3 RCUVCAVS;Ricoh UVC AVStream driver;c:\windows\system32\DRIVERS\RCUVCAVS.sys;c:\windows\SYSNATIVE\DRIVERS\RCUVCAVS.sys [x]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_AMDASF.sys [x]
S3 TrueService;TrueAPI Service component;c:\program files\Common Files\AuthenTec\TrueService.exe;c:\program files\Common Files\AuthenTec\TrueService.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2013-09-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-20 19:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2012-06-14 887968]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"TpShocks"="TpShocks.exe" [2012-08-24 222720]
"LnvMobHotspotClient"="c:\program files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe" [2012-08-20 1010784]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-08-13 564320]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.138
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} -
FF - ProfilePath - c:\users\michy9\AppData\Roaming\Mozilla\Firefox\Profiles\b7emh7f2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-AutoKMS - c:\windows\AutoKMS.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3487811764-2725458153-3966526203-1002CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\SecuROM\License information*]
"datasecu"=hex:31,f4,a4,fb,56,d3,69,07,73,16,13,58,0e,8d,b7,24,d3,5e,c9,94,21,
cf,4b,35,71,64,10,f4,5e,84,b0,99,70,f3,57,b7,26,1b,2b,fb,bb,61,81,6c,83,b8,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Celkový čas: 2013-09-24 01:22:58
ComboFix-quarantined-files.txt 2013-09-23 23:22
.
Před spuštěním: 619 836 694 528 bytes free
Po spuštění: 619 781 722 112 bytes free
.
- - End Of File - - C8CEC3C8F37A68F96F264727FCFEEE37
5FB38429D5D77768867C76DCBDB35194
Microsoft Windows 8 6.2.9200.0.1250.420.1029.18.3507.1983 [GMT 2:00]
Spuštěný z: c:\users\michy9\Desktop\ComboFix.exe
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-23 do 2013-09-23 )))))))))))))))))))))))))))))))
.
.
2013-09-23 23:02 . 2013-09-23 23:02 -------- d-----w- c:\users\michy9\AppData\Local\temp
2013-09-23 23:02 . 2013-09-23 23:02 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-09-23 23:02 . 2013-09-23 23:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-22 17:48 . 2013-09-22 17:48 -------- d-----w- c:\windows\ERUNT
2013-09-22 16:56 . 2013-09-22 16:56 -------- d-----w- c:\users\michy9\AppData\Roaming\Malwarebytes
2013-09-22 16:56 . 2013-09-22 16:56 -------- d-----w- c:\programdata\Malwarebytes
2013-09-22 16:56 . 2013-09-22 16:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-22 16:56 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-19 07:01 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4BC72889-78EC-4DFE-BCD9-F1701FE697B5}\mpengine.dll
2013-09-17 10:51 . 2013-09-17 10:51 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2013-09-17 10:51 . 2013-09-17 10:51 -------- d-----w- c:\windows\PCHEALTH
2013-09-17 10:51 . 2013-09-17 10:51 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2013-09-17 10:51 . 2013-09-17 10:51 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2013-09-17 10:50 . 2013-09-17 10:50 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2013-09-17 10:49 . 2013-09-17 10:49 -------- d-----w- c:\program files\Microsoft Office
2013-09-17 10:49 . 2013-09-17 10:49 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2013-09-17 10:48 . 2013-09-17 10:48 -------- d-----r- C:\MSOCache
2013-09-14 19:54 . 2013-09-14 19:54 -------- d-sh--w- c:\programdata\SecuROM
2013-09-14 19:54 . 2013-09-14 19:54 -------- d-----w- c:\users\michy9\AppData\Local\Rockstar Games
2013-09-12 20:54 . 2013-09-12 20:54 265392 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10216.bin
2013-09-11 15:18 . 2013-08-21 04:11 19246592 ----a-w- c:\windows\system32\mshtml.dll
2013-09-11 15:17 . 2013-07-06 00:16 1025024 ----a-w- c:\windows\system32\localspl.dll
2013-09-07 20:15 . 2013-09-07 20:15 -------- d-----w- C:\__temp
2013-09-07 18:27 . 2013-09-07 18:27 59816 ----a-r- c:\users\michy9\AppData\Roaming\Microsoft\Installer\{053ACA98-6B07-4DD0-9DB3-F51E3EB1780C}\ARPPRODUCTICON.exe
2013-09-07 18:26 . 2013-09-07 18:26 -------- d-----w- c:\users\michy9\AppData\Local\Downloaded Installations
2013-09-07 18:26 . 2013-09-07 18:26 59816 ----a-r- c:\users\michy9\AppData\Roaming\Microsoft\Installer\{C6FB6B4A-1378-4CD3-9CD3-42BA69FCBD43}\ARPPRODUCTICON.exe
2013-09-07 18:26 . 2013-09-07 18:26 -------- d-----w- c:\users\michy9\AppData\Local\Programs
2013-09-07 18:26 . 2013-09-07 18:26 -------- d-----w- C:\DRIVERS
2013-09-07 12:46 . 2013-09-07 12:46 -------- d-----w- c:\users\michy9\AppData\Roaming\2K Sports
2013-09-06 17:18 . 2013-09-06 17:18 -------- d-----w- c:\users\michy9\AppData\Local\Microsoft Help
2013-09-06 17:18 . 2013-09-17 10:54 -------- d-----w- c:\programdata\Microsoft Help
2013-09-03 20:10 . 2013-09-03 20:10 -------- d-----w- c:\users\michy9\AppData\Local\LucasArts
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-11 15:26 . 2013-07-20 21:03 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-09-05 20:09 . 2013-07-22 18:05 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-05 20:09 . 2013-07-22 18:05 694232 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-17 14:41 . 2013-08-17 14:41 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2013-08-04 14:37 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-07-21 00:26 . 2013-07-21 00:26 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-21 00:26 . 2013-07-21 00:26 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-21 00:26 . 2013-07-21 00:26 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-07-20 19:30 . 2013-07-20 19:30 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-07-20 19:30 . 2013-07-20 19:30 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-07-20 04:12 . 2013-07-20 04:12 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-07-16 03:02 . 2013-08-18 12:35 941720 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D0617E9-D274-4AB2-A823-D8E65F3EC4F7}\gapaengine.dll
