Avast mi našel rootkit, prosím o radu

Zpráva

Abe.xxx · #1 Příspěvek od **Abe.xxx** » 03 lis 2013 20:08

Dobrý den,
při pravidelné kontrole mi avast našel 4 rootkit infekce. Předem se přiznám, že jsem soubory sice smazal pomocí ComboFix (bohužel jsem objevil toto forum až po experimentování s Combofixem a jak jsem se dočetl v pravidlech, nejspíš bych se sním neměl začínat) a avast už infekci nehlásí, nicméně mám podezření, že zbavit se jich tak snadné nebude. Je nějáká možnost jak s určitostí zjistit, jestli jsem se všech infekcí zbavil či nikoliv.

Abe.xxx · #2 Příspěvek od **Abe.xxx** » 03 lis 2013 20:26

Použil jsem ho včera a dnes, ale použil jsem ho čtyřikrát, mám vložit všechny čtyři? Nebo jen první, poslední?

Abe.xxx · #3 Příspěvek od **Abe.xxx** » 03 lis 2013 20:39

První:

CFScript

KillAll::

File::
c:\users\Abe\AppData\Local\Temp\jar_cache878767963434361926.tmp
c:\users\Abe\AppData\Local\Temp\kbpki\75b60e5df10530ec668c.dll
c:\users\Abe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\1d25c6d1-7c875as7
c:\users\Abe\kbpki\nativLib\CMINativeLib.dll

