Re: zablokovaný facebook-zřejmě červ Win32/PSW.Papras.CX Tro
Napsal: 01 črc 2015 18:40
Miluju vás 
, v registrech už to není a na Céčku také ne a facebook už blokovaný není . Log z ComboFix samozřejmě přikládám. Moc děkuji 
ComboFix 15-06-30.01 - Lenka 01.07.2015 19:27:19.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.6030.4099 [GMT 2:00]
Spuštěný z: c:\users\Lenka\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\Lenka\Desktop\CFScript.txt
AV: Panda Internet Security 2015 *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
FW: Panda Firewall *Enabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
SP: Panda Internet Security 2015 *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\BoryItju
c:\programdata\BoryItju\EiheFtav.mbo
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-06-01 do 2015-07-01 )))))))))))))))))))))))))))))))
.
.
2015-07-01 17:31 . 2015-01-29 17:21 61712 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2015-07-01 11:11 . 2015-07-01 11:11 -------- d-----w- C:\_OTM
2015-06-30 19:08 . 2015-07-01 11:52 -------- d-----w- c:\program files\trend micro
2015-06-30 19:08 . 2015-07-01 10:35 -------- d-----w- C:\rsit
2015-06-30 18:49 . 2015-06-30 18:49 -------- d-----w- c:\program files (x86)\CCleaner
2015-06-30 16:29 . 2015-06-12 07:50 12221144 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D8320173-A933-4A14-B0E4-B4F2D35E5858}\mpengine.dll
2015-06-29 08:53 . 2015-06-29 08:53 -------- d-----w- c:\program files (x86)\ESET
2015-06-29 08:06 . 2015-07-01 08:28 -------- d-----w- C:\AdwCleaner
2015-06-27 14:20 . 2015-06-27 14:20 -------- d-----w- c:\users\Lenka\AppData\Roaming\NVIDIA
2015-06-26 14:59 . 2015-06-26 14:59 -------- d-----w- C:\TopCD
2015-06-25 09:59 . 2015-06-25 09:59 -------- d-----w- c:\windows\SysWow64\NV
2015-06-25 09:59 . 2015-06-25 09:59 -------- d-----w- c:\windows\system32\NV
2015-06-23 06:03 . 2015-05-19 03:29 46768 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2015-06-23 06:03 . 2015-05-19 03:14 57520 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2015-06-10 14:11 . 2015-05-25 18:19 1255424 ----a-w- c:\windows\system32\diagtrack.dll
2015-06-10 14:10 . 2015-05-25 18:19 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-06-10 14:07 . 2015-04-29 18:22 14635008 ----a-w- c:\windows\system32\wmp.dll
2015-06-10 13:56 . 2015-04-24 18:17 633856 ----a-w- c:\windows\system32\comctl32.dll
2015-06-10 13:56 . 2015-04-24 17:56 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
2015-06-10 13:56 . 2015-05-25 17:08 3206144 ----a-w- c:\windows\system32\win32k.sys
2015-06-05 10:13 . 2015-05-22 18:18 700416 ----a-w- c:\windows\system32\generaltel.dll
2015-06-05 10:13 . 2015-05-22 18:18 757248 ----a-w- c:\windows\system32\invagent.dll
2015-06-05 10:13 . 2015-05-22 18:18 423424 ----a-w- c:\windows\system32\devinv.dll
2015-06-05 10:13 . 2015-05-22 18:18 1021440 ----a-w- c:\windows\system32\appraiser.dll
2015-06-05 10:13 . 2015-05-22 18:18 45568 ----a-w- c:\windows\system32\acmigration.dll
2015-06-05 10:13 . 2015-05-22 18:13 1119232 ----a-w- c:\windows\system32\aeinv.dll
2015-06-05 10:13 . 2015-05-21 13:19 193536 ----a-w- c:\windows\system32\aepic.dll
2015-06-05 10:13 . 2015-05-22 18:18 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-06-02 06:53 . 2015-05-28 07:04 1898312 ----a-w- c:\windows\system32\nvdispco6435306.dll
2015-06-02 06:53 . 2015-05-28 07:04 1557832 ----a-w- c:\windows\system32\nvdispgenco6435306.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-21 21:34 . 2015-03-10 17:39 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-06-21 21:34 . 2015-03-10 17:39 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-17 09:10 . 2013-12-10 07:13 938752 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2015-06-17 09:10 . 2013-12-10 07:13 1099992 ----a-w- c:\windows\system32\nvumdshimx.dll
2015-06-17 09:10 . 2013-12-10 07:13 176904 ----a-w- c:\windows\system32\nvinitx.dll
2015-06-17 09:10 . 2013-12-10 07:13 155280 ----a-w- c:\windows\SysWow64\nvinit.dll
2015-06-17 09:10 . 2013-12-10 07:13 12855416 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2015-06-17 09:10 . 2013-12-10 07:12 3395648 ----a-w- c:\windows\system32\nvapi64.dll
2015-06-17 06:48 . 2015-03-09 11:37 937616 ----a-w- c:\windows\system32\nvvsvc.exe
2015-06-17 06:48 . 2015-03-09 11:37 74896 ----a-w- c:\windows\system32\nv3dappshextr.dll
2015-06-17 06:48 . 2015-03-09 11:37 62792 ----a-w- c:\windows\system32\nvshext.dll
2015-06-17 06:48 . 2015-03-09 11:37 385168 ----a-w- c:\windows\system32\nvmctray.dll
2015-06-17 06:48 . 2015-03-09 11:37 2558792 ----a-w- c:\windows\system32\nvsvcr.dll
2015-06-17 06:48 . 2015-03-09 11:37 1059472 ----a-w- c:\windows\system32\nv3dappshext.dll
2015-06-17 06:48 . 2015-03-09 11:37 6873232 ----a-w- c:\windows\system32\nvcpl.dll
2015-06-17 06:48 . 2015-03-09 11:37 3492168 ----a-w- c:\windows\system32\nvsvc64.dll
2015-06-11 01:01 . 2015-03-09 11:13 140135120 ----a-w- c:\windows\system32\MRT.exe
2015-06-03 21:04 . 2015-03-09 09:53 1320304 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-06-03 21:04 . 2015-03-09 09:53 1316000 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-06-03 21:04 . 2015-03-09 09:53 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-06-03 21:04 . 2015-03-09 09:53 1571696 ----a-w- c:\windows\system32\nvspcap64.dll
2015-06-02 14:11 . 2015-03-09 11:37 4421614 ----a-w- c:\windows\system32\nvcoproc.bin
2015-05-30 22:07 . 2015-05-30 22:07 172032 ----a-w- c:\windows\SysWow64\AniGIF.ocx
2015-05-25 18:19 . 2015-06-10 14:11 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-06-10 14:11 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-25 18:01 . 2015-06-10 14:11 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-05-25 18:01 . 2015-06-10 14:11 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-06-10 14:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-19 03:14 . 2015-03-09 09:40 61616 ----a-w- c:\windows\system32\nvaudcap64v.dll
2015-05-12 06:27 . 2015-05-29 19:19 1898312 ----a-w- c:\windows\system32\nvdispco6435286.dll
2015-05-12 06:27 . 2015-05-29 19:19 1557648 ----a-w- c:\windows\system32\nvdispgenco6435286.dll
2015-05-01 13:17 . 2015-05-14 01:00 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-01 13:16 . 2015-05-14 01:00 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-04-20 03:17 . 2015-05-13 05:13 1647104 ----a-w- c:\windows\system32\DWrite.dll
2015-04-20 03:17 . 2015-05-13 05:13 1179136 ----a-w- c:\windows\system32\FntCache.dll
2015-04-20 02:56 . 2015-05-13 05:13 1250816 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-04-18 03:10 . 2015-05-13 05:18 460800 ----a-w- c:\windows\system32\certcli.dll
2015-04-18 02:56 . 2015-05-13 05:18 342016 ----a-w- c:\windows\SysWow64\certcli.dll
2015-04-13 03:28 . 2015-05-13 05:13 328704 ----a-w- c:\windows\system32\services.exe
2015-04-11 03:19 . 2015-05-29 19:00 69888 ----a-w- c:\windows\system32\drivers\stream.sys
2015-04-08 03:29 . 2015-05-13 05:13 275456 ----a-w- c:\windows\system32\InkEd.dll
2015-04-08 03:29 . 2015-05-13 05:13 24576 ----a-w- c:\windows\system32\jnwmon.dll
2015-04-08 03:14 . 2015-05-13 05:13 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}]
2015-05-30 22:07 442472 ----a-w- c:\program files (x86)\DAP\LinkVerifier.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"DownloadAccelerator"="c:\program files (x86)\DAP\DAP.EXE" [2015-05-30 4242064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2013-01-11 328504]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2012-10-17 205184]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-27 291608]
"PSUAMain"="c:\program files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" [2015-02-26 40184]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2012-03-26 449168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AMPPALP;Protokol Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys;c:\windows\SYSNATIVE\DRIVERS\InputFilter_FlexDef2b.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSAlpc.sys [x]
S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttp.sys [x]
S1 NNSHTTPS;NNSHTTPS;c:\windows\system32\DRIVERS\NNSHttps.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttps.sys [x]
S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys;c:\windows\SYSNATIVE\DRIVERS\NNSIds.sys [x]
S1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys;c:\windows\SYSNATIVE\DRIVERS\NNSNAHSL.sys [x]
S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPicc.sys [x]
S1 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPihsw.sys [x]
S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPop3.sys [x]
S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys;c:\windows\SYSNATIVE\DRIVERS\NNSProt.sys [x]
S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPrv.sys [x]
S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSSmtp.sys [x]
S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys;c:\windows\SYSNATIVE\DRIVERS\NNSStrm.sys [x]
S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSTlsc.sys [x]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys;c:\windows\SYSNATIVE\DRIVERS\psinknc.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 NanoServiceMain;Panda Protection Service;c:\program files (x86)\Panda Security\Panda Security Protection\PSANHost.exe;c:\program files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 PandaAgent;Panda Devices Agent;c:\program files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe;c:\program files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [x]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINAflt.sys [x]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys;c:\windows\SYSNATIVE\DRIVERS\PSINFile.sys [x]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProc.sys [x]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProt.sys [x]
S2 PSINReg;PSINReg;c:\windows\system32\DRIVERS\PSINReg.sys;c:\windows\SYSNATIVE\DRIVERS\PSINReg.sys [x]
S2 PSUAService;Panda Product Service;c:\program files (x86)\Panda Security\Panda Security Protection\PSUAService.exe;c:\program files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AMPPAL;Virtuální adaptér Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - NVSTREAMKMS
*NewlyCreated* - WS2IFSL
*Deregistered* - PSKMAD
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-06-03 2754704]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-06-03 1571696]
"vspdfprsrv.exe"="c:\program files\Avanquest\Expert PDF 9 Professional\vspdfprsrv.exe" [2013-05-17 10019328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:Tabs
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm
IE: &Verify with DAP - c:\program files (x86)\DAP\dapverify.htm
IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.43.1
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files (x86)\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files (x86)\DAP\dapie.dll
FF - ProfilePath - c:\users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\eoshqzkr.default\
FF - prefs.js: browser.startup.homepage - about:Tabs
FF - prefs.js: network.proxy.ftp - 109.231.140.170
FF - prefs.js: network.proxy.ftp_port - 8081
FF - prefs.js: network.proxy.http - 109.231.140.170
FF - prefs.js: network.proxy.http_port - 8081
FF - prefs.js: network.proxy.socks - 109.231.140.170
FF - prefs.js: network.proxy.socks_port - 8081
FF - prefs.js: network.proxy.ssl - 109.231.140.170
FF - prefs.js: network.proxy.ssl_port - 8081
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-{039BC111-5D42-BD22-5D57-C7073E40209A}_is1 - c:\program files (x86)\SuperEasy Software\Video Converter 2\unins000.exe
AddRemove-{08A25478-C5DD-4EA7-B168-3D687CA987FF} - c:\program files\InstallShield Installation Information\{08A25478-C5DD-4EA7-B168-3D687CA987FF}\Sims3SP05Setup.exe