2013-07-13 06:18 . 2013-08-14 08:59 337408 ----a-w- c:\windows\system32\wintrust.dll
2013-07-13 06:16 . 2013-08-14 08:59 1889280 ----a-w- c:\windows\system32\crypt32.dll
2013-07-13 06:16 . 2013-08-14 08:59 68096 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-13 06:15 . 2013-08-14 08:59 98304 ----a-w- c:\windows\system32\apprepsync.dll
2013-07-13 06:15 . 2013-08-14 08:59 124416 ----a-w- c:\windows\system32\apprepapi.dll
2013-07-13 04:24 . 2013-08-14 08:59 261120 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-13 04:23 . 2013-08-14 08:59 1568256 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-13 04:23 . 2013-08-14 08:59 87040 ----a-w- c:\windows\SysWow64\apprepapi.dll
2013-07-13 04:23 . 2013-08-14 08:59 74240 ----a-w- c:\windows\SysWow64\apprepsync.dll
2013-07-09 06:07 . 2013-08-14 09:02 2233168 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-07-02 00:44 . 2013-08-14 10:47 36288 ----a-w- c:\windows\system32\drivers\WdBoot.sys
2013-07-01 22:08 . 2013-08-14 10:47 247216 ----a-w- c:\windows\system32\drivers\WdFilter.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-07-03 3673184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2012-05-02 59392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-12-14 383544]
"DynamicUSB"="c:\program files (x86)\DynamicUSBTool\DynamicUSB.exe" [2007-03-03 94208]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2012-8-27 1346936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
R3 LSCWinService;LSCWinService;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [x]
R3 vmicheartbeat;Služba prezenčního signálu technologie Hyper-V;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S0 amd_sata;amd_sata;c:\windows\System32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\System32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 APXACC;AppEx Networks Accelerator LWF;c:\windows\system32\DRIVERS\appexDrv.sys;c:\windows\SYSNATIVE\DRIVERS\appexDrv.sys [x]
S2 BcmBtRSupport;Bluetooth Radio Control Service;c:\windows\system32\BtwRSupportService.exe;c:\windows\SYSNATIVE\BtwRSupportService.exe [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 FPLService;TrueSuiteService;c:\program files\Lenovo Fingerprint Reader\TrueSuiteService.exe;c:\program files\Lenovo Fingerprint Reader\TrueSuiteService.exe [x]
S2 Lenovo QuickSnip Service;Lenovo QuickSnip Service;c:\program files\lenovo\QuickSnipService\QuickSnipService.exe;c:\program files\lenovo\QuickSnipService\QuickSnipService.exe [x]
S2 Lenovo System Agent Service;Lenovo System Agent Service;c:\program files\lenovo\SystemAgent\SystemAgentService.exe;c:\program files\lenovo\SystemAgent\SystemAgentService.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;c:\program files\Lenovo\Communications Utility\vcamsvc.exe;c:\program files\Lenovo\Communications Utility\vcamsvc.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 LnvHotSpotSvc;LnvMHService;c:\program files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe;c:\program files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [x]
S2 LocationTaskManager;Location Task Manager;c:\program files (x86)\Lenovo\LocationAware\loctaskmgr.exe;c:\program files (x86)\Lenovo\LocationAware\loctaskmgr.exe [x]
S2 Power Manager DBC Service;Lenovo Settings Power Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 X5XSEx_Pr148;X5XSEx_Pr148;c:\program files (x86)\FreeRide Games\X5XSEx_Pr148.Sys;c:\program files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 BthLEEnum;Ovladač úspory energie technologie Bluetooth;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x]
S3 RCUVCAVS;Ricoh UVC AVStream driver;c:\windows\system32\DRIVERS\RCUVCAVS.sys;c:\windows\SYSNATIVE\DRIVERS\RCUVCAVS.sys [x]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_AMDASF.sys [x]
S3 TrueService;TrueAPI Service component;c:\program files\Common Files\AuthenTec\TrueService.exe;c:\program files\Common Files\AuthenTec\TrueService.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2013-09-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-20 19:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2012-06-14 887968]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"TpShocks"="TpShocks.exe" [2012-08-24 222720]
"LnvMobHotspotClient"="c:\program files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe" [2012-08-20 1010784]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-08-13 564320]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.138
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} -
FF - ProfilePath - c:\users\michy9\AppData\Roaming\Mozilla\Firefox\Profiles\b7emh7f2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-AutoKMS - c:\windows\AutoKMS.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3487811764-2725458153-3966526203-1002CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\SecuROM\License information*]
"datasecu"=hex:31,f4,a4,fb,56,d3,69,07,73,16,13,58,0e,8d,b7,24,d3,5e,c9,94,21,
cf,4b,35,71,64,10,f4,5e,84,b0,99,70,f3,57,b7,26,1b,2b,fb,bb,61,81,6c,83,b8,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Celkový čas: 2013-09-24 01:22:58
ComboFix-quarantined-files.txt 2013-09-23 23:22
.
