Prosím o preventivku

Zpráva

backpase · #16 Příspěvek od **backpase** » 14 bře 2016 21:23

Nakoniec to prešlo aj cez aktuálny účet a mám aj log.. len na začiatku ukázalo nejaký chýbajúci program, ktorý sa však nemohol doinštalovať lebo v normálnom režime nejde internet

ComboFix 16-03-14.01 - Admistrimator 14.03.2016 20:42:12.2.1 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.254.7 [GMT 1:00]
Running from: c:\documents and settings\Admistrimator\Desktop\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Admistrimator\My Documents\197.tmp
c:\windows.0\system32\_000007_.tmp.dll
c:\windows.0\system32\MUI\041b\tourstart.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GLOBALUPDATE
.
.
((((((((((((((((((((((((( Files Created from 2016-02-14 to 2016-03-14 )))))))))))))))))))))))))))))))
.
.
2016-03-13 22:00 . 2016-03-13 22:00 -------- d-----w- C:\spoolerlogs
2016-03-13 21:51 . 2008-04-14 04:40 102912 ------w- c:\windows.0\system32\dllcache\dpcdll.dll
2016-03-13 21:50 . 2006-12-28 23:31 19569 ----a-w- c:\windows.0\000002_.tmp
2016-03-13 21:08 . 2006-12-28 23:31 19569 ----a-w- c:\windows.0\000001_.tmp
2016-03-13 01:09 . 2016-03-13 01:09 -------- d-----w- c:\program files\AVG
2016-03-13 01:06 . 2016-03-13 01:06 -------- d-----w- c:\program files\CCleaner
2016-03-12 22:58 . 2016-03-12 22:58 -------- d-----w- C:\FRST
2016-03-12 22:26 . 2016-03-12 22:26 -------- d-----w- C:\FOUND.080
2016-03-12 22:14 . 2016-03-12 22:14 -------- d-----w- c:\windows.0\system32\wbem\Repository
2016-03-11 18:54 . 2016-03-11 18:54 -------- d-----w- c:\documents and settings\Admistrimator\Application Data\HD Tune Pro
2016-03-10 20:37 . 2016-03-10 20:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG
2016-03-10 20:36 . 2016-03-10 20:37 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Avg
2016-03-10 20:36 . 2016-03-10 20:36 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2016-03-10 20:35 . 2016-03-10 20:35 -------- d-----w- c:\windows.0\system32\AppData
2016-03-05 20:37 . 2016-03-05 20:37 -------- d-----w- C:\FOUND.079
2016-03-04 22:37 . 2016-03-04 22:37 -------- d-----w- C:\Microsoft
2016-02-15 14:13 . 2016-02-15 14:13 -------- d-----w- C:\FOUND.078
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-03-10 21:30 . 2014-08-28 21:57 170200 ----a-w- c:\windows.0\system32\drivers\MBAMSwissArmy.sys
2016-02-19 14:08 . 2012-11-04 14:32 796864 ----a-w- c:\windows.0\system32\FlashPlayerApp.exe
2016-02-19 14:08 . 2012-11-04 14:32 142528 ----a-w- c:\windows.0\system32\FlashPlayerCPLApp.cpl
2002-10-30 07:22 . 2002-10-30 07:22 15592 ----a-w- c:\program files\owcstp16.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows.0\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows.0\system32\drivers\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows.0\system32\DllCache\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows.0\ServicePackFiles\i386\tcpip.sys
.
[-] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows.0\system32\browser.dll
[-] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows.0\system32\DllCache\browser.dll
[-] 2012-07-06 . FC6D1D80588D371F0321E15A75B2F8F2 . 78336 . . [5.1.2600.6260] . . c:\windows.0\$hf_mig$\KB2705219-v2\SP3QFE\browser.dll
[7] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows.0\ServicePackFiles\i386\browser.dll
.
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows.0\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows.0\system32\DllCache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows.0\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows.0\ServicePackFiles\i386\rpcss.dll
.
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows.0\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows.0\system32\DllCache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows.0\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows.0\ServicePackFiles\i386\services.exe
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows.0\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows.0\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows.0\system32\DllCache\spoolsv.exe
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows.0\ServicePackFiles\i386\spoolsv.exe
.