AddRemove-{117B6BF6-82C3-420C-B284-9247C8568E53} - c:\program files\InstallShield Installation Information\{117B6BF6-82C3-420C-B284-9247C8568E53}\setup.exe
AddRemove-{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43} - c:\program files\InstallShield Installation Information\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}\Sims3SP07Setup.exe
AddRemove-{3BBFD444-5FAB-49F6-98B1-A1954E831399} - c:\program files\InstallShield Installation Information\{3BBFD444-5FAB-49F6-98B1-A1954E831399}\Sims3EP06Setup.exe
AddRemove-{3DE92282-CB49-434F-81BF-94E5B380E889} - c:\program files\InstallShield Installation Information\{3DE92282-CB49-434F-81BF-94E5B380E889}\Sims3EP08Setup.exe
AddRemove-{45057FCE-5784-48BE-8176-D9D00AF56C3C} - c:\program files\InstallShield Installation Information\{45057FCE-5784-48BE-8176-D9D00AF56C3C}\setup.exe
AddRemove-{71828142-5A24-4BD0-97E7-976DA08CE6CF} - c:\program files\InstallShield Installation Information\{71828142-5A24-4BD0-97E7-976DA08CE6CF}\setup.exe
AddRemove-{7B11296A-F894-449C-8DF6-6AAAA7D4D118} - c:\program files\InstallShield Installation Information\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}\Sims3SP04Setup.exe
AddRemove-{910F4A29-1134-49E0-AD8B-56E4A3152BD1} - c:\program files\InstallShield Installation Information\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}\setup.exe
AddRemove-{9B2506E3-9A3F-45B5-96BF-509CAD584650} - c:\program files\InstallShield Installation Information\{9B2506E3-9A3F-45B5-96BF-509CAD584650}\Sims3SP06Setup.exe
AddRemove-{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09} - c:\program files\InstallShield Installation Information\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}\Sims3EP11Setup.exe
AddRemove-{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1} - c:\program files\InstallShield Installation Information\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}\Sims3EP07Setup.exe
AddRemove-{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC} - c:\program files\InstallShield Installation Information\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}\setup.exe
AddRemove-{C05D8CDB-417D-4335-A38C-A0659EDFD6B8} - c:\program files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe
AddRemove-{C12631C6-804D-4B32-B0DD-8A496462F106} - c:\program files\InstallShield Installation Information\{C12631C6-804D-4B32-B0DD-8A496462F106}\Sims3EP05Setup.exe
AddRemove-{D0087539-3C57-44E0-BEE7-D779D546CBE1} - c:\program files\InstallShield Installation Information\{D0087539-3C57-44E0-BEE7-D779D546CBE1}\Sims3SP09Setup.exe
AddRemove-{DB21639E-FE55-432C-BCA2-0C5249E3F79E} - c:\program files\InstallShield Installation Information\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}\Sims3EP10Setup.exe
AddRemove-{E1868CAE-E3B9-4099-8C18-AA8944D336FD} - c:\program files\InstallShield Installation Information\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}\Sims3SP08Setup.exe
AddRemove-{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC} - c:\program files\InstallShield Installation Information\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}\Sims3EP04Setup.exe
AddRemove-{ED436EA8-4145-4703-AE5D-4D09DD24AF5A} - c:\program files\InstallShield Installation Information\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}\setup.exe
AddRemove-{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36} - c:\program files\InstallShield Installation Information\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}\Sims3EP09Setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_160_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_160_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
.
**************************************************************************
.
Celkový čas: 2015-07-01 19:35:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-07-01 17:35
ComboFix2.txt 2015-07-01 12:40
.
Před spuštěním: Volných bajtů: 65 020 514 304
Po spuštění: Volných bajtů: 64 945 729 536
.
- - End Of File - - F8F8D3ACAD4F60C30F1D2156A251FB01
A36C5E4F47E84449FF07ED3517B43A31
, v registrech už to není a na Céčku také ne a facebook už blokovaný není . Log z ComboFix samozřejmě přikládám. Moc děkuji ComboFix 15-06-30.01 - Lenka 01.07.2015 19:27:19.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.6030.4099 [GMT 2:00]
Spuštěný z: c:\users\Lenka\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\Lenka\Desktop\CFScript.txt
AV: Panda Internet Security 2015 *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
FW: Panda Firewall *Enabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
SP: Panda Internet Security 2015 *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\BoryItju
c:\programdata\BoryItju\EiheFtav.mbo
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-06-01 do 2015-07-01 )))))))))))))))))))))))))))))))
.
.
2015-07-01 17:31 . 2015-01-29 17:21 61712 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2015-07-01 11:11 . 2015-07-01 11:11 -------- d-----w- C:\_OTM
2015-06-30 19:08 . 2015-07-01 11:52 -------- d-----w- c:\program files\trend micro
2015-06-30 19:08 . 2015-07-01 10:35 -------- d-----w- C:\rsit
2015-06-30 18:49 . 2015-06-30 18:49 -------- d-----w- c:\program files (x86)\CCleaner
2015-06-30 16:29 . 2015-06-12 07:50 12221144 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D8320173-A933-4A14-B0E4-B4F2D35E5858}\mpengine.dll
2015-06-29 08:53 . 2015-06-29 08:53 -------- d-----w- c:\program files (x86)\ESET
2015-06-29 08:06 . 2015-07-01 08:28 -------- d-----w- C:\AdwCleaner
2015-06-27 14:20 . 2015-06-27 14:20 -------- d-----w- c:\users\Lenka\AppData\Roaming\NVIDIA
2015-06-26 14:59 . 2015-06-26 14:59 -------- d-----w- C:\TopCD
2015-06-25 09:59 . 2015-06-25 09:59 -------- d-----w- c:\windows\SysWow64\NV
2015-06-25 09:59 . 2015-06-25 09:59 -------- d-----w- c:\windows\system32\NV
2015-06-23 06:03 . 2015-05-19 03:29 46768 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2015-06-23 06:03 . 2015-05-19 03:14 57520 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2015-06-10 14:11 . 2015-05-25 18:19 1255424 ----a-w- c:\windows\system32\diagtrack.dll
2015-06-10 14:10 . 2015-05-25 18:19 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-06-10 14:07 . 2015-04-29 18:22 14635008 ----a-w- c:\windows\system32\wmp.dll
2015-06-10 13:56 . 2015-04-24 18:17 633856 ----a-w- c:\windows\system32\comctl32.dll
2015-06-10 13:56 . 2015-04-24 17:56 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
2015-06-10 13:56 . 2015-05-25 17:08 3206144 ----a-w- c:\windows\system32\win32k.sys
2015-06-05 10:13 . 2015-05-22 18:18 700416 ----a-w- c:\windows\system32\generaltel.dll
2015-06-05 10:13 . 2015-05-22 18:18 757248 ----a-w- c:\windows\system32\invagent.dll
2015-06-05 10:13 . 2015-05-22 18:18 423424 ----a-w- c:\windows\system32\devinv.dll
2015-06-05 10:13 . 2015-05-22 18:18 1021440 ----a-w- c:\windows\system32\appraiser.dll
2015-06-05 10:13 . 2015-05-22 18:18 45568 ----a-w- c:\windows\system32\acmigration.dll
2015-06-05 10:13 . 2015-05-22 18:13 1119232 ----a-w- c:\windows\system32\aeinv.dll
2015-06-05 10:13 . 2015-05-21 13:19 193536 ----a-w- c:\windows\system32\aepic.dll
2015-06-05 10:13 . 2015-05-22 18:18 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-06-02 06:53 . 2015-05-28 07:04 1898312 ----a-w- c:\windows\system32\nvdispco6435306.dll
2015-06-02 06:53 . 2015-05-28 07:04 1557832 ----a-w- c:\windows\system32\nvdispgenco6435306.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-21 21:34 . 2015-03-10 17:39 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-06-21 21:34 . 2015-03-10 17:39 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-17 09:10 . 2013-12-10 07:13 938752 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2015-06-17 09:10 . 2013-12-10 07:13 1099992 ----a-w- c:\windows\system32\nvumdshimx.dll
2015-06-17 09:10 . 2013-12-10 07:13 176904 ----a-w- c:\windows\system32\nvinitx.dll
2015-06-17 09:10 . 2013-12-10 07:13 155280 ----a-w- c:\windows\SysWow64\nvinit.dll
2015-06-17 09:10 . 2013-12-10 07:13 12855416 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2015-06-17 09:10 . 2013-12-10 07:12 3395648 ----a-w- c:\windows\system32\nvapi64.dll
2015-06-17 06:48 . 2015-03-09 11:37 937616 ----a-w- c:\windows\system32\nvvsvc.exe
2015-06-17 06:48 . 2015-03-09 11:37 74896 ----a-w- c:\windows\system32\nv3dappshextr.dll
2015-06-17 06:48 . 2015-03-09 11:37 62792 ----a-w- c:\windows\system32\nvshext.dll
2015-06-17 06:48 . 2015-03-09 11:37 385168 ----a-w- c:\windows\system32\nvmctray.dll
2015-06-17 06:48 . 2015-03-09 11:37 2558792 ----a-w- c:\windows\system32\nvsvcr.dll
2015-06-17 06:48 . 2015-03-09 11:37 1059472 ----a-w- c:\windows\system32\nv3dappshext.dll
2015-06-17 06:48 . 2015-03-09 11:37 6873232 ----a-w- c:\windows\system32\nvcpl.dll
2015-06-17 06:48 . 2015-03-09 11:37 3492168 ----a-w- c:\windows\system32\nvsvc64.dll
2015-06-11 01:01 . 2015-03-09 11:13 140135120 ----a-w- c:\windows\system32\MRT.exe
2015-06-03 21:04 . 2015-03-09 09:53 1320304 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-06-03 21:04 . 2015-03-09 09:53 1316000 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-06-03 21:04 . 2015-03-09 09:53 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-06-03 21:04 . 2015-03-09 09:53 1571696 ----a-w- c:\windows\system32\nvspcap64.dll
2015-06-02 14:11 . 2015-03-09 11:37 4421614 ----a-w- c:\windows\system32\nvcoproc.bin
2015-05-30 22:07 . 2015-05-30 22:07 172032 ----a-w- c:\windows\SysWow64\AniGIF.ocx
2015-05-25 18:19 . 2015-06-10 14:11 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-06-10 14:11 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-25 18:01 . 2015-06-10 14:11 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-05-25 18:01 . 2015-06-10 14:11 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-06-10 14:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-19 03:14 . 2015-03-09 09:40 61616 ----a-w- c:\windows\system32\nvaudcap64v.dll
2015-05-12 06:27 . 2015-05-29 19:19 1898312 ----a-w- c:\windows\system32\nvdispco6435286.dll
2015-05-12 06:27 . 2015-05-29 19:19 1557648 ----a-w- c:\windows\system32\nvdispgenco6435286.dll
2015-05-01 13:17 . 2015-05-14 01:00 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-01 13:16 . 2015-05-14 01:00 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-04-20 03:17 . 2015-05-13 05:13 1647104 ----a-w- c:\windows\system32\DWrite.dll
2015-04-20 03:17 . 2015-05-13 05:13 1179136 ----a-w- c:\windows\system32\FntCache.dll
2015-04-20 02:56 . 2015-05-13 05:13 1250816 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-04-18 03:10 . 2015-05-13 05:18 460800 ----a-w- c:\windows\system32\certcli.dll
2015-04-18 02:56 . 2015-05-13 05:18 342016 ----a-w- c:\windows\SysWow64\certcli.dll
2015-04-13 03:28 . 2015-05-13 05:13 328704 ----a-w- c:\windows\system32\services.exe
2015-04-11 03:19 . 2015-05-29 19:00 69888 ----a-w- c:\windows\system32\drivers\stream.sys
2015-04-08 03:29 . 2015-05-13 05:13 275456 ----a-w- c:\windows\system32\InkEd.dll
2015-04-08 03:29 . 2015-05-13 05:13 24576 ----a-w- c:\windows\system32\jnwmon.dll
2015-04-08 03:14 . 2015-05-13 05:13 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}]
2015-05-30 22:07 442472 ----a-w- c:\program files (x86)\DAP\LinkVerifier.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"DownloadAccelerator"="c:\program files (x86)\DAP\DAP.EXE" [2015-05-30 4242064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2013-01-11 328504]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2012-10-17 205184]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-27 291608]
"PSUAMain"="c:\program files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" [2015-02-26 40184]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2012-03-26 449168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AMPPALP;Protokol Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys;c:\windows\SYSNATIVE\DRIVERS\InputFilter_FlexDef2b.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSAlpc.sys [x]
