VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

iexplore.exe a ctfmon

https://forum.viry.cz:443/viewtopic.php?t=143314

Stránka 2 z 2

Re: iexplore.exe a ctfmon

Napsal: 20 bře 2015 07:06
od JaRon
otvor subor C:\Windows\System32\drivers\etc\Hosts v notepade
a zmaz uvedeny riadok
127.0.0.1 idnet.ua-corp.com

Re: iexplore.exe a ctfmon

Napsal: 20 bře 2015 22:47
od Nakashi1
Pokusil jsem se upravit ten soubor hosts a smazal ten řádek, poté sem provedl oba scany a MBAM tam měl nálezy > log. V MBAM jsem dal "Quarantine", než sem si uvědomil, že to asi nemam dělat. :?:
Kouknul sem se znova do toho souboru a ten řádek tam zase byl, tak sem ho smazal.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 20.3.2015
Scan Time: 21:31:04
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.20.07
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Milan

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 346811
Time Elapsed: 48 min, 57 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 1
Broken.OpenCommand, HKCR\regfile\shell\open\command, "regedit.exe" "Good: (regedit.exe "Bad: ("regedit.exe" "%1"),,[ffffffffffffffffffffffffffffffff]")", %4, %5

Folders: 1
PUP.Optional.TriComfi.A, C:\Users\Milan\AppData\Roaming\tricomfi, , [13b48dba236745f1987e357a61a231cf],

Files: 3
PUP.Optional.OpenCandy, C:\Users\Milan\AppData\Local\Temp\OpenCandy\OCSetupHlp.dll, , [388fb592f793cd694c3a090eb25448b8],
PUP.Optional.TriComfi.A, C:\Users\Milan\AppData\Roaming\tricomfi\tivesen.dll, , [13b48dba236745f1987e357a61a231cf],
PUP.Optional.TriComfi.A, C:\Users\Milan\AppData\Roaming\tricomfi\colers.dll, , [13b48dba236745f1987e357a61a231cf],

Physical Sectors: 0
(No malicious items detected)


(end)

Re: iexplore.exe a ctfmon

Napsal: 21 bře 2015 15:44
od JaRon
OK - takze nalezy MBAM si dal do karanteny
este pouzi MBAR - antirootkit, nie MBAM - antimalware

Re: iexplore.exe a ctfmon

Napsal: 23 bře 2015 13:15
od Nakashi1
MBAR nic nenalezl. Problém zůstává.

Re: iexplore.exe a ctfmon

Napsal: 23 bře 2015 13:22
od JaRon
stiahni a uloz na plochu ComboFix

potom spust pod uctom s administratorskym opravnenim


akcia trva cca. 5-10 minut, niekedy i dlhsie -, Pocas scanu nespustaj ziadne ine aplikacie

Nie je dovod na paniku ak stroj bude restartovany
upozornenie: ak pouzivas antispyware s rezidentnim stitem, ten pred scanom vypni.

po restarte aplikacie vytvori log, ulozeny na C:\Combofix.txt (jeho obsah vloz sem)