Před spuštěním: 619 836 694 528 bytes free
Po spuštění: 619 781 722 112 bytes free
.
- - End Of File - - C8CEC3C8F37A68F96F264727FCFEEE37
5FB38429D5D77768867C76DCBDB35194
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: preventivní kontrola HJT logu
Máš tam zbytky eset smart security.:
Použij tohle:
ESS:
http://kb.eset.com/esetkb/index?page=content&id=SOLN93
pak nový Combofix.
Použij tohle:
ESS:
http://kb.eset.com/esetkb/index?page=content&id=SOLN93
pak nový Combofix.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
c.johnson
- Level 1.5
- Příspěvky: 144
- Registrován: listopad 07
- Bydliště: Los Santos
- Pohlaví:
- Stav:
Offline
Re: preventivní kontrola HJT logu
ComboFix 13-09-24.02 - michy9 . 09. 2013 12:06:42.3.2 - x64
Microsoft Windows 8 6.2.9200.0.1250.420.1029.18.3507.2182 [GMT 2:00]
Spuštěný z: c:\users\michy9\Desktop\ComboFix.exe
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-24 do 2013-09-24 )))))))))))))))))))))))))))))))
.
.
2013-09-24 10:16 . 2013-09-24 10:16 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-09-24 10:16 . 2013-09-24 10:16 -------- d-----w- c:\users\michy9\AppData\Local\temp
2013-09-24 10:16 . 2013-09-24 10:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-22 17:48 . 2013-09-22 17:48 -------- d-----w- c:\windows\ERUNT
2013-09-22 16:56 . 2013-09-22 16:56 -------- d-----w- c:\users\michy9\AppData\Roaming\Malwarebytes
2013-09-22 16:56 . 2013-09-22 16:56 -------- d-----w- c:\programdata\Malwarebytes
2013-09-22 16:56 . 2013-09-22 16:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-22 16:56 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-17 10:51 . 2013-09-17 10:51 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2013-09-17 10:51 . 2013-09-17 10:51 -------- d-----w- c:\windows\PCHEALTH
2013-09-17 10:51 . 2013-09-17 10:51 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2013-09-17 10:51 . 2013-09-17 10:51 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2013-09-17 10:50 . 2013-09-17 10:50 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2013-09-17 10:49 . 2013-09-17 10:49 -------- d-----w- c:\program files\Microsoft Office
2013-09-17 10:49 . 2013-09-17 10:49 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2013-09-17 10:48 . 2013-09-17 10:48 -------- d-----r- C:\MSOCache
2013-09-14 19:54 . 2013-09-14 19:54 -------- d-sh--w- c:\programdata\SecuROM
2013-09-14 19:54 . 2013-09-14 19:54 -------- d-----w- c:\users\michy9\AppData\Local\Rockstar Games
2013-09-12 20:54 . 2013-09-12 20:54 265392 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10216.bin
2013-09-11 15:18 . 2013-08-21 04:11 19246592 ----a-w- c:\windows\system32\mshtml.dll
2013-09-11 15:17 . 2013-07-06 00:16 1025024 ----a-w- c:\windows\system32\localspl.dll
2013-09-07 20:15 . 2013-09-07 20:15 -------- d-----w- C:\__temp
2013-09-07 18:27 . 2013-09-07 18:27 59816 ----a-r- c:\users\michy9\AppData\Roaming\Microsoft\Installer\{053ACA98-6B07-4DD0-9DB3-F51E3EB1780C}\ARPPRODUCTICON.exe
2013-09-07 18:26 . 2013-09-07 18:26 -------- d-----w- c:\users\michy9\AppData\Local\Downloaded Installations
2013-09-07 18:26 . 2013-09-07 18:26 59816 ----a-r- c:\users\michy9\AppData\Roaming\Microsoft\Installer\{C6FB6B4A-1378-4CD3-9CD3-42BA69FCBD43}\ARPPRODUCTICON.exe
2013-09-07 18:26 . 2013-09-07 18:26 -------- d-----w- c:\users\michy9\AppData\Local\Programs
2013-09-07 18:26 . 2013-09-07 18:26 -------- d-----w- C:\DRIVERS
2013-09-07 12:46 . 2013-09-07 12:46 -------- d-----w- c:\users\michy9\AppData\Roaming\2K Sports
2013-09-06 17:18 . 2013-09-06 17:18 -------- d-----w- c:\users\michy9\AppData\Local\Microsoft Help
2013-09-06 17:18 . 2013-09-17 10:54 -------- d-----w- c:\programdata\Microsoft Help
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-11 15:26 . 2013-07-20 21:03 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-09-05 20:09 . 2013-07-22 18:05 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-05 20:09 . 2013-07-22 18:05 694232 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-17 14:41 . 2013-08-17 14:41 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2013-08-04 14:37 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-07-21 00:26 . 2013-07-21 00:26 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-21 00:26 . 2013-07-21 00:26 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-21 00:26 . 2013-07-21 00:26 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-07-20 19:30 . 2013-07-20 19:30 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-07-20 19:30 . 2013-07-20 19:30 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-07-20 04:12 . 2013-07-20 04:12 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-07-16 03:02 . 2013-08-18 12:35 941720 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D0617E9-D274-4AB2-A823-D8E65F3EC4F7}\gapaengine.dll
2013-07-13 06:18 . 2013-08-14 08:59 337408 ----a-w- c:\windows\system32\wintrust.dll
2013-07-13 06:16 . 2013-08-14 08:59 1889280 ----a-w- c:\windows\system32\crypt32.dll
2013-07-13 06:16 . 2013-08-14 08:59 68096 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-13 06:15 . 2013-08-14 08:59 98304 ----a-w- c:\windows\system32\apprepsync.dll
2013-07-13 06:15 . 2013-08-14 08:59 124416 ----a-w- c:\windows\system32\apprepapi.dll
2013-07-13 04:24 . 2013-08-14 08:59 261120 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-13 04:23 . 2013-08-14 08:59 1568256 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-13 04:23 . 2013-08-14 08:59 87040 ----a-w- c:\windows\SysWow64\apprepapi.dll
2013-07-13 04:23 . 2013-08-14 08:59 74240 ----a-w- c:\windows\SysWow64\apprepsync.dll
2013-07-09 06:07 . 2013-08-14 09:02 2233168 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-07-02 00:44 . 2013-08-14 10:47 36288 ----a-w- c:\windows\system32\drivers\WdBoot.sys
2013-07-01 22:08 . 2013-08-14 10:47 247216 ----a-w- c:\windows\system32\drivers\WdFilter.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-07-03 3673184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2012-05-02 59392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-12-14 383544]
"DynamicUSB"="c:\program files (x86)\DynamicUSBTool\DynamicUSB.exe" [2007-03-03 94208]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2012-8-27 1346936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
R3 LSCWinService;LSCWinService;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [x]
R3 vmicheartbeat;Služba prezenčního signálu technologie Hyper-V;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S0 amd_sata;amd_sata;c:\windows\System32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\System32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 APXACC;AppEx Networks Accelerator LWF;c:\windows\system32\DRIVERS\appexDrv.sys;c:\windows\SYSNATIVE\DRIVERS\appexDrv.sys [x]
S2 BcmBtRSupport;Bluetooth Radio Control Service;c:\windows\system32\BtwRSupportService.exe;c:\windows\SYSNATIVE\BtwRSupportService.exe [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 FPLService;TrueSuiteService;c:\program files\Lenovo Fingerprint Reader\TrueSuiteService.exe;c:\program files\Lenovo Fingerprint Reader\TrueSuiteService.exe [x]
S2 Lenovo QuickSnip Service;Lenovo QuickSnip Service;c:\program files\lenovo\QuickSnipService\QuickSnipService.exe;c:\program files\lenovo\QuickSnipService\QuickSnipService.exe [x]
S2 Lenovo System Agent Service;Lenovo System Agent Service;c:\program files\lenovo\SystemAgent\SystemAgentService.exe;c:\program files\lenovo\SystemAgent\SystemAgentService.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;c:\program files\Lenovo\Communications Utility\vcamsvc.exe;c:\program files\Lenovo\Communications Utility\vcamsvc.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 LnvHotSpotSvc;LnvMHService;c:\program files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe;c:\program files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [x]
S2 LocationTaskManager;Location Task Manager;c:\program files (x86)\Lenovo\LocationAware\loctaskmgr.exe;c:\program files (x86)\Lenovo\LocationAware\loctaskmgr.exe [x]
S2 Power Manager DBC Service;Lenovo Settings Power Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 X5XSEx_Pr148;X5XSEx_Pr148;c:\program files (x86)\FreeRide Games\X5XSEx_Pr148.Sys;c:\program files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 BthLEEnum;Ovladač úspory energie technologie Bluetooth;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x]
S3 RCUVCAVS;Ricoh UVC AVStream driver;c:\windows\system32\DRIVERS\RCUVCAVS.sys;c:\windows\SYSNATIVE\DRIVERS\RCUVCAVS.sys [x]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_AMDASF.sys [x]
S3 TrueService;TrueAPI Service component;c:\program files\Common Files\AuthenTec\TrueService.exe;c:\program files\Common Files\AuthenTec\TrueService.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2013-09-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-20 19:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2012-06-14 887968]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"TpShocks"="TpShocks.exe" [2012-08-24 222720]
"LnvMobHotspotClient"="c:\program files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe" [2012-08-20 1010784]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-08-13 564320]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.138
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} -
FF - ProfilePath - c:\users\michy9\AppData\Roaming\Mozilla\Firefox\Profiles\b7emh7f2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3487811764-2725458153-3966526203-1002CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\SecuROM\License information*]
"datasecu"=hex:31,f4,a4,fb,56,d3,69,07,73,16,13,58,0e,8d,b7,24,d3,5e,c9,94,21,
cf,4b,35,71,64,10,f4,5e,84,b0,99,70,f3,57,b7,26,1b,2b,fb,bb,61,81,6c,83,b8,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Celkový čas: 2013-09-24 12:33:45
ComboFix-quarantined-files.txt 2013-09-24 10:33
.