ComboFix
ComboFix 13-11-01.03 - Abe 03.11.2013 10:51:58.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8106.6549 [GMT 1:00]
Spuštěný z: c:\users\Abe\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Abe\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\users\Abe\AppData\Local\Temp\jar_cache878767963434361926.tmp"
"c:\users\Abe\AppData\Local\Temp\kbpki\75b60e5df10530ec668c.dll"
"c:\users\Abe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\1d25c6d1-7c875as7"
"c:\users\Abe\kbpki\nativLib\CMINativeLib.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Abe\AppData\Local\Temp\_MEI29042\_ctypes.pyd
c:\users\Abe\AppData\Local\Temp\_MEI29042\_elementtree.pyd
c:\users\Abe\AppData\Local\Temp\_MEI29042\_hashlib.pyd
c:\users\Abe\AppData\Local\Temp\_MEI29042\_multiprocessing.pyd
c:\users\Abe\AppData\Local\Temp\_MEI29042\_socket.pyd
c:\users\Abe\AppData\Local\Temp\_MEI29042\_ssl.pyd
c:\users\Abe\AppData\Local\Temp\_MEI29042\msvcp100.dll
c:\users\Abe\AppData\Local\Temp\_MEI29042\msvcr100.dll
c:\users\Abe\AppData\Local\Temp\_MEI29042\pyexpat.pyd
c:\users\Abe\AppData\Local\Temp\_MEI29042\pysqlite2._sqlite.pyd
c:\users\Abe\AppData\Local\Temp\_MEI29042\python27.dll
c:\users\Abe\AppData\Local\Temp\_MEI29042\pythoncom27.dll
c:\users\Abe\AppData\Local\Temp\_MEI29042\PyWinTypes27.dll
c:\users\Abe\AppData\Local\Temp\_MEI29042\select.pyd
c:\users\Abe\AppData\Local\Temp\_MEI29042\unicodedata.pyd
c:\users\Abe\AppData\Local\Temp\_MEI29042\win32api.pyd
c:\users\Abe\AppData\Local\Temp\_MEI29042\win32com.shell.shell.pyd
c:\users\Abe\AppData\Local\Temp\_MEI29042\win32crypt.pyd
c:\users\Abe\AppData\Local\Temp\_MEI29042\win32event.pyd
c:\users\Abe\AppData\Local\Temp\_MEI29042\win32file.pyd
c:\users\Abe\AppData\Local\Temp\_MEI29042\win32inet.pyd
c:\users\Abe\AppData\Local\Temp\_MEI29042\win32pdh.pyd
c:\users\Abe\AppData\Local\Temp\_MEI29042\win32process.pyd
c:\users\Abe\AppData\Local\Temp\_MEI29042\win32profile.pyd
c:\users\Abe\AppData\Local\Temp\_MEI29042\win32security.pyd
c:\users\Abe\AppData\Local\Temp\_MEI29042\win32ts.pyd
c:\users\Abe\AppData\Local\Temp\_MEI29042\windows._cacheinvalidation.pyd
c:\users\Abe\AppData\Local\Temp\_MEI29042\wx._controls_.pyd
c:\users\Abe\AppData\Local\Temp\_MEI29042\wx._core_.pyd
c:\users\Abe\AppData\Local\Temp\_MEI29042\wx._gdi_.pyd
c:\users\Abe\AppData\Local\Temp\_MEI29042\wx._html2.pyd
c:\users\Abe\AppData\Local\Temp\_MEI29042\wx._misc_.pyd
c:\users\Abe\AppData\Local\Temp\_MEI29042\wx._windows_.pyd
c:\users\Abe\AppData\Local\Temp\_MEI29042\wx._wizard.pyd
c:\users\Abe\AppData\Local\Temp\_MEI29042\wxbase294u_net_vc90.dll
c:\users\Abe\AppData\Local\Temp\_MEI29042\wxbase294u_vc90.dll
c:\users\Abe\AppData\Local\Temp\_MEI29042\wxmsw294u_adv_vc90.dll
c:\users\Abe\AppData\Local\Temp\_MEI29042\wxmsw294u_core_vc90.dll
c:\users\Abe\AppData\Local\Temp\_MEI29042\wxmsw294u_html_vc90.dll
c:\users\Abe\AppData\Local\Temp\_MEI29042\wxmsw294u_webview_vc90.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-10-03 do 2013-11-03 )))))))))))))))))))))))))))))))
.
.
2013-11-03 10:25 . 2013-11-03 10:25 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-11-03 10:25 . 2013-11-03 10:25 -------- d-----w- c:\users\UpdatusUser.ABECOMPUTER\AppData\Local\temp
2013-11-03 10:25 . 2013-11-03 10:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-03 00:08 . 2013-11-03 00:08 -------- d-----w- c:\users\Abe\AppData\Local\Max Secure Software
2013-11-03 00:07 . 2013-11-03 00:08 -------- d-----w- c:\users\Abe\AppData\Roaming\GetRightToGo
2013-11-02 21:06 . 2013-11-02 21:32 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-11-02 21:06 . 2013-11-02 21:06 116440 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-11-02 21:05 . 2013-11-02 21:05 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-11-02 10:31 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6969ED8F-0801-422A-96CA-CA1212FF5241}\mpengine.dll
2013-10-25 08:50 . 2013-10-25 08:50 -------- d-----w- c:\program files\CCleaner
2013-10-22 10:52 . 2013-10-22 15:37 -------- d-----w- c:\users\Abe\.matplotlib
2013-10-21 17:37 . 2013-10-21 17:37 -------- d-----w- c:\users\Abe\AppData\Roaming\AVAST Software
2013-10-18 15:19 . 2013-11-02 19:20 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-10-18 11:04 . 2013-10-18 12:17 -------- d-----w- c:\users\Abe\AppData\Roaming\ParaView
2013-10-15 19:41 . 2013-10-15 19:41 -------- d-----w- c:\users\Abe\AppData\Roaming\Malwarebytes
2013-10-15 19:41 . 2013-10-15 19:41 -------- d-----w- c:\programdata\Malwarebytes