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows.0\system32\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows.0\system32\DllCache\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows.0\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[7] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows.0\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows.0\ServicePackFiles\i386\comctl32.dll
[7] 2006-01-13 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows.0\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2006-01-13 . E5AD764825ED2873170289683DB835D9 . 1053696 . . [6.0] . . c:\windows.0\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2649_x-ww_aac16c8b\comctl32.dll
.
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows.0\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows.0\system32\DllCache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows.0\$hf_mig$\KB950974\SP3QFE\es.dll
[7] 2008-04-14 04:41 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows.0\ServicePackFiles\i386\es.dll
.
[-] 2014-03-12 . 4A45B692D2BAA74124DF57472D5EA2F1 . 993280 . . [5.1.2600.6532] . . c:\windows.0\system32\kernel32.dll
[-] 2014-03-12 . 4A45B692D2BAA74124DF57472D5EA2F1 . 993280 . . [5.1.2600.6532] . . c:\windows.0\system32\DllCache\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows.0\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[7] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows.0\ServicePackFiles\i386\kernel32.dll
.
[-] 2014-04-30 . 3DB2624CCB1663BF6D62311B2B9E7B55 . 6022144 . . [8.00.6001.23588] . . c:\windows.0\system32\mshtml.dll
[-] 2014-04-30 . 3DB2624CCB1663BF6D62311B2B9E7B55 . 6022144 . . [8.00.6001.23588] . . c:\windows.0\system32\DllCache\mshtml.dll
[-] 2014-03-06 . 0964EFC80BD54FDF37397A09FDAE8395 . 6021632 . . [8.00.6001.23580] . . c:\windows.0\ie8updates\KB2964358-IE8\mshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows.0\ie8updates\KB2936068-IE8\mshtml.dll
[7] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows.0\ServicePackFiles\i386\mshtml.dll
[-] 2006-01-13 . D3F037F5DA702AE9DDD7663EC9D78BA7 . 3018240 . . [6.00.2900.2802] . . c:\windows.0\ie8\mshtml.dll
.
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows.0\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows.0\system32\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows.0\system32\DllCache\mswsock.dll
[7] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows.0\ServicePackFiles\i386\mswsock.dll
.
[-] 2014-03-06 . 8AF91E4B4C1F5338EBE1548117304296 . 920064 . . [8.00.6001.23580] . . c:\windows.0\system32\wininet.dll
[-] 2014-03-06 . 8AF91E4B4C1F5338EBE1548117304296 . 920064 . . [8.00.6001.23580] . . c:\windows.0\system32\DllCache\wininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows.0\ie8updates\KB2936068-IE8\wininet.dll
[7] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows.0\ServicePackFiles\i386\wininet.dll
[-] 2006-01-13 . AF785C4947676A7FC1673FDC5C8D0B5B . 661504 . . [6.00.2900.2781] . . c:\windows.0\ie8\wininet.dll
.
[-] 2013-08-05 . 59B408E5B8489B0B36A0D783D150EDCC . 1289728 . . [5.1.2600.6435] . . c:\windows.0\system32\ole32.dll
[-] 2013-08-05 . 59B408E5B8489B0B36A0D783D150EDCC . 1289728 . . [5.1.2600.6435] . . c:\windows.0\system32\DllCache\ole32.dll
[-] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows.0\$hf_mig$\KB979687\SP3QFE\ole32.dll
[7] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows.0\ServicePackFiles\i386\ole32.dll
.
[-] 2013-07-10 . 1D845821F5ADB076831DE4C2818F858B . 406016 . . [1.0420.2600.6421] . . c:\windows.0\system32\usp10.dll
[-] 2013-07-10 . 1D845821F5ADB076831DE4C2818F858B . 406016 . . [1.0420.2600.6421] . . c:\windows.0\system32\DllCache\usp10.dll
[7] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows.0\ServicePackFiles\i386\usp10.dll
.
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows.0\system32\shsvcs.dll
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows.0\system32\DllCache\shsvcs.dll
[-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows.0\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows.0\ServicePackFiles\i386\shsvcs.dll
.
[-] 2010-12-09 . 15CE4DBC22FAB90B3CA5352AF1FFF81C . 718336 . . [5.1.2600.6055] . . c:\windows.0\$hf_mig$\KB2393802\SP3QFE\ntdll.dll
[-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows.0\system32\ntdll.dll
[-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows.0\system32\DllCache\ntdll.dll
[-] 2009-02-09 . B0913005EE3FC15D7F72472D0B8A30EB . 715264 . . [5.1.2600.5755] . . c:\windows.0\$hf_mig$\KB956572\SP3QFE\ntdll.dll