Před spuštěním: 620 016 041 984 bytes free
Po spuštění: 619 963 437 056 bytes free
.
- - End Of File - - EAC51D524888064A198D8BDB27D3390D
5FB38429D5D77768867C76DCBDB35194
Microsoft Windows 8 6.2.9200.0.1250.420.1029.18.3507.2182 [GMT 2:00]
Spuštěný z: c:\users\michy9\Desktop\ComboFix.exe
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-24 do 2013-09-24 )))))))))))))))))))))))))))))))
.
.
2013-09-24 10:16 . 2013-09-24 10:16 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-09-24 10:16 . 2013-09-24 10:16 -------- d-----w- c:\users\michy9\AppData\Local\temp
2013-09-24 10:16 . 2013-09-24 10:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-22 17:48 . 2013-09-22 17:48 -------- d-----w- c:\windows\ERUNT
2013-09-22 16:56 . 2013-09-22 16:56 -------- d-----w- c:\users\michy9\AppData\Roaming\Malwarebytes
2013-09-22 16:56 . 2013-09-22 16:56 -------- d-----w- c:\programdata\Malwarebytes
2013-09-22 16:56 . 2013-09-22 16:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-22 16:56 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-17 10:51 . 2013-09-17 10:51 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2013-09-17 10:51 . 2013-09-17 10:51 -------- d-----w- c:\windows\PCHEALTH
2013-09-17 10:51 . 2013-09-17 10:51 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2013-09-17 10:51 . 2013-09-17 10:51 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2013-09-17 10:50 . 2013-09-17 10:50 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2013-09-17 10:49 . 2013-09-17 10:49 -------- d-----w- c:\program files\Microsoft Office
2013-09-17 10:49 . 2013-09-17 10:49 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2013-09-17 10:48 . 2013-09-17 10:48 -------- d-----r- C:\MSOCache
2013-09-14 19:54 . 2013-09-14 19:54 -------- d-sh--w- c:\programdata\SecuROM
2013-09-14 19:54 . 2013-09-14 19:54 -------- d-----w- c:\users\michy9\AppData\Local\Rockstar Games
2013-09-12 20:54 . 2013-09-12 20:54 265392 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10216.bin
2013-09-11 15:18 . 2013-08-21 04:11 19246592 ----a-w- c:\windows\system32\mshtml.dll
2013-09-11 15:17 . 2013-07-06 00:16 1025024 ----a-w- c:\windows\system32\localspl.dll
2013-09-07 20:15 . 2013-09-07 20:15 -------- d-----w- C:\__temp
2013-09-07 18:27 . 2013-09-07 18:27 59816 ----a-r- c:\users\michy9\AppData\Roaming\Microsoft\Installer\{053ACA98-6B07-4DD0-9DB3-F51E3EB1780C}\ARPPRODUCTICON.exe
2013-09-07 18:26 . 2013-09-07 18:26 -------- d-----w- c:\users\michy9\AppData\Local\Downloaded Installations
2013-09-07 18:26 . 2013-09-07 18:26 59816 ----a-r- c:\users\michy9\AppData\Roaming\Microsoft\Installer\{C6FB6B4A-1378-4CD3-9CD3-42BA69FCBD43}\ARPPRODUCTICON.exe
2013-09-07 18:26 . 2013-09-07 18:26 -------- d-----w- c:\users\michy9\AppData\Local\Programs
2013-09-07 18:26 . 2013-09-07 18:26 -------- d-----w- C:\DRIVERS
2013-09-07 12:46 . 2013-09-07 12:46 -------- d-----w- c:\users\michy9\AppData\Roaming\2K Sports
2013-09-06 17:18 . 2013-09-06 17:18 -------- d-----w- c:\users\michy9\AppData\Local\Microsoft Help
2013-09-06 17:18 . 2013-09-17 10:54 -------- d-----w- c:\programdata\Microsoft Help
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-11 15:26 . 2013-07-20 21:03 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-09-05 20:09 . 2013-07-22 18:05 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-05 20:09 . 2013-07-22 18:05 694232 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-17 14:41 . 2013-08-17 14:41 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2013-08-04 14:37 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-07-21 00:26 . 2013-07-21 00:26 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-21 00:26 . 2013-07-21 00:26 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-21 00:26 . 2013-07-21 00:26 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-07-20 19:30 . 2013-07-20 19:30 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-07-20 19:30 . 2013-07-20 19:30 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-07-20 04:12 . 2013-07-20 04:12 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-07-16 03:02 . 2013-08-18 12:35 941720 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D0617E9-D274-4AB2-A823-D8E65F3EC4F7}\gapaengine.dll
2013-07-13 06:18 . 2013-08-14 08:59 337408 ----a-w- c:\windows\system32\wintrust.dll
2013-07-13 06:16 . 2013-08-14 08:59 1889280 ----a-w- c:\windows\system32\crypt32.dll
2013-07-13 06:16 . 2013-08-14 08:59 68096 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-13 06:15 . 2013-08-14 08:59 98304 ----a-w- c:\windows\system32\apprepsync.dll
2013-07-13 06:15 . 2013-08-14 08:59 124416 ----a-w- c:\windows\system32\apprepapi.dll
2013-07-13 04:24 . 2013-08-14 08:59 261120 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-13 04:23 . 2013-08-14 08:59 1568256 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-13 04:23 . 2013-08-14 08:59 87040 ----a-w- c:\windows\SysWow64\apprepapi.dll
2013-07-13 04:23 . 2013-08-14 08:59 74240 ----a-w- c:\windows\SysWow64\apprepsync.dll
2013-07-09 06:07 . 2013-08-14 09:02 2233168 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-07-02 00:44 . 2013-08-14 10:47 36288 ----a-w- c:\windows\system32\drivers\WdBoot.sys
2013-07-01 22:08 . 2013-08-14 10:47 247216 ----a-w- c:\windows\system32\drivers\WdFilter.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-07-03 3673184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2012-05-02 59392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-12-14 383544]
"DynamicUSB"="c:\program files (x86)\DynamicUSBTool\DynamicUSB.exe" [2007-03-03 94208]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2012-8-27 1346936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
R3 LSCWinService;LSCWinService;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [x]
R3 vmicheartbeat;Služba prezenčního signálu technologie Hyper-V;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S0 amd_sata;amd_sata;c:\windows\System32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\System32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 APXACC;AppEx Networks Accelerator LWF;c:\windows\system32\DRIVERS\appexDrv.sys;c:\windows\SYSNATIVE\DRIVERS\appexDrv.sys [x]
S2 BcmBtRSupport;Bluetooth Radio Control Service;c:\windows\system32\BtwRSupportService.exe;c:\windows\SYSNATIVE\BtwRSupportService.exe [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 FPLService;TrueSuiteService;c:\program files\Lenovo Fingerprint Reader\TrueSuiteService.exe;c:\program files\Lenovo Fingerprint Reader\TrueSuiteService.exe [x]
S2 Lenovo QuickSnip Service;Lenovo QuickSnip Service;c:\program files\lenovo\QuickSnipService\QuickSnipService.exe;c:\program files\lenovo\QuickSnipService\QuickSnipService.exe [x]
S2 Lenovo System Agent Service;Lenovo System Agent Service;c:\program files\lenovo\SystemAgent\SystemAgentService.exe;c:\program files\lenovo\SystemAgent\SystemAgentService.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;c:\program files\Lenovo\Communications Utility\vcamsvc.exe;c:\program files\Lenovo\Communications Utility\vcamsvc.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 LnvHotSpotSvc;LnvMHService;c:\program files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe;c:\program files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [x]
S2 LocationTaskManager;Location Task Manager;c:\program files (x86)\Lenovo\LocationAware\loctaskmgr.exe;c:\program files (x86)\Lenovo\LocationAware\loctaskmgr.exe [x]
S2 Power Manager DBC Service;Lenovo Settings Power Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 X5XSEx_Pr148;X5XSEx_Pr148;c:\program files (x86)\FreeRide Games\X5XSEx_Pr148.Sys;c:\program files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 BthLEEnum;Ovladač úspory energie technologie Bluetooth;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x]
S3 RCUVCAVS;Ricoh UVC AVStream driver;c:\windows\system32\DRIVERS\RCUVCAVS.sys;c:\windows\SYSNATIVE\DRIVERS\RCUVCAVS.sys [x]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_AMDASF.sys [x]
S3 TrueService;TrueAPI Service component;c:\program files\Common Files\AuthenTec\TrueService.exe;c:\program files\Common Files\AuthenTec\TrueService.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2013-09-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-20 19:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2012-06-14 887968]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"TpShocks"="TpShocks.exe" [2012-08-24 222720]
"LnvMobHotspotClient"="c:\program files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe" [2012-08-20 1010784]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-08-13 564320]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.138
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} -
FF - ProfilePath - c:\users\michy9\AppData\Roaming\Mozilla\Firefox\Profiles\b7emh7f2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3487811764-2725458153-3966526203-1002CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\SecuROM\License information*]
"datasecu"=hex:31,f4,a4,fb,56,d3,69,07,73,16,13,58,0e,8d,b7,24,d3,5e,c9,94,21,
cf,4b,35,71,64,10,f4,5e,84,b0,99,70,f3,57,b7,26,1b,2b,fb,bb,61,81,6c,83,b8,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Celkový čas: 2013-09-24 12:33:45
ComboFix-quarantined-files.txt 2013-09-24 10:33
.
Před spuštěním: 620 016 041 984 bytes free
Po spuštění: 619 963 437 056 bytes free
.
