Pokorne prosím o preventívnu prehliadku

Zpráva

Animus · #1 Příspěvek od **Animus** » 29 čer 2016 17:19

Kupil som od znameho PC a reinstaloval Win. Nasledne som odisiel na sluzobku a po prichode som zistil ze moj *milovany* brat na nom nonstop vysel (jeho PC skoncilo v zalozni). PC sice nevypisuje ziadnu chybu no napriklad proces rundll32.exe bezal 2x nie pod system ale ako spusteny uzivatelom nehovoriac o dalsich podozrivich neznamich procesoch. Bol by som extremne vdacny Mod. za preventivku. prikladam log z combofix. Dalej by som rad zistil ako tomu logu urobit rozbor sam, aby som nemusel otravovat Mod. nabuduce.Dakujem

ComboFix 16-06-01.01 - Animus . 06. 2016 17:20:29.1.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.2046.959 [GMT 2:00]
Running from: c:\documents and settings\Animus\Plocha\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\SET12D.tmp
c:\windows\TEMP\_avast_\ws1232DAF0.dat
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2016-05-28 to 2016-06-29 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-05-24 23:06 . 2016-05-24 23:06 123968 ----a-w- c:\windows\system32\drivers\scdemu.sys
2016-05-10 19:23 . 2016-05-10 19:23 797376 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-05-10 19:23 . 2016-05-10 19:23 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-05-10 19:21 . 2016-05-10 19:21 96256 ----a-w- c:\windows\system32\hcwcp.ax
2016-05-10 19:21 . 2016-05-10 19:21 66048 ----a-w- c:\windows\system32\hcwxds.dll
2016-05-10 19:21 . 2016-05-10 19:21 1603712 ----a-w- c:\windows\system32\drivers\HCW85BDA.sys
2016-05-10 19:21 . 2016-05-10 19:21 140800 ----a-w- c:\windows\system32\hcw85enc.ax
2016-05-10 19:21 . 2016-05-10 19:21 139264 ----a-w- c:\windows\system32\hcwecppp.ax
2016-05-10 19:21 . 2016-05-10 19:21 115712 ----a-w- c:\windows\system32\hcw85prop.ax
2016-05-10 19:21 . 2010-07-14 21:51 212480 ----a-w- c:\windows\system32\drivers\nvnrm.sys
2016-05-10 19:21 . 2010-07-14 21:51 13824 ----a-w- c:\windows\system32\drivers\nvnetbus.sys
2016-05-10 19:21 . 2010-07-14 21:51 240232 ----a-w- c:\windows\system32\nvconrm.dll
2016-05-10 19:21 . 2010-07-14 21:51 11264 ----a-w- c:\windows\system32\bdco1ins.dll
2016-05-10 19:21 . 2010-07-14 21:51 11264 ----a-w- c:\windows\system32\bdco1.dll
2016-05-10 19:21 . 2016-05-10 19:21 215656 ----a-w- c:\windows\system32\NVCOSMB.DLL
2016-05-10 19:06 . 2016-05-10 19:06 69120 ----a-w- c:\windows\system32\drivers\AmUStor.sys
2016-05-10 19:06 . 2016-05-10 19:06 11264 ----a-w- c:\windows\system32\AmUStor2.dll
2016-05-10 19:06 . 2016-05-10 19:06 1077248 ----a-w- c:\windows\system32\AmRdrIco.icl
2016-05-10 19:05 . 2016-05-10 19:05 1049376 ----a-w- c:\windows\system32\nvdispco3232723.dll
2016-05-10 19:05 . 2016-05-10 19:05 893728 ----a-w- c:\windows\system32\nvdispgenco3232723.dll
2016-05-10 18:57 . 2016-05-10 18:57 23840 ----a-w- c:\windows\system32\drivers\HWiNFO32.SYS
2016-05-10 18:46 . 2016-05-10 18:46 67216 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2016-05-10 18:46 . 2016-05-10 18:46 58776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-05-10 18:46 . 2016-05-10 18:46 449640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2016-05-10 18:46 . 2016-05-10 18:46 221368 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2016-05-10 18:46 . 2016-05-10 18:46 187208 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2016-05-10 18:46 . 2016-05-10 18:46 91168 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-05-10 18:46 . 2016-05-10 18:46 64272 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2016-05-10 18:46 . 2016-05-10 18:46 32792 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-05-10 18:46 . 2016-05-10 18:46 334280 ----a-w- c:\windows\system32\aswBoot.exe
2016-05-10 18:46 . 2016-05-10 18:46 52184 ----a-w- c:\windows\avastSS.scr
2016-05-10 18:46 . 2016-05-10 18:46 815792 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2016-05-10 18:40 . 2016-05-10 18:40 31832 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2016-05-10 17:08 . 2016-05-10 17:08 707 ----a-w- c:\windows\_default.pif
2016-05-10 17:08 . 2016-05-10 17:08 338944 ----a-w- c:\windows\system32\zipfldr.dll
2016-05-10 17:08 . 2016-05-10 17:55 11776 ----a-w- c:\windows\system32\xolehlp.dll
2016-05-10 17:08 . 2016-05-10 17:08 50176 ----a-w- c:\windows\system32\xmlprovi.dll
2016-05-10 17:08 . 2016-05-10 17:08 129024 ----a-w- c:\windows\system32\xmlprov.dll
2016-05-10 17:08 . 2016-05-10 17:57 6656 ----a-w- c:\windows\system32\wuauserv.dll
2016-05-10 17:08 . 2016-05-10 17:57 183296 ----a-w- c:\windows\system32\wuaueng1.dll
2016-05-10 17:08 . 2016-05-10 17:57 166912 ----a-w- c:\windows\system32\wuauclt1.exe
2016-05-10 17:08 . 2016-05-10 17:08 91648 ----a-w- c:\windows\system32\xactsrv.dll
2016-05-10 17:08 . 2016-05-10 17:08 82944 ----a-w- c:\windows\system32\drivers\wudfrd.sys
2016-05-10 17:08 . 2016-05-10 17:08 77568 ----a-w- c:\windows\system32\drivers\wudfpf.sys
2016-05-10 17:08 . 2016-05-10 17:08 55808 ----a-w- c:\windows\system32\wudfsvc.dll
2016-05-10 17:08 . 2016-05-10 17:08 383488 ----a-w- c:\windows\system32\wzcdlg.dll
2016-05-10 17:08 . 2016-05-10 17:08 32256 ----a-w- c:\windows\system32\wupdmgr.exe
2016-05-10 17:08 . 2016-05-10 17:08 316416 ----a-w- c:\windows\system32\wudfx.dll
2016-05-10 17:08 . 2016-05-10 17:08 30720 ----a-w- c:\windows\system32\xcopy.exe
2016-05-10 17:08 . 2016-05-10 17:08 18432 ----a-w- c:\windows\system32\wtsapi32.dll
2016-05-10 17:08 . 2016-05-10 17:08 175224 ----a-w- c:\windows\system32\xenroll.dll
2016-05-10 17:08 . 2016-05-10 17:08 146432 ----a-w- c:\windows\system32\wudfhost.exe
2016-05-10 17:08 . 2016-05-10 16:53 95344 ----a-w- c:\windows\system32\wudfcoinstaller.dll
2016-05-10 17:08 . 2016-05-10 16:53 165376 ----a-w- c:\windows\system32\wudfplatform.dll
2016-05-10 17:08 . 2016-05-10 17:08 50688 ----a-w- c:\windows\system32\wstdecod.dll
2016-05-10 17:08 . 2016-05-10 17:08 41984 ----a-w- c:\windows\system32\wsnmp32.dll
2016-05-10 17:08 . 2016-05-10 17:08 24576 ----a-w- c:\windows\system32\wsock32.dll
2016-05-10 17:08 . 2016-05-10 17:08 164352 ----a-w- c:\windows\system32\wstpager.ax
2016-05-10 17:08 . 2016-05-10 16:53 239616 ----a-w- c:\windows\system32\wstrenderer.ax
2016-05-10 17:08 . 2016-05-10 17:08 9216 ----a-w- c:\windows\system32\wshatm.dll
2016-05-10 17:08 . 2016-05-10 17:08 90112 ----a-w- c:\windows\system32\wshext.dll
2016-05-10 17:08 . 2016-05-10 17:08 82432 ----a-w- c:\windows\system32\ws2_32.dll
2016-05-10 17:08 . 2016-05-10 17:08 80896 ----a-w- c:\windows\system32\wscsvc.dll
2016-05-10 17:08 . 2016-05-10 17:08 7168 ----a-w- c:\windows\system32\wshnetbs.dll
2016-05-10 17:08 . 2016-05-10 17:08 608256 ----a-w- c:\windows\system32\wsecedit.dll
2016-05-10 17:08 . 2016-05-10 17:08 57392 ----a-w- c:\windows\system32\wshcs.dll
2016-05-10 17:08 . 2016-05-10 17:08 36864 ----a-w- c:\windows\system32\wshcon.dll
2016-05-10 17:08 . 2016-05-10 17:08 19968 ----a-w- c:\windows\system32\ws2help.dll
2016-05-10 17:08 . 2016-05-10 17:08 19456 ----a-w- c:\windows\system32\wshtcpip.dll
2016-05-10 17:08 . 2016-05-10 17:08 155648 ----a-w- c:\windows\system32\wscript.exe
2016-05-10 17:08 . 2016-05-10 17:08 148480 ----a-w- c:\windows\system32\wscui.cpl
2016-05-10 17:08 . 2016-05-10 17:08 14336 ----a-w- c:\windows\system32\wship6.dll
2016-05-10 17:08 . 2016-05-10 17:08 13824 ----a-w- c:\windows\system32\wscntfy.exe
2016-05-10 17:08 . 2016-05-10 17:08 135168 ----a-w- c:\windows\system32\wshom.ocx
2016-05-10 17:08 . 2016-05-10 17:08 12032 ----a-w- c:\windows\system32\drivers\ws2ifsl.sys
2016-05-10 17:08 . 2016-05-10 17:08 11776 ----a-w- c:\windows\system32\wshisn.dll
2016-05-10 17:08 . 2016-05-10 17:08 11264 ----a-w- c:\windows\system32\WshRm.dll
2016-05-10 17:08 . 2016-05-10 17:08 108032 ----a-w- c:\windows\system32\wshbth.dll
2016-05-10 17:08 . 2016-05-10 17:55 5632 ----a-w- c:\windows\system32\write.exe
2016-05-10 17:08 . 2016-05-10 17:08 629760 ----a-w- c:\windows\system32\wpd_ci.dll
2016-05-10 17:08 . 2016-05-10 17:08 38528 ----a-w- c:\windows\system32\drivers\wpdusb.sys
2016-05-10 17:08 . 2016-05-10 17:08 11776 ----a-w- c:\windows\system32\wpnpinst.exe
2016-05-10 17:08 . 2016-05-10 17:08 356352 ----a-w- c:\windows\system32\WPDSp.dll
2016-05-10 17:08 . 2016-05-10 16:53 17408 ----a-w- c:\windows\system32\wpdshextautoplay.exe
2016-05-10 17:08 . 2016-05-10 17:08 2603008 ----a-w- c:\windows\system32\wpdshext.dll
2016-05-10 17:08 . 2016-05-10 16:53 38400 ----a-w- c:\windows\system32\wpdshextres.dll
2016-05-10 17:08 . 2016-05-10 16:53 133632 ----a-w- c:\windows\system32\wpdshserviceobj.dll
2016-05-10 17:08 . 2016-05-10 17:08 767488 ----a-w- c:\windows\system32\wmvsencd.dll
2016-05-10 17:08 . 2016-05-10 17:08 671232 ----a-w- c:\windows\system32\drivers\UMDF\wpdmtpdr.dll
2016-05-10 17:08 . 2016-05-10 17:08 656896 ----a-w- c:\windows\system32\wmvxencd.dll
2016-05-10 17:08 . 2016-05-10 17:08 63488 ----a-w- c:\windows\system32\wpdmtpus.dll
2016-05-10 17:08 . 2016-05-10 17:08 35840 ----a-w- c:\windows\system32\wpdconns.dll
2016-05-10 17:08 . 2016-05-10 17:08 32256 ----a-w- c:\windows\system32\wpabaln.exe
2016-05-10 17:08 . 2016-05-10 17:08 2736 ----a-w- c:\windows\system32\wowdeb.exe
2016-05-10 17:08 . 2016-05-10 17:08 264192 ----a-w- c:\windows\system32\wow32.dll
2016-05-10 17:08 . 2016-05-10 17:08 154624 ----a-w- c:\windows\system32\wpdmtp.dll
2016-05-10 17:08 . 2016-05-10 17:08 1382912 ----a-w- c:\windows\system32\wmvsdecd.dll
2016-05-10 17:08 . 2016-05-10 17:08 10400 ----a-w- c:\windows\system32\wowexec.exe
2016-05-10 17:08 . 2016-05-10 17:08 4096 ----a-w- c:\windows\system32\wmvdmoe2.dll
2016-05-10 17:08 . 2016-05-10 17:08 4096 ----a-w- c:\windows\system32\wmvdmod.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2016-05-10 . F2BC8D5E4924B1370A913B9C36CACFE2 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-05-10 18:46 785176 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWPersistentQueuedReporting"="c:\program files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE" [2007-03-13 39264]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-06-27 7408312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2014-07-02 15724320]
"NvMediaCenter"="NvMCTray.dll" [2014-07-02 376096]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2014-07-02 2593056]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
"RTHDCPL"="RTHDCPL.EXE" [2012-06-06 20065936]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-10-01 2345296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2016-05-27 16:13 96768 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetService\\NvNetworkService.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Animus\\Data aplikací\\uTorrent\\utorrent.exe"=
"c:\\Documents and Settings\\Animus\\Local Settings\\Data aplikací\\AntikVirtualSTB\\AntikVirtualSTB.exe"=
"c:\\Program Files\\UCBrowser\\Application\\Downloader\\download\\MiniThunderPlatform.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Documents and Settings\\Animus\\Local Settings\\Data aplikací\\UCBrowser\\User Data_i18n\\Thunder\\1.0.0.0\\download\\MiniThunderPlatform.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [10.5.2016 20:46 58776]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [10.5.2016 20:46 221368]
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [10.5.2016 18:58 14184]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [10.5.2016 18:58 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [10.5.2016 18:58 14184]
R0 nvlegacy;nvlegacy;c:\windows\system32\drivers\nvlegacy.sys [10.5.2016 18:59 100736]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10.5.2016 20:46 815792]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10.5.2016 20:46 449640]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [10.5.2016 20:57 23840]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [10.5.2016 20:46 32792]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [10.5.2016 20:46 91168]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [1.10.2013 15:51 1612112]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe [26.8.2013 16:46 375056]
R2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [14.5.2016 23:04 1720608]
R2 UCBrowserSvc;UC Browser Service;c:\program files\UCBrowser\Application\UCService.exe [1.1.2010 4:13 557216]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.sys [10.5.2016 21:06 69120]
R3 aswStmXP;Avast StreamFilter Driver;c:\windows\system32\drivers\aswStmXP.sys [10.5.2016 20:46 187208]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [10.5.2016 21:21 1603712]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10.5.2016 20:59 1691480]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [10.5.2016 20:40 31832]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2016-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-10 19:23]
.
2016-06-29 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-10 18:46]
.
2016-06-29 c:\windows\Tasks\Driver Booster Scheduler.job
- c:\program files\IObit\Driver Booster\Scheduler.exe [2016-05-10 14:43]
.
2016-06-28 c:\windows\Tasks\UCBrowserUpdater.job
- c:\program files\UCBrowser\Application\update_task.exe [2010-01-01 08:00]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-seznam-listicka-distribuce - c:\program files\Seznam.cz\distribution\szninstall.exe
HKLM-Run-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe
HKLM_ActiveSetup-{65122CB0-EA0F-47DF-A953-017170ED12F9} - c:\program files\UCBrowser\Application\5.6.12265.1017\Installer\chrmstp.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-06-29 17:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(848)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(208)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\RunDLL32.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: - machine was rebooted
ComboFix-quarantined-files.txt 2016-06-29 15:31
.
Pre-Run: Volných bajtů: 76 235 227 136
Post-Run: Volných bajtů: 77 774 561 280
.
- - End Of File - - 9ABDC062BFDD35D9358674CEBF1CE002
413FC2A0C716421B3158746D63736515

#2 Příspěvek od **JaRon** » 30 čer 2016 06:32

ahoj,
ComboFix nie je utilita do laických ruk - nabudúce bez doporucenia radcov nepouzivaj

Doporucujem vycistit PC s CCleanerom + prescanovat s MBAM v 1.75
Nejake vacsie problemy tam nevidim

Animus · #3 Příspěvek od **Animus** » 30 čer 2016 07:57

Ahoj Mod.
Ten combofix som vycuckol niekde tu na fore, vydim ze robite Technical support for free, je tu sice par reklam ale rad by som vas podporil (viem ze to nepatri do tochto threadu) taze prosim Mod. PM

#4 Příspěvek od **JaRon** » 30 čer 2016 08:13

moznosti podpory mam v podpise http://forum.viry.cz/viewtopic.php?f=7&t=78175

VIRY.CZ

Pokorne prosím o preventívnu prehliadku

Pokorne prosím o preventívnu prehliadku

Re: Pokorne prosím o preventívnu prehliadku

Re: Pokorne prosím o preventívnu prehliadku

Re: Pokorne prosím o preventívnu prehliadku