[7] 2008-04-14 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows.0\ServicePackFiles\i386\ntdll.dll
.
[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows.0\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows.0\system32\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows.0\system32\DllCache\mfc40u.dll
[7] 2008-04-14 04:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows.0\ServicePackFiles\i386\mfc40u.dll
.
[-] 2006-01-13 00:36 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows.0\system32\mspmsnsv.dll
.
[-] 2013-07-04 . 4C47B37CF351FFEB1227CED0FF4751D5 . 2070144 . . [5.1.2600.6419] . . c:\windows.0\system32\ntkrnlpa.exe
[-] 2013-07-04 . 4C47B37CF351FFEB1227CED0FF4751D5 . 2070144 . . [5.1.2600.6419] . . c:\windows.0\system32\DllCache\ntkrnlpa.exe
[-] 2013-07-04 . 4C47B37CF351FFEB1227CED0FF4751D5 . 2070144 . . [5.1.2600.6419] . . c:\windows.0\Driver Cache\i386\ntkrnlpa.exe
[-] 2012-04-11 . 063A0F8A90D8E2B802E5243FE9AABCF3 . 2069120 . . [5.1.2600.6206] . . c:\windows.0\$hf_mig$\KB2676562\SP3QFE\ntkrnlpa.exe
[-] 2010-12-09 . F67CD97282E0ABFAF91A9A1359B16F2D . 2069376 . . [5.1.2600.6055] . . c:\windows.0\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows.0\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows.0\ServicePackFiles\i386\ntkrnlpa.exe
.
[-] 2013-07-04 . A4A50A53FFBFEC545CDA85E98AF2106B . 2193536 . . [5.1.2600.6419] . . c:\windows.0\system32\ntoskrnl.exe
[-] 2013-07-04 . A4A50A53FFBFEC545CDA85E98AF2106B . 2193536 . . [5.1.2600.6419] . . c:\windows.0\system32\DllCache\ntoskrnl.exe
[-] 2013-07-04 . A4A50A53FFBFEC545CDA85E98AF2106B . 2193536 . . [5.1.2600.6419] . . c:\windows.0\Driver Cache\i386\ntoskrnl.exe
[-] 2012-04-11 . 8D061BB825BC606C2B1C6F7452D1BAAA . 2192640 . . [5.1.2600.6206] . . c:\windows.0\$hf_mig$\KB2676562\SP3QFE\ntoskrnl.exe
[-] 2010-12-09 . A531BBD3DE13121C1380ED7DC99082DB . 2192768 . . [5.1.2600.6055] . . c:\windows.0\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[-] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows.0\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows.0\ServicePackFiles\i386\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2016-02-12 6638296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows.0\system32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows.0\system32\hkcmd.exe" [2004-02-10 118784]
"NvCplDaemon"="c:\windows.0\system32\NvCpl.dll" [2005-10-10 7286784]
"nwiz"="nwiz.exe" [2005-10-10 1519616]
"NvMediaCenter"="c:\windows.0\system32\NvMcTray.dll" [2005-10-10 86016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows.0\system32\tscupgrd.exe" [2006-01-13 44544]
.
c:\documents and settings\Admistrimator\Start Menu\Programs\Startup\
Kalendár.lnk - c:\windows.0\MENINY.EXE [2011-12-31 49312]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
eOne Client.lnk - c:\program files\SecureMedia\Encryptonite ONE System\Client\smdaemon.exe -home "c:\program files\SecureMedia\Encryptonite ONE System\Client" [2014-1-26 1359872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2013-01-07 17:36 11952 ----a-w- c:\windows.0\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\Av\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows.0\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\stary disk\\HRY\\StarCraft\\StarCraft.exe"=
"c:\\WINDOWS.0\\System32\\dplaysvr.exe"=
"c:\\WINDOWS.0\\System32\\PnkBstrA.exe"=
"c:\\WINDOWS.0\\System32\\PnkBstrB.exe"=
"c:\\Program Files\\GOGcom\\Dungeon Keeper 2\\DKII.EXE"=
"c:\\Counter-Strike 1.6\\csko.exe"=
"c:\\Counter-Strike 1.6\\hl.exe"=
"c:\\Counter-Strike 1.6\\hltv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Games\\commandos\\mpserver.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.3109\\Agent.exe"=
"c:\\Program Files\\FreeTime\\FormatFactory\\FormatFactory.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows.0\system32\drivers\avgidshx.sys [15.10.2012 3:48 231344]
R0 Avglogx;AVG Logging Driver;c:\windows.0\system32\drivers\avglogx.sys [21.9.2012 3:46 308656]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows.0\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 Avgdiskx;AVG Disk Driver;c:\windows.0\system32\drivers\avgdiskx.sys [1.8.2013 16:06 156080]
R1 AVGIDSDriverl;AVGIDSDriverl;c:\windows.0\system32\drivers\avgidsdriverlx.sys [17.6.2014 16:17 243632]
R1 AVGIDSShim;AVGIDSShim;c:\windows.0\system32\drivers\avgidsshimx.sys [21.9.2012 3:45 31664]