- - End Of File - - EAC51D524888064A198D8BDB27D3390D
5FB38429D5D77768867C76DCBDB35194
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: preventivní kontrola HJT logu
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
Vyčisti systém CCleanerem
Stáhni si OTC
na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.
Stáhni si aswMBR
http://files.avast.com/files/rootkit-scanner/aswmbr.exe
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Vlož nový log z HJT+info o problémech.
Start-Spustit a zadej ComboFix /Uninstall
Vyčisti systém CCleanerem
Stáhni si OTC
na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.
Stáhni si aswMBR
http://files.avast.com/files/rootkit-scanner/aswmbr.exe
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Vlož nový log z HJT+info o problémech.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
c.johnson
- Level 1.5
- Příspěvky: 144
- Registrován: listopad 07
- Bydliště: Los Santos
- Pohlaví:
- Stav:
Offline
Re: preventivní kontrola HJT logu
nejde mi odinstalovat ComboFix, po zadání mi to hodí hlášku ComboFix/Uninstall nelze najít
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: preventivní kontrola HJT logu
Použij tohle:
Stáhni si [url=http://www.edisk.cz/stahni/15040/ToolsCleaner.rar_184.76KB.html
]ToolsCleaner2( by de A.Rothstein & Dj Quiou & překlad: Damned )[/url]
Na plochu a spusť ho.
Klikni na Bod obnovení a poté na OK , OK.
Klikni na Koš a poté na OK.
Klikni na Dočasné soubory a poté na OK.
Klikni na Vyhledat[b] a nech Cleaner pracovat. Může se během čištění zastavit (neodpovídá), ale nech ho pokračovat.
Když program skončí , klikni na [b]Odstranit a odstraň nalezené.
Zavři program.
Program maže i všechny nástroje na odvirování a vytváření logů , které se zde používají (HJT, Combofix, OTM, OTL, OTS atd.)
Ještě aswMBR
Stáhni si [url=http://www.edisk.cz/stahni/15040/ToolsCleaner.rar_184.76KB.html
]ToolsCleaner2( by de A.Rothstein & Dj Quiou & překlad: Damned )[/url]
Na plochu a spusť ho.
Klikni na Bod obnovení a poté na OK , OK.
Klikni na Koš a poté na OK.
Klikni na Dočasné soubory a poté na OK.
Klikni na Vyhledat[b] a nech Cleaner pracovat. Může se během čištění zastavit (neodpovídá), ale nech ho pokračovat.
Když program skončí , klikni na [b]Odstranit a odstraň nalezené.
Zavři program.
Program maže i všechny nástroje na odvirování a vytváření logů , které se zde používají (HJT, Combofix, OTM, OTL, OTS atd.)
Ještě aswMBR
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
c.johnson
- Level 1.5
- Příspěvky: 144
- Registrován: listopad 07
- Bydliště: Los Santos
- Pohlaví:
- Stav:
Offline
Re: preventivní kontrola HJT logu
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-09-25 18:32:58
-----------------------------
18:32:58.649 OS Version: Windows x64 6.2.9200
18:32:58.649 Number of processors: 2 586 0x1001
18:32:58.649 ComputerName: LENOVO-THINKPAD UserName: michy9
18:32:58.821 Initialze error 1
18:33:09.175 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000038
18:33:09.175 Disk 0 Vendor: WDC_WD75 03.0 Size: 715404MB BusType: 11
18:33:09.190 Disk 0 MBR read successfully
18:33:09.206 Disk 0 MBR scan
18:33:09.206 Disk 0 unknown MBR code
18:33:09.206 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
18:33:09.206 Disk 0 scanning C:\windows\system32\drivers
18:33:09.206 Service scanning
18:33:10.048 Modules scanning
18:33:10.048 Disk 0 trace - called modules:
18:33:10.079 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
18:33:10.079 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004af52a0]
18:33:10.095 3 CLASSPNP.SYS[fffff88001ed1e0a] -> nt!IofCallDriver -> [0xfffffa80042c1040]
18:33:10.095 5 amd_xata.sys[fffff88000bd7634] -> nt!IofCallDriver -> \Device\00000038[0xfffffa80043d87f0]
18:33:10.126 Scan finished successfully
18:33:37.520 Disk 0 MBR has been saved successfully to "C:\Users\michy9\Desktop\MBR.dat"
18:33:37.536 The log file has been saved successfully to "C:\Users\michy9\Desktop\aswMBR.txt"
Run date: 2013-09-25 18:32:58
-----------------------------
18:32:58.649 OS Version: Windows x64 6.2.9200
18:32:58.649 Number of processors: 2 586 0x1001
18:32:58.649 ComputerName: LENOVO-THINKPAD UserName: michy9
18:32:58.821 Initialze error 1
18:33:09.175 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000038
18:33:09.175 Disk 0 Vendor: WDC_WD75 03.0 Size: 715404MB BusType: 11
18:33:09.190 Disk 0 MBR read successfully
18:33:09.206 Disk 0 MBR scan
18:33:09.206 Disk 0 unknown MBR code
18:33:09.206 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
18:33:09.206 Disk 0 scanning C:\windows\system32\drivers
18:33:09.206 Service scanning
18:33:10.048 Modules scanning
18:33:10.048 Disk 0 trace - called modules:
18:33:10.079 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
18:33:10.079 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004af52a0]
18:33:10.095 3 CLASSPNP.SYS[fffff88001ed1e0a] -> nt!IofCallDriver -> [0xfffffa80042c1040]
18:33:10.095 5 amd_xata.sys[fffff88000bd7634] -> nt!IofCallDriver -> \Device\00000038[0xfffffa80043d87f0]
18:33:10.126 Scan finished successfully
18:33:37.520 Disk 0 MBR has been saved successfully to "C:\Users\michy9\Desktop\MBR.dat"
18:33:37.536 The log file has been saved successfully to "C:\Users\michy9\Desktop\aswMBR.txt"
-
c.johnson
- Level 1.5
- Příspěvky: 144
- Registrován: listopad 07
- Bydliště: Los Santos
- Pohlaví:
- Stav:
Offline
Re: preventivní kontrola HJT logu
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:40:31, on 25. 9. 2013
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16688)