S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttp.sys [x]
S1 NNSHTTPS;NNSHTTPS;c:\windows\system32\DRIVERS\NNSHttps.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttps.sys [x]
S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys;c:\windows\SYSNATIVE\DRIVERS\NNSIds.sys [x]
S1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys;c:\windows\SYSNATIVE\DRIVERS\NNSNAHSL.sys [x]
S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPicc.sys [x]
S1 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPihsw.sys [x]
S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPop3.sys [x]
S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys;c:\windows\SYSNATIVE\DRIVERS\NNSProt.sys [x]
S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPrv.sys [x]
S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSSmtp.sys [x]
S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys;c:\windows\SYSNATIVE\DRIVERS\NNSStrm.sys [x]
S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSTlsc.sys [x]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys;c:\windows\SYSNATIVE\DRIVERS\psinknc.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 NanoServiceMain;Panda Protection Service;c:\program files (x86)\Panda Security\Panda Security Protection\PSANHost.exe;c:\program files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 PandaAgent;Panda Devices Agent;c:\program files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe;c:\program files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [x]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINAflt.sys [x]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys;c:\windows\SYSNATIVE\DRIVERS\PSINFile.sys [x]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProc.sys [x]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProt.sys [x]
S2 PSINReg;PSINReg;c:\windows\system32\DRIVERS\PSINReg.sys;c:\windows\SYSNATIVE\DRIVERS\PSINReg.sys [x]
S2 PSUAService;Panda Product Service;c:\program files (x86)\Panda Security\Panda Security Protection\PSUAService.exe;c:\program files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AMPPAL;Virtuální adaptér Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - NVSTREAMKMS
*NewlyCreated* - WS2IFSL
*Deregistered* - PSKMAD
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-06-03 2754704]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-06-03 1571696]
"vspdfprsrv.exe"="c:\program files\Avanquest\Expert PDF 9 Professional\vspdfprsrv.exe" [2013-05-17 10019328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:Tabs
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm
IE: &Verify with DAP - c:\program files (x86)\DAP\dapverify.htm
IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.43.1
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files (x86)\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files (x86)\DAP\dapie.dll
FF - ProfilePath - c:\users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\eoshqzkr.default\
FF - prefs.js: browser.startup.homepage - about:Tabs
FF - prefs.js: network.proxy.ftp - 109.231.140.170
FF - prefs.js: network.proxy.ftp_port - 8081
FF - prefs.js: network.proxy.http - 109.231.140.170
FF - prefs.js: network.proxy.http_port - 8081
FF - prefs.js: network.proxy.socks - 109.231.140.170
FF - prefs.js: network.proxy.socks_port - 8081
FF - prefs.js: network.proxy.ssl - 109.231.140.170
FF - prefs.js: network.proxy.ssl_port - 8081
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-{039BC111-5D42-BD22-5D57-C7073E40209A}_is1 - c:\program files (x86)\SuperEasy Software\Video Converter 2\unins000.exe
AddRemove-{08A25478-C5DD-4EA7-B168-3D687CA987FF} - c:\program files\InstallShield Installation Information\{08A25478-C5DD-4EA7-B168-3D687CA987FF}\Sims3SP05Setup.exe
AddRemove-{117B6BF6-82C3-420C-B284-9247C8568E53} - c:\program files\InstallShield Installation Information\{117B6BF6-82C3-420C-B284-9247C8568E53}\setup.exe