2013-10-15 19:41 . 2013-10-15 19:41 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-10-15 19:41 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-15 19:40 . 2013-10-15 19:40 -------- d-----w- c:\users\Abe\AppData\Local\Programs
2013-10-08 20:03 . 2013-10-08 20:32 -------- d-----w- C:\AeroCAD
2013-10-05 09:37 . 2013-10-11 21:11 -------- d-----w- c:\programdata\Codemasters
2013-10-05 09:03 . 2013-10-05 09:03 -------- d-----w- c:\program files (x86)\OpenAL
2013-10-05 09:03 . 2008-04-28 10:29 805400 ----a-r- c:\windows\SysWow64\tmp454.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-21 17:32 . 2013-03-04 16:48 205320 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-10-21 17:32 . 2013-03-04 16:48 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-10-21 17:32 . 2012-07-08 12:24 409832 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-10-21 17:32 . 2012-07-08 12:24 38984 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-10-21 17:32 . 2012-07-08 12:24 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-10-21 17:32 . 2012-07-08 12:24 65264 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-10-21 17:32 . 2012-07-08 12:24 1032416 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-10-21 17:32 . 2012-07-08 12:24 84328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-10-21 17:32 . 2012-06-02 20:37 334648 ----a-w- c:\windows\system32\aswBoot.exe
2013-10-21 17:32 . 2012-07-08 12:23 43152 ----a-w- c:\windows\avastSS.scr
2013-10-11 17:31 . 2012-04-11 16:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-11 17:31 . 2012-04-11 16:16 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-06 18:51 . 2012-06-17 21:32 245 ----a-w- c:\windows\system32\AF15IRTBL.bin
2013-09-12 08:58 . 2013-09-28 13:21 61216 ----a-w- c:\windows\system32\OpenCL.dll
2013-09-12 08:58 . 2013-09-28 13:21 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-09-12 08:58 . 2013-09-28 13:19 15901448 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-09-12 08:58 . 2013-09-28 13:19 1412832 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-09-12 08:58 . 2013-09-28 13:19 13628208 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-09-12 08:58 . 2013-09-28 13:19 1222824 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-09-12 08:58 . 2013-09-28 13:19 7648000 ----a-w- c:\windows\system32\nvopencl.dll
2013-09-12 08:58 . 2013-09-28 13:19 6329552 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-09-12 08:58 . 2013-09-28 13:19 32032 ----a-w- c:\windows\system32\drivers\nvpciflt.sys
2013-09-12 08:58 . 2013-09-28 13:19 317472 ----a-w- c:\windows\system32\nvoglshim64.dll
2013-09-12 08:58 . 2013-09-28 13:19 29337376 ----a-w- c:\windows\system32\nvoglv64.dll
2013-09-12 08:58 . 2013-09-28 13:19 266984 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2013-09-12 08:58 . 2013-09-28 13:19 22102304 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-09-12 08:58 . 2013-09-28 13:19 603424 ----a-w- c:\windows\system32\NvIFR64.dll
2013-09-12 08:58 . 2013-09-28 13:19 515360 ----a-w- c:\windows\SysWow64\NvIFR.dll
2013-09-12 08:58 . 2013-09-28 13:19 168616 ----a-w- c:\windows\system32\nvinitx.dll
2013-09-12 08:58 . 2013-09-28 13:19 141336 ----a-w- c:\windows\SysWow64\nvinit.dll
2013-09-12 08:58 . 2013-09-28 13:19 11274528 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-09-12 08:58 . 2013-09-28 13:19 681760 ----a-w- c:\windows\system32\NvFBC64.dll
2013-09-12 08:58 . 2013-09-28 13:19 586016 ----a-w- c:\windows\SysWow64\NvFBC.dll
2013-09-12 08:58 . 2013-09-28 13:19 1884448 ----a-w- c:\windows\system32\nvdispco6432723.dll
2013-09-12 08:58 . 2013-09-28 13:19 15703688 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-09-12 08:58 . 2013-09-28 13:19 1511712 ----a-w- c:\windows\system32\nvdispgenco6432723.dll
2013-09-12 08:58 . 2013-09-28 13:19 12947360 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-09-12 08:58 . 2013-09-28 13:19 9281032 ----a-w- c:\windows\system32\nvcuda.dll
2013-09-12 08:58 . 2013-09-28 13:19 7720576 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-09-12 08:58 . 2013-09-28 13:19 2970400 ----a-w- c:\windows\system32\nvcuvid.dll
2013-09-12 08:58 . 2013-09-28 13:19 2789152 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-09-12 08:58 . 2013-09-28 13:19 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2013-09-12 08:58 . 2013-09-28 13:19 2367264 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-09-12 08:58 . 2013-09-28 13:19 2007328 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-09-12 08:58 . 2013-09-28 13:19 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-09-12 08:58 . 2013-09-28 13:19 2986672 ----a-w- c:\windows\system32\nvapi64.dll