Boot mode: Normal
Running processes:
C:\PROGRAM FILES (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe
C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Citrix\ICA Client\WFCRUN32.EXE
C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
C:\Program Files\Lenovo Fingerprint Reader\x86\IEWebSiteLogon.exe
C:\Users\michy9\Desktop\transfered data\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: TrueSuite Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [DynamicUSB] "C:\Program Files (x86)\DynamicUSBTool\DynamicUSB.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O16 - DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} (ExentInf1 Class) -
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: @oem17.inf,%BcmBtRSupport.SVCNAME%;Bluetooth Radio Control Service (BcmBtRSupport) - Unknown owner - C:\windows\system32\BtwRSupportService.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: @C:\windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: TrueSuiteService (FPLService) - AuthenTec, Inc - C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe
O23 - Service: @oem2.inf,%ibm.svcDesc0%;Lenovo PM Service (IBMPMSVC) - Unknown owner - C:\windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo QuickSnip Service - LENOVO INCORPORATED. - C:\Program Files\lenovo\QuickSnipService\QuickSnipService.exe
O23 - Service: Lenovo System Agent Service - LENOVO INCORPORATED. - C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: ThinkVantage Virtual Camera Controller (LENOVO.TVTVCAM) - Lenovo Corporation - C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: LnvMHService (LnvHotSpotSvc) - Lenovo - C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe
O23 - Service: Location Task Manager (LocationTaskManager) - Unknown owner - C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
O23 - Service: LSCWinService - Unknown owner - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo Settings Power Service (Power Manager DBC Service) - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\windows\system32\SAsrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\windows\System32\TPHDEXLG64.exe (file missing)
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: TrueAPI Service component (TrueService) - AuthenTec, Inc. - C:\Program Files\Common Files\AuthenTec\TrueService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12508 bytes
Všechno běží v pohodě, z procesů zmizelo podezřelé Chrome.exe, které jsem tam předtím viděl a všechno vypadá OK.
Scan saved at 18:40:31, on 25. 9. 2013
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16688)
Boot mode: Normal
Running processes:
C:\PROGRAM FILES (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe
C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Citrix\ICA Client\WFCRUN32.EXE
C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
C:\Program Files\Lenovo Fingerprint Reader\x86\IEWebSiteLogon.exe
C:\Users\michy9\Desktop\transfered data\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: TrueSuite Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [DynamicUSB] "C:\Program Files (x86)\DynamicUSBTool\DynamicUSB.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O16 - DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} (ExentInf1 Class) -
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: @oem17.inf,%BcmBtRSupport.SVCNAME%;Bluetooth Radio Control Service (BcmBtRSupport) - Unknown owner - C:\windows\system32\BtwRSupportService.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: @C:\windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: TrueSuiteService (FPLService) - AuthenTec, Inc - C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe
O23 - Service: @oem2.inf,%ibm.svcDesc0%;Lenovo PM Service (IBMPMSVC) - Unknown owner - C:\windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo QuickSnip Service - LENOVO INCORPORATED. - C:\Program Files\lenovo\QuickSnipService\QuickSnipService.exe
O23 - Service: Lenovo System Agent Service - LENOVO INCORPORATED. - C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: ThinkVantage Virtual Camera Controller (LENOVO.TVTVCAM) - Lenovo Corporation - C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: LnvMHService (LnvHotSpotSvc) - Lenovo - C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe
O23 - Service: Location Task Manager (LocationTaskManager) - Unknown owner - C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
O23 - Service: LSCWinService - Unknown owner - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo Settings Power Service (Power Manager DBC Service) - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\windows\system32\SAsrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\windows\System32\TPHDEXLG64.exe (file missing)
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: TrueAPI Service component (TrueService) - AuthenTec, Inc. - C:\Program Files\Common Files\AuthenTec\TrueService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12508 bytes
Všechno běží v pohodě, z procesů zmizelo podezřelé Chrome.exe, které jsem tam předtím viděl a všechno vypadá OK.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: preventivní kontrola HJT logu
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Návod
Kód: Vybrat vše
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O13 - Gopher Prefix:
O16 - DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} (ExentInf1 Class) -
Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 74 hostů