Re: iexplore.exe a ctfmon

Napsal: 23 bře 2015 14:17
od Nakashi1
ComboFix 15-03-23.01 - Milan 23.03.2015 13:57:27.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.1787.799 [GMT 1:00]
Spuštěný z: c:\users\Milan\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-02-23 do 2015-03-23 )))))))))))))))))))))))))))))))
.
.
2015-03-23 13:08 . 2015-03-23 13:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-23 11:39 . 2015-03-23 12:13 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-03-22 04:13 . 2015-03-23 06:34 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9A547D20-DF22-4804-A24C-4A720DF20F56}\offreg.dll
2015-03-22 04:11 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9A547D20-DF22-4804-A24C-4A720DF20F56}\mpengine.dll
2015-03-20 21:21 . 2015-03-20 21:21 -------- d-----w- c:\users\Milan\AppData\Roaming\cqlcvzqs
2015-03-19 15:38 . 2015-03-19 19:58 -------- d-----w- C:\FRST
2015-03-18 15:27 . 2015-03-18 15:27 -------- d-----w- c:\program files\ConvertHelper3
2015-03-17 18:14 . 2015-03-17 18:14 -------- d-----w- c:\program files (x86)\ASIO4ALL v2
2015-03-17 18:10 . 2006-06-20 08:56 225280 ----a-w- c:\windows\SysWow64\rewire.dll
2015-03-17 18:09 . 2009-08-02 20:09 1554944 ----a-w- c:\windows\SysWow64\vorbis.acm
2015-03-17 18:05 . 2015-03-17 18:10 -------- d-----w- c:\program files (x86)\VstPlugins
2015-03-17 18:04 . 2015-03-17 18:04 -------- d-----w- c:\program files (x86)\Outsim
2015-03-17 17:50 . 2015-03-17 18:09 -------- d-----w- c:\program files (x86)\Image-Line
2015-03-12 15:54 . 2015-03-12 15:54 -------- d-----w- c:\programdata\Logs
2015-03-08 18:54 . 2015-03-14 08:36 -------- d-----w- C:\KVRT_Data
2015-03-08 16:02 . 2015-03-17 18:22 -------- d-----w- C:\Downs
2015-03-01 18:49 . 2015-03-23 13:08 -------- d-----w- c:\users\Milan\AppData\Local\Temp
2015-03-01 18:30 . 2015-03-15 17:01 -------- d-----w- C:\Loc
2015-02-26 18:11 . 2015-02-26 18:11 -------- d-----w- c:\users\Milan\AppData\Roaming\AVAST Software
2015-02-26 18:07 . 2015-02-26 18:07 116728 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-02-26 18:07 . 2015-02-26 18:07 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-02-26 18:07 . 2015-02-26 18:07 436624 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-02-26 18:07 . 2015-02-26 18:07 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-02-26 18:07 . 2015-02-26 18:09 87912 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2015-02-26 18:07 . 2015-02-26 18:07 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-02-26 18:07 . 2015-02-26 18:07 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-02-26 18:07 . 2015-02-26 18:08 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2015-02-26 18:07 . 2015-02-26 18:07 364512 ----a-w- c:\windows\system32\aswBoot.exe
2015-02-26 18:06 . 2015-02-26 18:06 43152 ----a-w- c:\windows\avastSS.scr
2015-02-26 18:04 . 2015-02-26 18:04 -------- d-----w- c:\program files\AVAST Software
2015-02-23 11:49 . 2015-03-12 16:05 -------- d-----w- c:\program files\MKVToolNix
2015-02-23 11:45 . 2015-02-23 11:45 -------- d-----w- c:\users\Milan\AppData\Local\Pinnacle
2015-02-23 11:36 . 2015-02-23 11:36 -------- d-----w- c:\program files (x86)\Common Files\Pinnacle
2015-02-23 11:34 . 2015-02-23 11:34 -------- d-----w- c:\programdata\Pinnacle Studio Ultimate Collection
2015-02-23 11:12 . 2015-02-27 18:44 -------- d-----w- c:\program files (x86)\Pinnacle
2015-02-23 11:12 . 2015-02-27 18:44 -------- d-----w- c:\programdata\Pinnacle
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-23 11:39 . 2014-08-03 09:46 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-23 11:38 . 2014-08-03 09:41 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-24 03:17 . 2010-12-26 08:55 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-02-07 11:29 . 2012-07-01 08:58 701616 ------w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-07 11:29 . 2012-02-15 17:48 71344 ------w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-01 19:38 1720976 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-01 19:38 1720976 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-01 19:38 1720976 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-06-22 968272]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-21 98304]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-02-26 5227112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_Dlls"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 HMFAxCore5decdc700443adec5f3e84408e3098ff;HMFAxCore5decdc700443adec5f3e84408e3098ff;HMFAxCore5decdc700443adec5f3e84408e3098ff.sys;HMFAxCore5decdc700443adec5f3e84408e3098ff.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\eMachines\Registration\GREGsvc.exe;c:\program files (x86)\eMachines\Registration\GREGsvc.exe [x]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-01 19:37 2322576 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-01 19:37 2322576 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-01 19:37 2322576 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-02-26 18:07 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"Acer ePower Management"="c:\program files\eMachines\eMachines Power Management\ePowerTray.exe" [2010-06-11 861216]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office15\ONBttnIE.dll/105
IE: Stáhnout pomocí Net Transportu - c:\program files (x86)\Xi\NetTransport 2\NTAddLink.html
IE: Stáhnout vše pomocí &Net Transportu - c:\program files (x86)\Xi\NetTransport 2\NTAddList.html
TCP: DhcpNameServer = 10.0.0.138
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\8uvf0pmk.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.http - 216.155.139.115
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
SafeBoot-53141663.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-MyFreeCodec - c:\program files (x86)\MyFree Codec\1.0b beta\uninstall.exe
AddRemove-UnityWebPlayer - c:\users\Milan\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_125_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_125_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-03-23 14:13:04
ComboFix-quarantined-files.txt 2015-03-23 13:13
.
Před spuštěním: Volných bajtů: 21 703 266 304
Po spuštění: Volných bajtů: 21 305 442 304
.
- - End Of File - - 0128BA9D6D06FDD51B8BFC5B9E5250E3
A36C5E4F47E84449FF07ED3517B43A31