R1 AvgLdx86;AVG AVI Loader Driver;c:\windows.0\system32\drivers\avgldx86.sys [7.1.2013 18:19 229296]
R1 AvgTdiX;AVG TDI Driver;c:\windows.0\system32\drivers\avgtdix.sys [7.1.2013 18:19 231856]
R3 MBAMProtector;MBAMProtector;c:\windows.0\system32\drivers\mbam.sys [28.8.2014 22:57 23256]
S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\AVG\Av\avgidsagent.exe" --> c:\program files\AVG\Av\avgidsagent.exe [?]
S2 avgwd;AVG WatchDog;"c:\program files\AVG\Av\avgwdsvcx.exe" --> c:\program files\AVG\Av\avgwdsvcx.exe [?]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [28.8.2014 22:57 1135416]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows.0\system32\DRIVERS\ew_hwusbdev.sys --> c:\windows.0\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows.0\system32\DRIVERS\ew_usbenumfilter.sys --> c:\windows.0\system32\DRIVERS\ew_usbenumfilter.sys [?]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows.0\system32\DRIVERS\ew_jucdcacm.sys --> c:\windows.0\system32\DRIVERS\ew_jucdcacm.sys [?]
S3 huawei_cdcecm;huawei_cdcecm;c:\windows.0\system32\DRIVERS\ew_jucdcecm.sys --> c:\windows.0\system32\DRIVERS\ew_jucdcecm.sys [?]
S3 huawei_enumerator;huawei_enumerator;c:\windows.0\system32\DRIVERS\ew_jubusenum.sys --> c:\windows.0\system32\DRIVERS\ew_jubusenum.sys [?]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows.0\system32\DRIVERS\ew_juextctrl.sys --> c:\windows.0\system32\DRIVERS\ew_juextctrl.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-03-13 00:55 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.87\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-03-14 c:\windows.0\Tasks\Adobe Flash Player Updater.job
- c:\windows.0\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-04 14:08]
.
2016-03-08 c:\windows.0\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows.0\system32\xp_eos.exe [2014-11-21 01:59]
.
2016-03-14 c:\windows.0\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows.0\system32\xp_eos.exe [2014-11-21 01:59]
.
2016-03-12 c:\windows.0\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows.0\system32\Macromed\Flash\FlashUtil32_20_0_0_306_pepper.exe [2016-02-19 14:08]
.
2016-03-14 c:\windows.0\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2016-03-13 00:53]
.
2016-03-14 c:\windows.0\Tasks\GoogleUpdateTaskMachineCore1d17cc2cfaa5000.job
- c:\program files\Google\Update\GoogleUpdate.exe [2016-03-13 00:53]
.
2016-03-14 c:\windows.0\Tasks\Opera scheduled Autoupdate 1457830922.job
- c:\program files\Opera\launcher.exe [2016-03-13 07:09]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.sk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} - (no file)
ShellIconOverlayIdentifiers-{C72C6188-BEF2-46E5-A89A-52F0ED75219E} - (no file)
ShellIconOverlayIdentifiers-{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} - (no file)
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows.0\system32\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe
SafeBoot-08465862.sys
SafeBoot-25049659.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-03-14 20:57
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1454471165-1326574676-1801674531-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1454471165-1326574676-1801674531-1004\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-1454471165-1326574676-1801674531-1004)
@Allowed: (Read) (S-1-5-21-1454471165-1326574676-1801674531-1004)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS.0\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS.0\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1628)
c:\windows.0\system32\WININET.dll
c:\windows.0\system32\nview.dll
c:\windows.0\system32\NVWRSSK.DLL
c:\windows.0\system32\nvwddi.dll
c:\windows.0\system32\ieframe.dll
c:\windows.0\system32\webcheck.dll
.
Completion time: 2016-03-14 21:01:16
ComboFix-quarantined-files.txt 2016-03-14 20:01
.
Pre-Run: 7 895 121 920 bytes free
Post-Run: 7 659 651 072 bytes free
.
- - End Of File - - 89732DCED42D28040799AFD42A0DFA58
8F558EB6672622401DA993E1E865C861

#17 Příspěvek od **JaRon** » 14 bře 2016 22:42

Zopakuj sfc/scannow
Ine ti uz poradit neviem

backpase · #18 Příspěvek od **backpase** » 15 bře 2016 19:54

Takže už zostáva len preinštalovanie?
Ďakujem za pomoc

#19 Příspěvek od **JaRon** » 16 bře 2016 07:22

ano
za malo

VIRY.CZ

Prosím o preventivku

Re: Prosím o preventivku

Re: Prosím o preventivku

Re: Prosím o preventivku

Re: Prosím o preventivku