AddRemove-{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43} - c:\program files\InstallShield Installation Information\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}\Sims3SP07Setup.exe
AddRemove-{3BBFD444-5FAB-49F6-98B1-A1954E831399} - c:\program files\InstallShield Installation Information\{3BBFD444-5FAB-49F6-98B1-A1954E831399}\Sims3EP06Setup.exe
AddRemove-{3DE92282-CB49-434F-81BF-94E5B380E889} - c:\program files\InstallShield Installation Information\{3DE92282-CB49-434F-81BF-94E5B380E889}\Sims3EP08Setup.exe
AddRemove-{45057FCE-5784-48BE-8176-D9D00AF56C3C} - c:\program files\InstallShield Installation Information\{45057FCE-5784-48BE-8176-D9D00AF56C3C}\setup.exe
AddRemove-{71828142-5A24-4BD0-97E7-976DA08CE6CF} - c:\program files\InstallShield Installation Information\{71828142-5A24-4BD0-97E7-976DA08CE6CF}\setup.exe
AddRemove-{7B11296A-F894-449C-8DF6-6AAAA7D4D118} - c:\program files\InstallShield Installation Information\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}\Sims3SP04Setup.exe
AddRemove-{910F4A29-1134-49E0-AD8B-56E4A3152BD1} - c:\program files\InstallShield Installation Information\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}\setup.exe
AddRemove-{9B2506E3-9A3F-45B5-96BF-509CAD584650} - c:\program files\InstallShield Installation Information\{9B2506E3-9A3F-45B5-96BF-509CAD584650}\Sims3SP06Setup.exe
AddRemove-{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09} - c:\program files\InstallShield Installation Information\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}\Sims3EP11Setup.exe
AddRemove-{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1} - c:\program files\InstallShield Installation Information\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}\Sims3EP07Setup.exe
AddRemove-{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC} - c:\program files\InstallShield Installation Information\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}\setup.exe
AddRemove-{C05D8CDB-417D-4335-A38C-A0659EDFD6B8} - c:\program files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe
AddRemove-{C12631C6-804D-4B32-B0DD-8A496462F106} - c:\program files\InstallShield Installation Information\{C12631C6-804D-4B32-B0DD-8A496462F106}\Sims3EP05Setup.exe
AddRemove-{D0087539-3C57-44E0-BEE7-D779D546CBE1} - c:\program files\InstallShield Installation Information\{D0087539-3C57-44E0-BEE7-D779D546CBE1}\Sims3SP09Setup.exe
AddRemove-{DB21639E-FE55-432C-BCA2-0C5249E3F79E} - c:\program files\InstallShield Installation Information\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}\Sims3EP10Setup.exe
AddRemove-{E1868CAE-E3B9-4099-8C18-AA8944D336FD} - c:\program files\InstallShield Installation Information\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}\Sims3SP08Setup.exe
AddRemove-{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC} - c:\program files\InstallShield Installation Information\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}\Sims3EP04Setup.exe
AddRemove-{ED436EA8-4145-4703-AE5D-4D09DD24AF5A} - c:\program files\InstallShield Installation Information\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}\setup.exe
AddRemove-{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36} - c:\program files\InstallShield Installation Information\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}\Sims3EP09Setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_160_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_160_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
.
**************************************************************************
.
Celkový čas: 2015-07-01 19:35:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-07-01 17:35
ComboFix2.txt 2015-07-01 12:40
.
Před spuštěním: Volných bajtů: 65 020 514 304
Po spuštění: Volných bajtů: 64 945 729 536
.
- - End Of File - - F8F8D3ACAD4F60C30F1D2156A251FB01
A36C5E4F47E84449FF07ED3517B43A31