Re: iexplore.exe a ctfmon

Napsal: 23 bře 2015 15:23
od JaRon
Presun ComboFix
na plochu (ak tam este nie je)

otvor si Poznamkovy blok - notepad

do neho zkopiruj skript z nasledujiceho okna:

Kód: Vybrat vše

Folder::
c:\users\Milan\AppData\Roaming\cqlcvzqs
uloz vytvoreny textovy soubor ako CFScript.txt na plochu

po ulozeni uchop vytvoreny skript lavym tlacitkom mysi a presun ho nad ikonu Combofixu, nad nim skript upust:

Obrázek

po aplikacii by mal vzniknut dalsi log, ten vloz sem :)

Re: iexplore.exe a ctfmon

Napsal: 24 bře 2015 07:37
od Nakashi1
ComboFix 15-03-23.01 - Milan 24.03.2015 7:18.2.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.1787.843 [GMT 1:00]
Spuštěný z: c:\users\Milan\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Milan\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Milan\AppData\Roaming\cqlcvzqs
c:\users\Milan\AppData\Roaming\cqlcvzqs\colers.dll
c:\users\Milan\AppData\Roaming\cqlcvzqs\tivesen.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-02-24 do 2015-03-24 )))))))))))))))))))))))))))))))
.
.
2015-03-24 06:30 . 2015-03-24 06:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-23 11:39 . 2015-03-23 12:13 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-03-22 04:13 . 2015-03-23 06:34 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9A547D20-DF22-4804-A24C-4A720DF20F56}\offreg.dll
2015-03-22 04:11 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9A547D20-DF22-4804-A24C-4A720DF20F56}\mpengine.dll
2015-03-19 15:38 . 2015-03-19 19:58 -------- d-----w- C:\FRST
2015-03-18 15:27 . 2015-03-18 15:27 -------- d-----w- c:\program files\ConvertHelper3
2015-03-17 18:14 . 2015-03-17 18:14 -------- d-----w- c:\program files (x86)\ASIO4ALL v2
2015-03-17 18:10 . 2006-06-20 08:56 225280 ----a-w- c:\windows\SysWow64\rewire.dll
2015-03-17 18:09 . 2009-08-02 20:09 1554944 ----a-w- c:\windows\SysWow64\vorbis.acm
2015-03-17 18:05 . 2015-03-17 18:10 -------- d-----w- c:\program files (x86)\VstPlugins
2015-03-17 18:04 . 2015-03-17 18:04 -------- d-----w- c:\program files (x86)\Outsim
2015-03-17 17:50 . 2015-03-17 18:09 -------- d-----w- c:\program files (x86)\Image-Line
2015-03-12 15:54 . 2015-03-12 15:54 -------- d-----w- c:\programdata\Logs
2015-03-08 18:54 . 2015-03-14 08:36 -------- d-----w- C:\KVRT_Data
2015-03-08 16:02 . 2015-03-24 03:35 -------- d-----w- C:\Downs
2015-03-01 18:49 . 2015-03-24 06:30 -------- d-----w- c:\users\Milan\AppData\Local\Temp
2015-03-01 18:30 . 2015-03-15 17:01 -------- d-----w- C:\Loc
2015-02-26 18:11 . 2015-02-26 18:11 -------- d-----w- c:\users\Milan\AppData\Roaming\AVAST Software
2015-02-26 18:07 . 2015-02-26 18:07 116728 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-02-26 18:07 . 2015-02-26 18:07 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-02-26 18:07 . 2015-02-26 18:07 436624 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-02-26 18:07 . 2015-02-26 18:07 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-02-26 18:07 . 2015-02-26 18:09 87912 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2015-02-26 18:07 . 2015-02-26 18:07 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-02-26 18:07 . 2015-02-26 18:07 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-02-26 18:07 . 2015-02-26 18:08 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2015-02-26 18:07 . 2015-02-26 18:07 364512 ----a-w- c:\windows\system32\aswBoot.exe
2015-02-26 18:06 . 2015-02-26 18:06 43152 ----a-w- c:\windows\avastSS.scr
2015-02-26 18:04 . 2015-02-26 18:04 -------- d-----w- c:\program files\AVAST Software
2015-02-23 11:49 . 2015-03-12 16:05 -------- d-----w- c:\program files\MKVToolNix