2013-09-12 08:58 . 2013-09-28 13:19 2630304 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-09-12 07:25 . 2013-09-28 13:22 6599968 ----a-w- c:\windows\system32\nvcpl.dll
2013-09-12 07:25 . 2013-09-28 13:22 3452192 ----a-w- c:\windows\system32\nvsvc64.dll
2013-09-12 07:25 . 2013-09-28 13:22 920864 ----a-w- c:\windows\system32\nvvsvc.exe
2013-09-12 07:25 . 2013-09-28 13:22 67072 ----a-w- c:\windows\system32\nv3dappshextr.dll
2013-09-12 07:25 . 2013-09-28 13:22 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-09-12 07:25 . 2013-09-28 13:22 2559776 ----a-w- c:\windows\system32\nvsvcr.dll
2013-09-12 07:25 . 2013-09-28 13:22 219424 ----a-w- c:\windows\system32\nvmctray.dll
2013-09-12 07:25 . 2013-09-28 13:22 1042208 ----a-w- c:\windows\system32\nv3dappshext.dll
2013-09-11 22:06 . 2013-09-28 13:22 3361114 ----a-w- c:\windows\system32\nvcoproc.bin
2013-09-03 13:35 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Abe\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Abe\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Abe\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-09-25 20133824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-10-21 3567800]
.
c:\users\Abe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Carka mezera na carka.ahk [2013-1-5 130]
Carka mezera na mezera.ahk [2013-1-5 142]
Dropbox.lnk - c:\users\Abe\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
HST login.ahk [2012-12-12 96]
HST Site and URL.ahk [2012-10-8 134]
HST Tagy 2.ahk [2012-10-12 124]
HST Tagy.ahk [2012-10-12 84]
JZ login.ahk [2013-1-13 108]
PinkTube webmaster.ahk [2013-8-6 568]
PT login.ahk [2013-1-13 110]
RT login.ahk [2013-1-13 116]
TeamViewer.ahk [2013-9-23 72]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R1 papycpu;papycpu;c:\windows\system32\drivers\papycpu.sys;c:\windows\SYSNATIVE\drivers\papycpu.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Wisaroc;Wisaroc;c:\windows\Wisaroc.exe;c:\windows\Wisaroc.exe [x]
R3 AMPPAL;Virtuální adaptér Intel(R) Centrino(R) Bluetooth 3.0 + High Speed;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
R3 AMPPALP;Protokol Intel(R) Centrino(R) Bluetooth 3.0 + High Speed;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandmodem64.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys;c:\windows\SYSNATIVE\Drivers\lgandadb.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
R3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\Drivers\IT9135BDA.sys;c:\windows\SYSNATIVE\Drivers\IT9135BDA.sys [x]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtpt64.sys [x]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtbs64.sys [x]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvmdm64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe -run;c:\windows\SYSNATIVE\hasplms.exe -run [x]
S2 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;c:\program files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe;c:\program files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [x]
S2 SGDrv;SGDrv;c:\windows\system32\DRIVERS\SGdrv64.sys;c:\windows\SYSNATIVE\DRIVERS\SGdrv64.sys [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-17 18:48 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-10-21 17:32 326944 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Abe\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Abe\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Abe\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Abe\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-11-14 10358784]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.pinktube.com/index.php?s=user.login
mStart Page = hxxp://samsung.msn.com
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Abe\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\hasplms.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files (x86)\Samsung\Easy Settings\SmartSetting.exe
c:\program files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
c:\program files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Samsung\Easy Settings\dmhkcore.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2013-11-03 11:32:49 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-11-03 10:32
ComboFix2.txt 2013-11-03 00:34
.
Před spuštěním: 8 752 799 744
Po spuštění: 8 683 548 672
.
- - End Of File - - B657B83AE592904A732B54F3FE6C137E

Abe.xxx · #4 Příspěvek od **Abe.xxx** » 03 lis 2013 20:54

Druhý:

CFScript

KillAll::

Folder::
C:\avast! sandbox\S-1-5-21-1571869238-3936240484-2151935606-1001

ComboFix

ComboFix 13-11-01.03 - Abe 03.11.2013 12:40:43.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8106.6434 [GMT 1:00]
Spuštěný z: c:\users\Abe\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Abe\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\avast! sandbox\S-1-5-21-1571869238-3936240484-2151935606-1001\webStorage\C\Users\Abe\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\JumpListIcons\52F7.tmp
c:\avast! sandbox\S-1-5-21-1571869238-3936240484-2151935606-1001\webStorage\C\Users\Abe\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\JumpListIcons\5308.tmp
c:\avast! sandbox\S-1-5-21-1571869238-3936240484-2151935606-1001\webStorage\C\Users\Abe\AppData\Local\Google\Chrome\User Data\Default\Last Session
c:\avast! sandbox\S-1-5-21-1571869238-3936240484-2151935606-1001\webStorage\C\Users\Abe\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
c:\avast! sandbox\S-1-5-21-1571869238-3936240484-2151935606-1001\webStorage\C\Users\Abe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_icmlaeflemplmjndnaapfdbbnpncnbda_0.localstorage-journal
c:\avast! sandbox\S-1-5-21-1571869238-3936240484-2151935606-1001\webStorage\C\Users\Abe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_icmlaeflemplmjndnaapfdbbnpncnbda_0.localstorage
c:\avast! sandbox\S-1-5-21-1571869238-3936240484-2151935606-1001\webStorage\C\Users\Abe\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
c:\avast! sandbox\S-1-5-21-1571869238-3936240484-2151935606-1001\webStorage\C\Users\Abe\AppData\Local\Google\Chrome\User Data\Default\Login Data
c:\avast! sandbox\S-1-5-21-1571869238-3936240484-2151935606-1001\webStorage\C\Users\Abe\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal
c:\avast! sandbox\S-1-5-21-1571869238-3936240484-2151935606-1001\webStorage\C\Users\Abe\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor
c:\avast! sandbox\S-1-5-21-1571869238-3936240484-2151935606-1001\webStorage\C\Users\Abe\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\avast! sandbox\S-1-5-21-1571869238-3936240484-2151935606-1001\webStorage\C\Users\Abe\AppData\Local\Google\Chrome\User Data\Default\QuotaManager-journal
c:\avast! sandbox\S-1-5-21-1571869238-3936240484-2151935606-1001\webStorage\C\Users\Abe\AppData\Local\Google\Chrome\User Data\Default\QuotaManager
c:\avast! sandbox\S-1-5-21-1571869238-3936240484-2151935606-1001\webStorage\C\Users\Abe\AppData\Local\Google\Chrome\User Data\Default\Shortcuts-journal
c:\avast! sandbox\S-1-5-21-1571869238-3936240484-2151935606-1001\webStorage\C\Users\Abe\AppData\Local\Google\Chrome\User Data\Default\Shortcuts
c:\avast! sandbox\S-1-5-21-1571869238-3936240484-2151935606-1001\webStorage\C\Users\Abe\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal
c:\avast! sandbox\S-1-5-21-1571869238-3936240484-2151935606-1001\webStorage\C\Users\Abe\AppData\Local\Google\Chrome\User Data\Default\Top Sites
c:\avast! sandbox\S-1-5-21-1571869238-3936240484-2151935606-1001\webStorage\C\Users\Abe\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
c:\avast! sandbox\S-1-5-21-1571869238-3936240484-2151935606-1001\webStorage\C\Users\Abe\AppData\Local\Google\Chrome\User Data\Default\Web Data
c:\avast! sandbox\S-1-5-21-1571869238-3936240484-2151935606-1001\webStorage\C\Users\Abe\AppData\Local\Google\Chrome\User Data\Local State
c:\avast! sandbox\S-1-5-21-1571869238-3936240484-2151935606-1001\webStorage\C\Users\Abe\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom Filter 2
c:\avast! sandbox\S-1-5-21-1571869238-3936240484-2151935606-1001\webStorage\C\Users\Abe\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom
c:\avast! sandbox\S-1-5-21-1571869238-3936240484-2151935606-1001\webStorage\C\Users\Abe\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies
c:\avast! sandbox\S-1-5-21-1571869238-3936240484-2151935606-1001\webStorage\C\Users\Abe\AppData\Local\Google\Chrome\User Data\Safe Browsing Csd Whitelist
c:\avast! sandbox\S-1-5-21-1571869238-3936240484-2151935606-1001\webStorage\C\Users\Abe\AppData\Local\Google\Chrome\User Data\Safe Browsing Download Whitelist
c:\avast! sandbox\S-1-5-21-1571869238-3936240484-2151935606-1001\webStorage\C\Users\Abe\AppData\Local\Google\Chrome\User Data\Safe Browsing Download
c:\avast! sandbox\S-1-5-21-1571869238-3936240484-2151935606-1001\webStorage\C\Users\Abe\AppData\Local\Microsoft\Internet Explorer\iconcache\73uxqby\largeiconcache.dat
c:\avast! sandbox\S-1-5-21-1571869238-3936240484-2151935606-1001\webStorage\C\Users\Abe\AppData\Local\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml
c:\avast! sandbox\S-1-5-21-1571869238-3936240484-2151935606-1001\webStorage\C\Users\Abe\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{1FAEC69A-BF12-11E1-87D7-DBC6E9556121}.dat
c:\avast! sandbox\S-1-5-21-1571869238-3936240484-2151935606-1001\webStorage\C\Users\Abe\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{EC1E1744-C560-11E1-AEBB-DCA97150F66C}.dat
c:\avast! sandbox\S-1-5-21-1571869238-3936240484-2151935606-1001\webStorage\C\Users\Abe\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{E16C93EB-BE46-11E1-B71B-CC747FD27726}.dat
c:\avast! sandbox\S-1-5-21-1571869238-3936240484-2151935606-1001\webStorage\C\Users\Abe\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
c:\avast! sandbox\S-1-5-21-1571869238-3936240484-2151935606-1001\webStorage\C\Users\Abe\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
c:\avast! sandbox\S-1-5-21-1571869238-3936240484-2151935606-1001\webStorage\C\Users\Abe\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
c:\avast! sandbox\S-1-5-21-1571869238-3936240484-2151935606-1001\webStorage\C\Users\Abe\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db

Druhý má přes 1700000 znaků, když jsem chtěl připojit přílohu, tak mi to napsalo, že přípona .txt není podporována

Abe.xxx · #5 Příspěvek od **Abe.xxx** » 03 lis 2013 20:56

úplně první log, jsem si tedy jaksi neuložil

Abe.xxx · #6 Příspěvek od **Abe.xxx** » 03 lis 2013 20:59

Poslední

ComboFix

ComboFix 13-11-01.03 - Abe 03.11.2013 18:55:43.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8106.6559 [GMT 1:00]
Spuštěný z: c:\users\Abe\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Abe\AppData\Local\Temp\_MEI25722\_ctypes.pyd
c:\users\Abe\AppData\Local\Temp\_MEI25722\_elementtree.pyd
c:\users\Abe\AppData\Local\Temp\_MEI25722\_hashlib.pyd
c:\users\Abe\AppData\Local\Temp\_MEI25722\_multiprocessing.pyd
c:\users\Abe\AppData\Local\Temp\_MEI25722\_socket.pyd
c:\users\Abe\AppData\Local\Temp\_MEI25722\_ssl.pyd
c:\users\Abe\AppData\Local\Temp\_MEI25722\msvcp100.dll
c:\users\Abe\AppData\Local\Temp\_MEI25722\msvcr100.dll
c:\users\Abe\AppData\Local\Temp\_MEI25722\pyexpat.pyd
c:\users\Abe\AppData\Local\Temp\_MEI25722\pysqlite2._sqlite.pyd
c:\users\Abe\AppData\Local\Temp\_MEI25722\python27.dll
c:\users\Abe\AppData\Local\Temp\_MEI25722\pythoncom27.dll
c:\users\Abe\AppData\Local\Temp\_MEI25722\PyWinTypes27.dll
c:\users\Abe\AppData\Local\Temp\_MEI25722\select.pyd
c:\users\Abe\AppData\Local\Temp\_MEI25722\unicodedata.pyd
c:\users\Abe\AppData\Local\Temp\_MEI25722\win32api.pyd
c:\users\Abe\AppData\Local\Temp\_MEI25722\win32com.shell.shell.pyd
c:\users\Abe\AppData\Local\Temp\_MEI25722\win32crypt.pyd
c:\users\Abe\AppData\Local\Temp\_MEI25722\win32event.pyd
c:\users\Abe\AppData\Local\Temp\_MEI25722\win32file.pyd
c:\users\Abe\AppData\Local\Temp\_MEI25722\win32inet.pyd
c:\users\Abe\AppData\Local\Temp\_MEI25722\win32pdh.pyd
c:\users\Abe\AppData\Local\Temp\_MEI25722\win32process.pyd
c:\users\Abe\AppData\Local\Temp\_MEI25722\win32profile.pyd
c:\users\Abe\AppData\Local\Temp\_MEI25722\win32security.pyd
c:\users\Abe\AppData\Local\Temp\_MEI25722\win32ts.pyd
c:\users\Abe\AppData\Local\Temp\_MEI25722\windows._cacheinvalidation.pyd
c:\users\Abe\AppData\Local\Temp\_MEI25722\wx._controls_.pyd
c:\users\Abe\AppData\Local\Temp\_MEI25722\wx._core_.pyd
c:\users\Abe\AppData\Local\Temp\_MEI25722\wx._gdi_.pyd
c:\users\Abe\AppData\Local\Temp\_MEI25722\wx._html2.pyd
c:\users\Abe\AppData\Local\Temp\_MEI25722\wx._misc_.pyd
c:\users\Abe\AppData\Local\Temp\_MEI25722\wx._windows_.pyd
c:\users\Abe\AppData\Local\Temp\_MEI25722\wx._wizard.pyd
c:\users\Abe\AppData\Local\Temp\_MEI25722\wxbase294u_net_vc90.dll
c:\users\Abe\AppData\Local\Temp\_MEI25722\wxbase294u_vc90.dll
c:\users\Abe\AppData\Local\Temp\_MEI25722\wxmsw294u_adv_vc90.dll
c:\users\Abe\AppData\Local\Temp\_MEI25722\wxmsw294u_core_vc90.dll
c:\users\Abe\AppData\Local\Temp\_MEI25722\wxmsw294u_html_vc90.dll
c:\users\Abe\AppData\Local\Temp\_MEI25722\wxmsw294u_webview_vc90.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-10-03 do 2013-11-03 )))))))))))))))))))))))))))))))
.
.
2013-11-03 18:02 . 2013-11-03 18:02 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-11-03 18:02 . 2013-11-03 18:02 -------- d-----w- c:\users\UpdatusUser.ABECOMPUTER\AppData\Local\temp
2013-11-03 18:02 . 2013-11-03 18:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-03 00:07 . 2013-11-03 00:08 -------- d-----w- c:\users\Abe\AppData\Roaming\GetRightToGo
2013-11-02 21:06 . 2013-11-02 21:06 116440 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-11-02 10:31 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6969ED8F-0801-422A-96CA-CA1212FF5241}\mpengine.dll
2013-10-25 08:50 . 2013-10-25 08:50 -------- d-----w- c:\program files\CCleaner
2013-10-22 10:52 . 2013-10-22 15:37 -------- d-----w- c:\users\Abe\.matplotlib
2013-10-21 17:37 . 2013-10-21 17:37 -------- d-----w- c:\users\Abe\AppData\Roaming\AVAST Software
2013-10-18 15:19 . 2013-11-02 19:20 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-10-18 11:04 . 2013-10-18 12:17 -------- d-----w- c:\users\Abe\AppData\Roaming\ParaView
2013-10-15 19:40 . 2013-10-15 19:40 -------- d-----w- c:\users\Abe\AppData\Local\Programs
2013-10-08 20:03 . 2013-10-08 20:32 -------- d-----w- C:\AeroCAD
2013-10-05 09:03 . 2013-10-05 09:03 -------- d-----w- c:\program files (x86)\OpenAL
2013-10-05 09:03 . 2008-04-28 10:29 805400 ----a-r- c:\windows\SysWow64\tmp454.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-03 13:01 . 2012-07-08 12:24 65264 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-11-03 13:01 . 2012-07-08 12:24 38984 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-11-03 13:01 . 2012-07-08 12:24 1032416 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-11-03 13:01 . 2012-07-08 12:24 84328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-11-03 13:01 . 2012-06-02 20:37 334648 ----a-w- c:\windows\system32\aswBoot.exe
2013-11-03 13:01 . 2012-07-08 12:23 43152 ----a-w- c:\windows\avastSS.scr
2013-10-21 17:32 . 2013-03-04 16:48 205320 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-10-21 17:32 . 2013-03-04 16:48 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-10-21 17:32 . 2012-07-08 12:24 409832 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-10-21 17:32 . 2012-07-08 12:24 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-10-11 17:31 . 2012-04-11 16:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-11 17:31 . 2012-04-11 16:16 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-06 18:51 . 2012-06-17 21:32 245 ----a-w- c:\windows\system32\AF15IRTBL.bin
2013-09-12 08:58 . 2013-09-28 13:21 61216 ----a-w- c:\windows\system32\OpenCL.dll
2013-09-12 08:58 . 2013-09-28 13:21 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-09-12 08:58 . 2013-09-28 13:19 15901448 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-09-12 08:58 . 2013-09-28 13:19 1412832 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-09-12 08:58 . 2013-09-28 13:19 13628208 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-09-12 08:58 . 2013-09-28 13:19 1222824 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-09-12 08:58 . 2013-09-28 13:19 7648000 ----a-w- c:\windows\system32\nvopencl.dll
2013-09-12 08:58 . 2013-09-28 13:19 6329552 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-09-12 08:58 . 2013-09-28 13:19 32032 ----a-w- c:\windows\system32\drivers\nvpciflt.sys
2013-09-12 08:58 . 2013-09-28 13:19 317472 ----a-w- c:\windows\system32\nvoglshim64.dll
2013-09-12 08:58 . 2013-09-28 13:19 29337376 ----a-w- c:\windows\system32\nvoglv64.dll
2013-09-12 08:58 . 2013-09-28 13:19 266984 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2013-09-12 08:58 . 2013-09-28 13:19 22102304 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-09-12 08:58 . 2013-09-28 13:19 603424 ----a-w- c:\windows\system32\NvIFR64.dll
2013-09-12 08:58 . 2013-09-28 13:19 515360 ----a-w- c:\windows\SysWow64\NvIFR.dll
2013-09-12 08:58 . 2013-09-28 13:19 168616 ----a-w- c:\windows\system32\nvinitx.dll
2013-09-12 08:58 . 2013-09-28 13:19 141336 ----a-w- c:\windows\SysWow64\nvinit.dll
2013-09-12 08:58 . 2013-09-28 13:19 11274528 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-09-12 08:58 . 2013-09-28 13:19 681760 ----a-w- c:\windows\system32\NvFBC64.dll
2013-09-12 08:58 . 2013-09-28 13:19 586016 ----a-w- c:\windows\SysWow64\NvFBC.dll
2013-09-12 08:58 . 2013-09-28 13:19 1884448 ----a-w- c:\windows\system32\nvdispco6432723.dll
2013-09-12 08:58 . 2013-09-28 13:19 15703688 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-09-12 08:58 . 2013-09-28 13:19 1511712 ----a-w- c:\windows\system32\nvdispgenco6432723.dll
2013-09-12 08:58 . 2013-09-28 13:19 12947360 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-09-12 08:58 . 2013-09-28 13:19 9281032 ----a-w- c:\windows\system32\nvcuda.dll
2013-09-12 08:58 . 2013-09-28 13:19 7720576 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-09-12 08:58 . 2013-09-28 13:19 2970400 ----a-w- c:\windows\system32\nvcuvid.dll
2013-09-12 08:58 . 2013-09-28 13:19 2789152 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-09-12 08:58 . 2013-09-28 13:19 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2013-09-12 08:58 . 2013-09-28 13:19 2367264 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-09-12 08:58 . 2013-09-28 13:19 2007328 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-09-12 08:58 . 2013-09-28 13:19 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-09-12 08:58 . 2013-09-28 13:19 2986672 ----a-w- c:\windows\system32\nvapi64.dll
2013-09-12 08:58 . 2013-09-28 13:19 2630304 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-09-12 07:25 . 2013-09-28 13:22 6599968 ----a-w- c:\windows\system32\nvcpl.dll
2013-09-12 07:25 . 2013-09-28 13:22 3452192 ----a-w- c:\windows\system32\nvsvc64.dll
2013-09-12 07:25 . 2013-09-28 13:22 920864 ----a-w- c:\windows\system32\nvvsvc.exe
2013-09-12 07:25 . 2013-09-28 13:22 67072 ----a-w- c:\windows\system32\nv3dappshextr.dll
2013-09-12 07:25 . 2013-09-28 13:22 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-09-12 07:25 . 2013-09-28 13:22 2559776 ----a-w- c:\windows\system32\nvsvcr.dll
2013-09-12 07:25 . 2013-09-28 13:22 219424 ----a-w- c:\windows\system32\nvmctray.dll
2013-09-12 07:25 . 2013-09-28 13:22 1042208 ----a-w- c:\windows\system32\nv3dappshext.dll
2013-09-11 22:06 . 2013-09-28 13:22 3361114 ----a-w- c:\windows\system32\nvcoproc.bin
2013-09-03 13:35 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Abe\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Abe\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Abe\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-09-25 20133824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-03 3568312]
.
c:\users\Abe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Carka mezera na carka.ahk [2013-1-5 130]
Carka mezera na mezera.ahk [2013-1-5 142]
Dropbox.lnk - c:\users\Abe\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
HST login.ahk [2012-12-12 96]
HST Site and URL.ahk [2012-10-8 134]
HST Tagy 2.ahk [2012-10-12 124]
HST Tagy.ahk [2012-10-12 84]
JZ login.ahk [2013-1-13 108]
PinkTube webmaster.ahk [2013-8-6 568]
PT login.ahk [2013-1-13 110]
RT login.ahk [2013-1-13 116]
TeamViewer.ahk [2013-9-23 72]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R1 papycpu;papycpu;c:\windows\system32\drivers\papycpu.sys;c:\windows\SYSNATIVE\drivers\papycpu.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Wisaroc;Wisaroc;c:\windows\Wisaroc.exe;c:\windows\Wisaroc.exe [x]
R3 AMPPAL;Virtuální adaptér Intel(R) Centrino(R) Bluetooth 3.0 + High Speed;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
R3 AMPPALP;Protokol Intel(R) Centrino(R) Bluetooth 3.0 + High Speed;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandmodem64.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys;c:\windows\SYSNATIVE\Drivers\lgandadb.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
R3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\Drivers\IT9135BDA.sys;c:\windows\SYSNATIVE\Drivers\IT9135BDA.sys [x]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtpt64.sys [x]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtbs64.sys [x]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvmdm64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe -run;c:\windows\SYSNATIVE\hasplms.exe -run [x]
S2 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;c:\program files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe;c:\program files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [x]
S2 SGDrv;SGDrv;c:\windows\system32\DRIVERS\SGdrv64.sys;c:\windows\SYSNATIVE\DRIVERS\SGdrv64.sys [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-17 18:48 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-03 13:01 326944 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Abe\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Abe\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Abe\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Abe\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-11-14 10358784]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.pinktube.com/index.php?s=user.login
mStart Page = hxxp://samsung.msn.com
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Abe\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
FF - ProfilePath - c:\users\Abe\AppData\Roaming\Mozilla\Firefox\Profiles\ik57xx02.default\
FF - ExtSQL: 2013-11-03 14:01; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\hasplms.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2013-11-03 19:10:05 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-11-03 18:09
ComboFix2.txt 2013-11-03 10:32
ComboFix3.txt 2013-11-03 00:34
.
Před spuštěním: 8 548 925 440
Po spuštění: 8 563 056 640
.
- - End Of File - - FEBC8237902F7FE81280F1D00A764927

Abe.xxx · #7 Příspěvek od **Abe.xxx** » 03 lis 2013 21:05

Druhý:

CFScript

KillAll::

Folder::
C:\avast! sandbox\S-1-5-21-1571869238-3936240484-2151935606-1001

ComboFix

Abe.xxx · #8 Příspěvek od **Abe.xxx** » 03 lis 2013 21:10

složku Qoobox jsem sice nemazal, nicméně v ní je pouze log ComboFix2 a ComboFix3 a další soubory, ale logy jen tyhle dva.

Abe.xxx · #9 Příspěvek od **Abe.xxx** » 03 lis 2013 21:28

Naughty píše: CACLS "C:\Qoobox\BackEnv" /T /E /G Everyone:F

Na tohle jsem dostal odpověď : Přístup byl odepřen

S tím uloadnutím složky to bude dost trvat při mém připojení, má přes 900 mega

Abe.xxx · #10 Příspěvek od **Abe.xxx** » 03 lis 2013 21:35

Textové soubory v příloze

Abe.xxx · #11 Příspěvek od **Abe.xxx** » 03 lis 2013 21:40

Microsoft Windows [Verze 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. Všechna práva vyhrazena.

C:\windows\system32>CACLS "C:\Qoobox\BackEnv" /T /E /G Everyone:F
Zpracovávaná složka: C:\Qoobox\BackEnv
Zpracovávaný soubor: C:\Qoobox\BackEnv\AppData.folder.dat
Zpracovávaný soubor: C:\Qoobox\BackEnv\Cache.folder.dat
Zpracovávaný soubor: C:\Qoobox\BackEnv\Cookies.folder.dat
Zpracovávaný soubor: C:\Qoobox\BackEnv\Desktop.folder.dat
Zpracovávaný soubor: C:\Qoobox\BackEnv\Favorites.folder.dat
Zpracovávaný soubor: C:\Qoobox\BackEnv\History.folder.dat
Zpracovávaný soubor: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Zpracovávaný soubor: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Zpracovávaný soubor: C:\Qoobox\BackEnv\Music.folder.dat
Zpracovávaný soubor: C:\Qoobox\BackEnv\NetHood.folder.dat
Zpracovávaný soubor: C:\Qoobox\BackEnv\Personal.folder.dat
Zpracovávaný soubor: C:\Qoobox\BackEnv\Pictures.folder.dat
Zpracovávaný soubor: C:\Qoobox\BackEnv\PrintHood.folder.dat
Zpracovávaný soubor: C:\Qoobox\BackEnv\Profiles.Folder.dat
Zpracovávaný soubor: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Zpracovávaný soubor: C:\Qoobox\BackEnv\Programs.folder.dat
Zpracovávaný soubor: C:\Qoobox\BackEnv\Recent.folder.dat
Zpracovávaný soubor: C:\Qoobox\BackEnv\SendTo.folder.dat
Zpracovávaný soubor: C:\Qoobox\BackEnv\SetPath.bat
Zpracovávaný soubor: C:\Qoobox\BackEnv\StartMenu.folder.dat
Zpracovávaný soubor: C:\Qoobox\BackEnv\StartUp.folder.dat
Zpracovávaný soubor: C:\Qoobox\BackEnv\SysPath.dat
Zpracovávaný soubor: C:\Qoobox\BackEnv\Templates.folder.dat
Zpracovávaný soubor: C:\Qoobox\BackEnv\VikPev00

C:\windows\system32>

Abe.xxx · #12 Příspěvek od **Abe.xxx** » 03 lis 2013 21:49

Avast označil tyhle soubory:

C:\Users\Abe\AppData\Local\Temp\jar_cache878767963434361926.tmp
C:\Users\Abe\AppData\Local\Temp\kbpki\75b60e5df10530ec668c.dll
C:\Users\Abe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\1d25c6d1-7c875as7
C:\Users\Abe\kbpki\nativLib\CMINativeLib.dll

konkrétně v logu z avastu byly tyhle 4 soubory:

C:\avast! sandbox\S-1-5-21-1571869238-3936240484-2151935606-1001\webStorage\C\Users\Abe\AppData\Local\Temp\jar_cache878767963434361926.tmp

C:\avast! sandbox\S-1-5-21-1571869238-3936240484-2151935606-1001\webStorage\C\Users\Abe\AppData\Local\Temp\kbpki\75b60e5df10530ec668c.dll

C:\avast! sandbox\S-1-5-21-1571869238-3936240484-2151935606-1001\webStorage\C\Users\Abe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\1d25c6d1-7c875as7

C:\avast! sandbox\S-1-5-21-1571869238-3936240484-2151935606-1001\webStorage\C\Users\Abe\kbpki\nativLib\CMINativeLib.dll

Abe.xxx · #13 Příspěvek od **Abe.xxx** » 03 lis 2013 22:02

Jelikož je avast nesmazal ani když jsem je dal smazat po restartu, tak jsem zkusil smazat napřed jen soubory, to nepomohlo ( avast pořád hlásil infekci ) pak jsem zkusil smazat celou podsožku sandboxu - nevím, jestli to byla správná úvaha. Poté jsem avast pro jistotu přeinstaloval (něják mi to přišlo správně). Ty soubory v Temp adresáři co maže Combofix pořád dokola, s tím tedy nesouvisí? Myslel jsem, že by neměl mazat nic, když není počítač infikován.

Abe.xxx · #14 Příspěvek od **Abe.xxx** » 03 lis 2013 22:04

Jen pro dolnění, počítač se choval před mým počínáním, i po něm zcela neormálně, na problém mě upozornil až test avastu.

Abe.xxx · #15 Příspěvek od **Abe.xxx** » 03 lis 2013 22:25

Zatím velice děkuji, dobrou

VIRY.CZ

Avast mi našel rootkit, prosím o radu

Avast mi našel rootkit, prosím o radu

Re: Avast mi našel rootkit, prosím o radu

Re: Avast mi našel rootkit, prosím o radu

Re: Avast mi našel rootkit, prosím o radu

Re: Avast mi našel rootkit, prosím o radu

Re: Avast mi našel rootkit, prosím o radu

Re: Avast mi našel rootkit, prosím o radu

Re: Avast mi našel rootkit, prosím o radu

Re: Avast mi našel rootkit, prosím o radu

Re: Avast mi našel rootkit, prosím o radu

Re: Avast mi našel rootkit, prosím o radu

Re: Avast mi našel rootkit, prosím o radu

Re: Avast mi našel rootkit, prosím o radu

Re: Avast mi našel rootkit, prosím o radu

Re: Avast mi našel rootkit, prosím o radu