2015-02-23 11:45 . 2015-02-23 11:45 -------- d-----w- c:\users\Milan\AppData\Local\Pinnacle
2015-02-23 11:36 . 2015-02-23 11:36 -------- d-----w- c:\program files (x86)\Common Files\Pinnacle
2015-02-23 11:34 . 2015-02-23 11:34 -------- d-----w- c:\programdata\Pinnacle Studio Ultimate Collection
2015-02-23 11:12 . 2015-02-27 18:44 -------- d-----w- c:\program files (x86)\Pinnacle
2015-02-23 11:12 . 2015-02-27 18:44 -------- d-----w- c:\programdata\Pinnacle
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-23 11:39 . 2014-08-03 09:46 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-23 11:38 . 2014-08-03 09:41 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-24 03:17 . 2010-12-26 08:55 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-02-07 11:29 . 2012-07-01 08:58 701616 ------w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-07 11:29 . 2012-02-15 17:48 71344 ------w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-01 19:38 1720976 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-01 19:38 1720976 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-01 19:38 1720976 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-06-22 968272]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-21 98304]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-02-26 5227112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_Dlls"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 HMFAxCore5decdc700443adec5f3e84408e3098ff;HMFAxCore5decdc700443adec5f3e84408e3098ff;HMFAxCore5decdc700443adec5f3e84408e3098ff.sys;HMFAxCore5decdc700443adec5f3e84408e3098ff.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\eMachines\Registration\GREGsvc.exe;c:\program files (x86)\eMachines\Registration\GREGsvc.exe [x]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-01 19:37 2322576 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-01 19:37 2322576 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-01 19:37 2322576 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-02-26 18:07 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"Acer ePower Management"="c:\program files\eMachines\eMachines Power Management\ePowerTray.exe" [2010-06-11 861216]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office15\ONBttnIE.dll/105
IE: Stáhnout pomocí Net Transportu - c:\program files (x86)\Xi\NetTransport 2\NTAddLink.html
IE: Stáhnout vše pomocí &Net Transportu - c:\program files (x86)\Xi\NetTransport 2\NTAddList.html
TCP: DhcpNameServer = 10.0.0.138
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\8uvf0pmk.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.http - 216.155.139.115
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_125_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_125_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-03-24 07:34:57
ComboFix-quarantined-files.txt 2015-03-24 06:34
ComboFix2.txt 2015-03-23 13:13
.
Před spuštěním: 9 623 805 952
Po spuštění: 9 550 135 296
.
- - End Of File - - 75E9964FE54C630F056A60412254F0F7
A36C5E4F47E84449FF07ED3517B43A31

Re: iexplore.exe a ctfmon

Napsal: 24 bře 2015 08:24
od JaRon
nainstaluj MSIE11 a po restarte PC napis, ci problem pretrvava :???:

Re: iexplore.exe a ctfmon

Napsal: 24 bře 2015 09:30
od Nakashi1
Zatim to vypadá dobře. Ale i předtim se to objevilo až po chvíli, co počítač běžel. Takže než zase napíšu, že je to uplně v pořádku, radši chvíli počkám.

Re: iexplore.exe a ctfmon

Napsal: 24 bře 2015 10:16
od JaRon
jasne, vsak aj ja poznam to: Nekric HOP :)
Všechny časy jsou v UTC+01:00
Stránka 2 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz