VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

svchost.com ,se ukazuje a blokuje vše

https://forum.viry.cz:443/viewtopic.php?t=146291

Stránka 2 z 3

Re: svchost.com ,se ukazuje a blokuje vše

Napsal: 03 říj 2015 07:49
od ebola
zdravim,tak bohužel ani v nouzovém režimu se to nepodařilo.nepomohlo ani obnovení systému.nějaká rada ještě před tim než se pustim do instalace nového sytému ?

Re: svchost.com ,se ukazuje a blokuje vše

Napsal: 03 říj 2015 10:48
od Rudy
Zkuste kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

Re: svchost.com ,se ukazuje a blokuje vše

Napsal: 03 říj 2015 12:14
od ebola
Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 3.10.2015
Čas skenování: 12:57
Protokol: log.txt
Správce: Ano

Verze: 2.1.8.1057
Databáze malwaru: v2015.10.03.01
Databáze rootkitů: v2015.10.02.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: jemin

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 380212
Uplynulý čas: 4 min, 0 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 4
Hijack.ExeFile, HKLM\SOFTWARE\CLASSES\EXEFILE\SHELL\OPEN\COMMAND, C:\Windows\svchost.com "Dobré: ("Špatné: (C:\Windows\svchost.com "%1" %*),,[a6e750026f1c231363c6b6ceeb1aea16]" %*)" %*, %4, %5
Hijack.ExeFile, HKLM\SOFTWARE\CLASSES\WOW6432NODE\EXEFILE\SHELL\OPEN\COMMAND, C:\Windows\svchost.com "Dobré: ("Špatné: (C:\Windows\svchost.com "%1" %*),,[4f3e480ad4b7261068c1285c3acbe51b]" %*)" %*, %4, %5
Hijack.ExeFile, HKLM\SOFTWARE\WOW6432NODE\CLASSES\EXEFILE\SHELL\OPEN\COMMAND, C:\Windows\svchost.com "Dobré: ("Špatné: (C:\Windows\svchost.com "%1" %*),,[256876dc6a213105a584681c70958878]" %*)" %*, %4, %5
Broken.OpenCommand, HKCR\exefile\shell\open\command, C:\Windows\svchost.com "Dobré: ("Špatné: (C:\Windows\svchost.com "%1" %*),,[ffffffffffffffffffffffffffffffff]" %*)" %*, %4, %5

Re: svchost.com ,se ukazuje a blokuje vše

Napsal: 03 říj 2015 12:20
od Rudy
Všechny nálezy smažte.

Re: svchost.com ,se ukazuje a blokuje vše

Napsal: 03 říj 2015 18:50
od ebola
smazáno,pořád je tam neřád,po mazání log

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 3.10.2015
Čas skenování: 19:40
Protokol: 22222222222222.txt
Správce: Ano

Verze: 2.1.8.1057
Databáze malwaru: v2015.10.03.04
Databáze rootkitů: v2015.10.02.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: jemin

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 380588
Uplynulý čas: 4 min, 9 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 4
Hijack.ExeFile, HKLM\SOFTWARE\CLASSES\EXEFILE\SHELL\OPEN\COMMAND, C:\Windows\svchost.com "Dobré: ("Špatné: (C:\Windows\svchost.com "%1" %*),,[e2aeb99955362016a2771174e91c0af6]" %*)" %*, %4, %5
Hijack.ExeFile, HKLM\SOFTWARE\CLASSES\WOW6432NODE\EXEFILE\SHELL\OPEN\COMMAND, C:\Windows\svchost.com "Dobré: ("Špatné: (C:\Windows\svchost.com "%1" %*),,[1a76e86af09b61d51efb117459acfa06]" %*)" %*, %4, %5
Hijack.ExeFile, HKLM\SOFTWARE\WOW6432NODE\CLASSES\EXEFILE\SHELL\OPEN\COMMAND, C:\Windows\svchost.com "Dobré: ("Špatné: (C:\Windows\svchost.com "%1" %*),,[4a465ef4602b280ef9204b3a44c1857b]" %*)" %*, %4, %5
Broken.OpenCommand, HKCR\exefile\shell\open\command, C:\Windows\svchost.com "Dobré: ("Špatné: (C:\Windows\svchost.com "%1" %*),,[ffffffffffffffffffffffffffffffff]" %*)" %*, %4, %5

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

Re: svchost.com ,se ukazuje a blokuje vše

Napsal: 03 říj 2015 19:07
od Rudy
Dejte log ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

Re: svchost.com ,se ukazuje a blokuje vše

Napsal: 04 říj 2015 07:20
od ebola
log -

ComboFix 15-10-01.01 - jemin 04.10.2015 8:15.4.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.8079.6063 [GMT 2:00]
Spuštěný z: c:\users\jemin\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe
c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
c:\users\jemin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3bd13f8af846694af836aa5a2c763ceb.exe
c:\users\jemin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\78da0422172bb1c4bf8f5b473fa4639a.exe
c:\users\jemin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dorogomyi.exe
c:\windows\directx.sys
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-09-04 do 2015-10-04 )))))))))))))))))))))))))))))))
.
.
2015-10-04 06:17 . 2015-10-04 06:17 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-10-04 06:17 . 2015-10-04 06:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-10-04 06:09 . 2015-10-04 06:09 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{817685ED-649D-4568-86C0-EDE8057FE9E8}\offreg.556.dll
2015-10-03 17:39 . 2015-08-31 22:45 11062400 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{817685ED-649D-4568-86C0-EDE8057FE9E8}\mpengine.dll
2015-10-03 07:00 . 2015-10-03 07:00 -------- d-----w- c:\users\jemin\AppData\Roaming\SUPERAntiSpyware.com
2015-10-03 06:59 . 2015-10-03 07:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2015-10-03 06:59 . 2015-10-03 06:59 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2015-10-02 17:39 . 2015-10-02 17:39 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2015-10-02 17:34 . 2014-06-27 07:32 460888 ----a-w- c:\windows\system32\drivers\78474504.sys
2015-10-02 16:48 . 2015-08-31 22:45 11062400 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-10-01 23:10 . 2015-10-04 06:08 16056 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2015-10-01 23:10 . 2015-10-01 23:10 -------- d-----w- c:\users\jemin\AppData\Local\SlimWare Utilities Inc
2015-10-01 17:15 . 2015-10-03 06:41 -------- d-----w- C:\FRST
2015-09-28 14:30 . 2015-09-28 14:30 -------- d-----w- c:\programdata\KONAMI
2015-09-27 17:56 . 2015-09-29 18:25 -------- d-----w- c:\programdata\Isolated Storage
2015-09-24 07:04 . 2015-09-13 21:50 574072 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2015-09-24 06:00 . 2015-09-24 06:00 -------- d-----w- c:\windows\SysWow64\RTCOM
2015-09-24 05:54 . 2015-09-24 05:54 144 ----a-w- c:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-09-24 05:38 . 2015-07-01 14:13 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4117EF70-BACD-4B92-9AEE-38EE80BBA508}\gapaengine.dll
2015-09-24 05:14 . 2015-10-04 06:08 -------- d-sh--w- c:\users\jemin\IntelGraphicsProfiles
2015-09-24 05:14 . 2015-09-24 05:14 451 ----a-w- c:\windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-09-23 16:12 . 2015-09-23 16:12 -------- d-----w- c:\program files\Logitech
2015-09-23 16:12 . 2015-09-23 16:12 -------- d-----w- c:\program files\Common Files\Logitech
2015-09-23 16:08 . 2015-09-23 16:08 -------- d-----w- c:\programdata\SlimWare Utilities, Inc
2015-09-23 16:07 . 2015-09-23 16:07 -------- d-----w- c:\users\jemin\AppData\Local\Downloaded Installers
2015-09-23 16:07 . 2015-09-23 16:07 -------- d-----w- c:\program files (x86)\SlimDrivers
2015-09-21 14:09 . 2014-05-29 03:13 949763 ----a-w- c:\users\jemin\AppData\Roaming\Microsoft\Sensors\libiconv-2.dll
2015-09-21 14:09 . 2014-05-29 03:13 523635 ----a-w- c:\users\jemin\AppData\Roaming\Microsoft\Sensors\libcurl-4.dll
2015-09-21 14:09 . 2014-05-29 03:13 305490 ----a-w- c:\users\jemin\AppData\Roaming\Microsoft\Sensors\libwinpthread-1.dll
2015-09-21 14:09 . 2014-05-29 03:13 211196 ----a-w- c:\users\jemin\AppData\Roaming\Microsoft\Sensors\libidn-11.dll
2015-09-21 14:09 . 2014-05-29 03:13 116224 ----a-w- c:\users\jemin\AppData\Roaming\Microsoft\Sensors\zlib1.dll
2015-09-21 14:09 . 2014-05-29 03:13 114753 ----a-w- c:\users\jemin\AppData\Roaming\Microsoft\Sensors\libintl-8.dll
2015-09-14 10:26 . 2015-09-14 10:26 -------- d-----w- c:\program files (x86)\Common Files\Skype
2015-09-14 10:26 . 2015-09-14 10:26 -------- d-----r- c:\program files (x86)\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-04 06:08 . 2014-05-11 05:47 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-09-22 13:11 . 2015-04-16 10:58 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-09-22 13:11 . 2015-04-16 10:58 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-09-14 00:29 . 2015-08-13 16:27 15513208 ----a-w- c:\windows\system32\nvd3dumx.dll
2015-09-14 00:29 . 2015-07-30 19:40 14635600 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2015-09-14 00:29 . 2014-08-09 06:24 3530608 ----a-w- c:\windows\system32\nvapi64.dll
2015-09-14 00:29 . 2014-08-09 06:24 17082928 ----a-w- c:\windows\system32\nvwgf2umx.dll
2015-09-14 00:29 . 2014-08-09 06:24 12514824 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2015-09-14 00:29 . 2014-03-20 10:11 3116160 ----a-w- c:\windows\SysWow64\nvapi.dll
2015-09-13 22:09 . 2014-03-20 10:12 937776 ----a-w- c:\windows\system32\nvvsvc.exe
2015-09-13 22:09 . 2014-03-20 10:12 62584 ----a-w- c:\windows\system32\nvshext.dll
2015-09-13 22:09 . 2014-03-20 10:12 385144 ----a-w- c:\windows\system32\nvmctray.dll
2015-09-13 22:09 . 2014-03-20 10:12 2558584 ----a-w- c:\windows\system32\nvsvcr.dll
2015-09-13 22:09 . 2014-03-20 10:12 6884984 ----a-w- c:\windows\system32\nvcpl.dll
2015-09-13 22:09 . 2014-03-20 10:12 3496056 ----a-w- c:\windows\system32\nvsvc64.dll
2015-09-11 12:17 . 2014-03-20 10:12 5231082 ----a-w- c:\windows\system32\nvcoproc.bin
2015-08-27 00:37 . 2014-06-04 04:41 1316000 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-08-27 00:37 . 2014-05-30 08:32 1423120 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-08-27 00:36 . 2014-06-04 04:41 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-08-27 00:36 . 2014-05-30 08:32 1710568 ----a-w- c:\windows\system32\nvspcap64.dll
2015-08-25 18:46 . 2015-08-31 18:02 1898288 ----a-w- c:\windows\system32\nvdispco6435582.dll
2015-08-25 18:46 . 2015-08-31 18:02 1558648 ----a-w- c:\windows\system32\nvdispgenco6435582.dll
2015-08-11 04:52 . 2015-08-31 16:57 69416 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2015-08-11 04:52 . 2015-08-31 16:57 50472 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2015-08-11 04:52 . 2014-05-29 04:17 72504 ----a-w- c:\windows\system32\nvaudcap64v.dll
2015-08-07 11:06 . 2015-08-13 16:27 1898104 ----a-w- c:\windows\system32\nvdispco6435560.dll
2015-08-07 11:06 . 2015-08-13 16:27 1558832 ----a-w- c:\windows\system32\nvdispgenco6435560.dll
2015-07-23 04:06 . 2015-07-30 19:40 1898128 ----a-w- c:\windows\system32\nvdispco6435362.dll
2015-07-23 04:06 . 2015-07-30 19:40 1557648 ----a-w- c:\windows\system32\nvdispgenco6435362.dll
2015-07-15 03:19 . 2015-07-21 14:58 41984 ----a-w- c:\windows\system32\lpk.dll
2015-07-15 03:19 . 2015-07-21 14:58 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-07-15 03:19 . 2015-07-21 14:58 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-07-15 03:19 . 2015-07-21 14:58 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-07-15 02:55 . 2015-07-21 14:58 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-07-15 02:55 . 2015-07-21 14:58 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-07-15 02:55 . 2015-07-21 14:58 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-07-15 02:54 . 2015-07-21 14:58 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-07-15 01:59 . 2015-07-21 14:58 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-07-15 01:52 . 2015-07-21 14:58 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-07-09 17:59 . 2015-07-20 16:31 17856 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-07-09 17:58 . 2015-07-20 16:31 37888 ----a-w- c:\windows\system32\wups2.dll
2015-07-09 17:58 . 2015-07-20 16:31 36864 ----a-w- c:\windows\system32\wups.dll
2015-07-09 17:58 . 2015-07-20 16:31 192000 ----a-w- c:\windows\system32\wuwebv.dll
2015-07-09 17:58 . 2015-07-20 16:31 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-07-09 17:58 . 2015-07-20 16:31 696320 ----a-w- c:\windows\system32\wuapi.dll
2015-07-09 17:58 . 2015-07-20 16:31 3154944 ----a-w- c:\windows\system32\wucltux.dll
2015-07-09 17:58 . 2015-07-20 16:31 2603008 ----a-w- c:\windows\system32\wuaueng.dll
2015-07-09 17:58 . 2015-07-20 16:31 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-07-09 17:58 . 2015-07-20 16:31 91136 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-07-09 17:58 . 2015-07-20 16:31 765440 ----a-w- c:\windows\system32\invagent.dll
2015-07-09 17:58 . 2015-07-20 16:31 433664 ----a-w- c:\windows\system32\devinv.dll
2015-07-09 17:58 . 2015-07-20 16:31 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-07-09 17:58 . 2015-07-20 16:31 1085440 ----a-w- c:\windows\system32\appraiser.dll
2015-07-09 17:58 . 2015-07-20 16:31 67584 ----a-w- c:\windows\system32\acmigration.dll
2015-07-09 17:58 . 2015-07-20 16:31 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-07-09 17:58 . 2015-07-20 16:31 37376 ----a-w- c:\windows\system32\wuapp.exe
2015-07-09 17:58 . 2015-07-20 16:31 139776 ----a-w- c:\windows\system32\wuauclt.exe
2015-07-09 17:50 . 2015-07-20 16:31 1145856 ----a-w- c:\windows\system32\aeinv.dll
2015-07-09 17:43 . 2015-07-20 16:31 93184 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-07-09 17:43 . 2015-07-20 16:31 30208 ----a-w- c:\windows\SysWow64\wups.dll
2015-07-09 17:43 . 2015-07-20 16:31 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-07-09 17:43 . 2015-07-20 16:31 566784 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-07-09 17:42 . 2015-07-20 16:31 34816 ----a-w- c:\windows\SysWow64\wuapp.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Svátky a výročí"="c:\program files (x86)\OKsoftware\Svátky a výročí\Vyroci.exe" [2015-09-30 1061376]
"HP Deskjet 3520 series (NET)"="c:\program files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-08-07 53736048]
"tmpF6E6"="wscript.exe" [2013-10-12 141824]
"tmp3C12"="wscript.exe" [2013-10-12 141824]
"tmp5666"="wscript.exe" [2013-10-12 141824]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2015-10-03 7935768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
.
c:\users\jemin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
3107e2cc85325510acbf81112a41804e.exe [2015-9-23 73216]
Sledovat výstrahy inkoustu - HP Deskjet 3520 series (Síť).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 3520 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN42H2G0CM05SZ;CONNECTION=NW;MONITOR=1; [2009-7-14 45568]
Vesmír na dlani.lnk - c:\program files (x86)\Noční obloha\vesmir.exe [2003-11-29 98816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GamePark klient 2.lnk - c:\program files\GamePark2\gpcl.exe [2014-3-22 442880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl561a97af;MpKsl561a97af;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29CE705E-E86C-4B09-9E9E-6B47C8595B0B}\MpKsl561a97af.sys;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29CE705E-E86C-4B09-9E9E-6B47C8595B0B}\MpKsl561a97af.sys [x]
R1 UsbCharger;UsbCharger;c:\windows\system32\DRIVERS\UsbCharger.sys;c:\windows\SYSNATIVE\DRIVERS\UsbCharger.sys [x]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 SlimService;SlimWare Utility Service Launcher;c:\program files\SlimService\SlimServiceFactory.exe;c:\program files\SlimService\SlimServiceFactory.exe [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe [x]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S0 78474504;78474504;c:\windows\system32\DRIVERS\78474504.sys;c:\windows\SYSNATIVE\DRIVERS\78474504.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys;c:\windows\SYSNATIVE\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys;c:\windows\SYSNATIVE\DRIVERS\NBVolUp.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 ABBYY.Licensing.FineReader.Home.10.0;ABBYY FineReader 10 HE Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\Home\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\Home\NetworkLicenseServer.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe;c:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [x]
S2 ssinstall;SInstalátor;c:\windows\SysWOW64\ssins.exe;c:\windows\SysWOW64\ssins.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-09-30 16:03 1039176 ----a-w- c:\program files (x86)\Google\Chrome\Application\45.0.2454.101\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-18 16:03]
.
2015-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-18 16:03]
.
2015-10-03 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\users\jemin\AppData\Roaming\HP Photo Creations\Communicator.exe [2011-06-16 16:02]
.
2015-10-04 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2015-08-19 13:55]
.
2015-10-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 2cf1ba23-eae5-439e-b1b8-0b7d3b4c627e.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
2015-10-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 842b8213-8de2-475e-a8cb-420f01291a14.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-07-29 07:23 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-07-29 07:23 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-07-29 07:23 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-08-07 36352]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-08-27 2634872]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-08-27 1710568]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2000-01-01 190536]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2000-01-01 13876952]
"3bd13f8af846694af836aa5a2c763ceb"="c:\programdata\system32.exe" [BU]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.seznam.cz/
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
Wow6432Node-HKCU-Run-DAEMON Tools Pro Agent - c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe
Wow6432Node-HKCU-Run-SlimCleaner Plus - c:\program files\SlimCleaner Plus\SlimCleanerPlus.exe
Wow6432Node-HKLM-Run-USB3MON - c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
Wow6432Node-HKLM-Run-HP Software Update - c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
c:\users\jemin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_78474504.lnk - c:\users\jemin\AppData\Local\Temp\_uninst_78474504.bat
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} - (no file)
AddRemove-QXNzYXNzaW5zQ3JlZWRVbml0eQ==_is1 - c:\program files (x86)\Assassin's Creed Unity\unins000.exe
AddRemove-ssinstall - c:\windows\system32\ssinstall-uninstall.bat
AddRemove-The Evil Within_is1 - d:\program files (x86)\The Evil Within\unins001.exe
AddRemove-V29sZmVuc3RlaW5UaGVOZXdPcmRlcg==_is1 - d:\program files (x86)\Wolfenstein The New Order\unins001.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_185_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_185_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_185_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_185_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.19"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-10-04 08:18:37
ComboFix-quarantined-files.txt 2015-10-04 06:18
ComboFix2.txt 2015-10-01 17:07
ComboFix3.txt 2015-09-15 10:35
ComboFix4.txt 2015-08-09 04:42
.
Před spuštěním: Volných bajtů: 50 722 328 576
Po spuštění: Volných bajtů: 50 159 132 672
.
- - End Of File - - 6114DCD8493287217B4B58365639A3C1
A36C5E4F47E84449FF07ED3517B43A31

Re: svchost.com ,se ukazuje a blokuje vše

Napsal: 04 říj 2015 11:45
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
KillAll::

File::
c:\windows\system32\drivers\78474504.sys
c:\windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
c:\users\jemin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3107e2cc85325510acbf81112a41804e.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tmpF6E6"=-
"tmp3C12"=-
"tmp5666"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"3bd13f8af846694af836aa5a2c763ceb"=-

Driver::
BBSvc
BBUpdate
78474504

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Reboot::
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Re: svchost.com ,se ukazuje a blokuje vše

Napsal: 04 říj 2015 12:19
od ebola
log ,je to tam pořád

ComboFix 15-10-01.01 - jemin 04.10.2015 13:13:02.6.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.8079.6547 [GMT 2:00]
Spuštěný z: c:\users\jemin\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\directx.sys
c:\windows\TEMP\3582-490\jhi_service.exe
.
---- Předchozí spuštění -------
.
c:\users\jemin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3107e2cc85325510acbf81112a41804e.exe
c:\windows\svchost.com
c:\windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
c:\windows\system32\drivers\78474504.sys
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_78474504
-------\Service_78474504
-------\Service_BBSvc
-------\Service_BBUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-09-04 do 2015-10-04 )))))))))))))))))))))))))))))))
.
.
2015-10-04 11:15 . 2015-10-04 11:15 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-10-04 11:15 . 2015-10-04 11:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-10-04 11:13 . 2015-10-04 11:13 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{817685ED-649D-4568-86C0-EDE8057FE9E8}\offreg.596.dll
2015-10-03 17:39 . 2015-08-31 22:45 11062400 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{817685ED-649D-4568-86C0-EDE8057FE9E8}\mpengine.dll
2015-10-02 17:39 . 2015-10-02 17:39 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2015-10-02 16:48 . 2015-08-31 22:45 11062400 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-10-01 23:10 . 2015-10-04 11:12 16056 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2015-10-01 23:10 . 2015-10-01 23:10 -------- d-----w- c:\users\jemin\AppData\Local\SlimWare Utilities Inc
2015-10-01 17:15 . 2015-10-03 06:41 -------- d-----w- C:\FRST
2015-09-28 14:30 . 2015-09-28 14:30 -------- d-----w- c:\programdata\KONAMI
2015-09-27 17:56 . 2015-09-29 18:25 -------- d-----w- c:\programdata\Isolated Storage
2015-09-24 07:04 . 2015-09-13 21:50 574072 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2015-09-24 06:00 . 2015-09-24 06:00 -------- d-----w- c:\windows\SysWow64\RTCOM
2015-09-24 05:54 . 2015-09-24 05:54 144 ----a-w- c:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-09-24 05:38 . 2015-07-01 14:13 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4117EF70-BACD-4B92-9AEE-38EE80BBA508}\gapaengine.dll
2015-09-24 05:14 . 2015-10-04 11:12 -------- d-sh--w- c:\users\jemin\IntelGraphicsProfiles
2015-09-23 16:12 . 2015-09-23 16:12 -------- d-----w- c:\program files\Logitech
2015-09-23 16:12 . 2015-09-23 16:12 -------- d-----w- c:\program files\Common Files\Logitech
2015-09-23 16:08 . 2015-09-23 16:08 -------- d-----w- c:\programdata\SlimWare Utilities, Inc
2015-09-23 16:07 . 2015-09-23 16:07 -------- d-----w- c:\users\jemin\AppData\Local\Downloaded Installers
2015-09-23 16:07 . 2015-09-23 16:07 -------- d-----w- c:\program files (x86)\SlimDrivers
2015-09-21 14:09 . 2014-05-29 03:13 949763 ----a-w- c:\users\jemin\AppData\Roaming\Microsoft\Sensors\libiconv-2.dll
2015-09-21 14:09 . 2014-05-29 03:13 523635 ----a-w- c:\users\jemin\AppData\Roaming\Microsoft\Sensors\libcurl-4.dll
2015-09-21 14:09 . 2014-05-29 03:13 305490 ----a-w- c:\users\jemin\AppData\Roaming\Microsoft\Sensors\libwinpthread-1.dll
2015-09-21 14:09 . 2014-05-29 03:13 211196 ----a-w- c:\users\jemin\AppData\Roaming\Microsoft\Sensors\libidn-11.dll
2015-09-21 14:09 . 2014-05-29 03:13 116224 ----a-w- c:\users\jemin\AppData\Roaming\Microsoft\Sensors\zlib1.dll
2015-09-21 14:09 . 2014-05-29 03:13 114753 ----a-w- c:\users\jemin\AppData\Roaming\Microsoft\Sensors\libintl-8.dll
2015-09-14 10:26 . 2015-09-14 10:26 -------- d-----w- c:\program files (x86)\Common Files\Skype
2015-09-14 10:26 . 2015-09-14 10:26 -------- d-----r- c:\program files (x86)\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-04 06:08 . 2014-05-11 05:47 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-09-22 13:11 . 2015-04-16 10:58 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-09-22 13:11 . 2015-04-16 10:58 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-09-14 00:29 . 2015-08-13 16:27 15513208 ----a-w- c:\windows\system32\nvd3dumx.dll
2015-09-14 00:29 . 2015-07-30 19:40 14635600 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2015-09-14 00:29 . 2014-08-09 06:24 3530608 ----a-w- c:\windows\system32\nvapi64.dll
2015-09-14 00:29 . 2014-08-09 06:24 17082928 ----a-w- c:\windows\system32\nvwgf2umx.dll
2015-09-14 00:29 . 2014-08-09 06:24 12514824 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2015-09-14 00:29 . 2014-03-20 10:11 3116160 ----a-w- c:\windows\SysWow64\nvapi.dll
2015-09-13 22:09 . 2014-03-20 10:12 937776 ----a-w- c:\windows\system32\nvvsvc.exe
2015-09-13 22:09 . 2014-03-20 10:12 62584 ----a-w- c:\windows\system32\nvshext.dll
2015-09-13 22:09 . 2014-03-20 10:12 385144 ----a-w- c:\windows\system32\nvmctray.dll
2015-09-13 22:09 . 2014-03-20 10:12 2558584 ----a-w- c:\windows\system32\nvsvcr.dll
2015-09-13 22:09 . 2014-03-20 10:12 6884984 ----a-w- c:\windows\system32\nvcpl.dll
2015-09-13 22:09 . 2014-03-20 10:12 3496056 ----a-w- c:\windows\system32\nvsvc64.dll
2015-09-11 12:17 . 2014-03-20 10:12 5231082 ----a-w- c:\windows\system32\nvcoproc.bin
2015-08-27 00:37 . 2014-06-04 04:41 1316000 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-08-27 00:37 . 2014-05-30 08:32 1423120 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-08-27 00:36 . 2014-06-04 04:41 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-08-27 00:36 . 2014-05-30 08:32 1710568 ----a-w- c:\windows\system32\nvspcap64.dll
2015-08-25 18:46 . 2015-08-31 18:02 1898288 ----a-w- c:\windows\system32\nvdispco6435582.dll
2015-08-25 18:46 . 2015-08-31 18:02 1558648 ----a-w- c:\windows\system32\nvdispgenco6435582.dll
2015-08-11 04:52 . 2015-08-31 16:57 69416 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2015-08-11 04:52 . 2015-08-31 16:57 50472 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2015-08-11 04:52 . 2014-05-29 04:17 72504 ----a-w- c:\windows\system32\nvaudcap64v.dll
2015-08-07 11:06 . 2015-08-13 16:27 1898104 ----a-w- c:\windows\system32\nvdispco6435560.dll
2015-08-07 11:06 . 2015-08-13 16:27 1558832 ----a-w- c:\windows\system32\nvdispgenco6435560.dll
2015-07-23 04:06 . 2015-07-30 19:40 1898128 ----a-w- c:\windows\system32\nvdispco6435362.dll
2015-07-23 04:06 . 2015-07-30 19:40 1557648 ----a-w- c:\windows\system32\nvdispgenco6435362.dll
2015-07-15 03:19 . 2015-07-21 14:58 41984 ----a-w- c:\windows\system32\lpk.dll
2015-07-15 03:19 . 2015-07-21 14:58 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-07-15 03:19 . 2015-07-21 14:58 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-07-15 03:19 . 2015-07-21 14:58 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-07-15 02:55 . 2015-07-21 14:58 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-07-15 02:55 . 2015-07-21 14:58 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-07-15 02:55 . 2015-07-21 14:58 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-07-15 02:54 . 2015-07-21 14:58 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-07-15 01:59 . 2015-07-21 14:58 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-07-15 01:52 . 2015-07-21 14:58 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-07-09 17:59 . 2015-07-20 16:31 17856 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-07-09 17:58 . 2015-07-20 16:31 37888 ----a-w- c:\windows\system32\wups2.dll
2015-07-09 17:58 . 2015-07-20 16:31 36864 ----a-w- c:\windows\system32\wups.dll
2015-07-09 17:58 . 2015-07-20 16:31 192000 ----a-w- c:\windows\system32\wuwebv.dll
2015-07-09 17:58 . 2015-07-20 16:31 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-07-09 17:58 . 2015-07-20 16:31 696320 ----a-w- c:\windows\system32\wuapi.dll
2015-07-09 17:58 . 2015-07-20 16:31 3154944 ----a-w- c:\windows\system32\wucltux.dll
2015-07-09 17:58 . 2015-07-20 16:31 2603008 ----a-w- c:\windows\system32\wuaueng.dll
2015-07-09 17:58 . 2015-07-20 16:31 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-07-09 17:58 . 2015-07-20 16:31 91136 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-07-09 17:58 . 2015-07-20 16:31 765440 ----a-w- c:\windows\system32\invagent.dll
2015-07-09 17:58 . 2015-07-20 16:31 433664 ----a-w- c:\windows\system32\devinv.dll
2015-07-09 17:58 . 2015-07-20 16:31 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-07-09 17:58 . 2015-07-20 16:31 1085440 ----a-w- c:\windows\system32\appraiser.dll
2015-07-09 17:58 . 2015-07-20 16:31 67584 ----a-w- c:\windows\system32\acmigration.dll
2015-07-09 17:58 . 2015-07-20 16:31 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-07-09 17:58 . 2015-07-20 16:31 37376 ----a-w- c:\windows\system32\wuapp.exe
2015-07-09 17:58 . 2015-07-20 16:31 139776 ----a-w- c:\windows\system32\wuauclt.exe
2015-07-09 17:50 . 2015-07-20 16:31 1145856 ----a-w- c:\windows\system32\aeinv.dll
2015-07-09 17:43 . 2015-07-20 16:31 93184 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-07-09 17:43 . 2015-07-20 16:31 30208 ----a-w- c:\windows\SysWow64\wups.dll
2015-07-09 17:43 . 2015-07-20 16:31 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-07-09 17:43 . 2015-07-20 16:31 566784 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-07-09 17:42 . 2015-07-20 16:31 34816 ----a-w- c:\windows\SysWow64\wuapp.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Svátky a výročí"="c:\program files (x86)\OKsoftware\Svátky a výročí\Vyroci.exe" [2015-09-30 1061376]
"HP Deskjet 3520 series (NET)"="c:\program files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-08-07 53736048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
.
c:\users\jemin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Sledovat výstrahy inkoustu - HP Deskjet 3520 series (Síť).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 3520 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN42H2G0CM05SZ;CONNECTION=NW;MONITOR=1; [2009-7-14 45568]
Vesmír na dlani.lnk - c:\program files (x86)\Noční obloha\vesmir.exe [2003-11-29 98816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GamePark klient 2.lnk - c:\program files\GamePark2\gpcl.exe [2014-3-22 442880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl561a97af;MpKsl561a97af;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29CE705E-E86C-4B09-9E9E-6B47C8595B0B}\MpKsl561a97af.sys;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29CE705E-E86C-4B09-9E9E-6B47C8595B0B}\MpKsl561a97af.sys [x]
R1 UsbCharger;UsbCharger;c:\windows\system32\DRIVERS\UsbCharger.sys;c:\windows\SYSNATIVE\DRIVERS\UsbCharger.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 SlimService;SlimWare Utility Service Launcher;c:\program files\SlimService\SlimServiceFactory.exe;c:\program files\SlimService\SlimServiceFactory.exe [x]
R2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe;c:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys;c:\windows\SYSNATIVE\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys;c:\windows\SYSNATIVE\DRIVERS\NBVolUp.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 ABBYY.Licensing.FineReader.Home.10.0;ABBYY FineReader 10 HE Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\Home\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\Home\NetworkLicenseServer.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
S2 ssinstall;SInstalátor;c:\windows\SysWOW64\ssins.exe;c:\windows\SysWOW64\ssins.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-09-30 16:03 1039176 ----a-w- c:\program files (x86)\Google\Chrome\Application\45.0.2454.101\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-10-04 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\users\jemin\AppData\Roaming\HP Photo Creations\Communicator.exe [2011-06-16 16:02]
.
2015-10-04 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2015-08-19 13:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-07-29 07:23 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-07-29 07:23 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-07-29 07:23 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-08-07 36352]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-10-04 2717816]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-08-27 1710568]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2000-01-01 190536]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2000-01-01 13876952]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.seznam.cz/
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} - (no file)
AddRemove-QXNzYXNzaW5zQ3JlZWRVbml0eQ==_is1 - c:\program files (x86)\Assassin's Creed Unity\unins000.exe
AddRemove-ssinstall - c:\windows\system32\ssinstall-uninstall.bat
AddRemove-The Evil Within_is1 - d:\program files (x86)\The Evil Within\unins001.exe
AddRemove-V29sZmVuc3RlaW5UaGVOZXdPcmRlcg==_is1 - d:\program files (x86)\Wolfenstein The New Order\unins001.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_185_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_185_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2015-10-04 13:17:34
ComboFix-quarantined-files.txt 2015-10-04 11:17
ComboFix2.txt 2015-10-04 06:18
ComboFix3.txt 2015-10-01 17:07
ComboFix4.txt 2015-09-15 10:35
ComboFix5.txt 2015-10-04 11:00
.
Před spuštěním: Volných bajtů: 49 488 719 872
Po spuštění: Volných bajtů: 49 128 779 776
.
- - End Of File - - 88CD6689149A7471BC4FA32F6F5257E6
A36C5E4F47E84449FF07ED3517B43A31

Re: svchost.com ,se ukazuje a blokuje vše

Napsal: 04 říj 2015 13:13
od Rudy
Tak ještě jednou s tímto skriptem:
KillAll::

File::
C:\Windows\svchost.com

Reboot::

Re: svchost.com ,se ukazuje a blokuje vše

Napsal: 04 říj 2015 14:14
od ebola
je to tam pořád

ComboFix 15-10-01.01 - jemin 04.10.2015 15:04:40.7.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.8079.6053 [GMT 2:00]
Spuštěný z: c:\users\jemin\AppData\Local\Temp\3582-490\ComboFix.exe
Použité ovládací přepínače :: c:\users\jemin\Desktop\CFScript.txt..txt
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\svchost.com"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.com
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-09-04 do 2015-10-04 )))))))))))))))))))))))))))))))
.
.
2015-10-04 13:07 . 2015-10-04 13:07 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{817685ED-649D-4568-86C0-EDE8057FE9E8}\offreg.628.dll
2015-10-04 13:07 . 2015-10-04 13:08 41472 ----a-w- c:\windows\svchost.com
2015-10-04 13:07 . 2015-10-04 13:08 0 ----a-w- c:\windows\directx.sys
2015-10-04 13:06 . 2015-10-04 13:06 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-10-04 13:06 . 2015-10-04 13:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-10-03 17:39 . 2015-08-31 22:45 11062400 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{817685ED-649D-4568-86C0-EDE8057FE9E8}\mpengine.dll
2015-10-02 17:39 . 2015-10-02 17:39 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2015-10-02 16:48 . 2015-08-31 22:45 11062400 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-10-01 23:10 . 2015-10-04 13:07 16056 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2015-10-01 23:10 . 2015-10-01 23:10 -------- d-----w- c:\users\jemin\AppData\Local\SlimWare Utilities Inc
2015-10-01 17:15 . 2015-10-03 06:41 -------- d-----w- C:\FRST
2015-09-28 14:30 . 2015-09-28 14:30 -------- d-----w- c:\programdata\KONAMI
2015-09-27 17:56 . 2015-09-29 18:25 -------- d-----w- c:\programdata\Isolated Storage
2015-09-24 07:04 . 2015-09-13 21:50 574072 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2015-09-24 06:00 . 2015-09-24 06:00 -------- d-----w- c:\windows\SysWow64\RTCOM
2015-09-24 05:54 . 2015-09-24 05:54 144 ----a-w- c:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-09-24 05:38 . 2015-07-01 14:13 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4117EF70-BACD-4B92-9AEE-38EE80BBA508}\gapaengine.dll
2015-09-24 05:14 . 2015-10-04 13:08 -------- d-sh--w- c:\users\jemin\IntelGraphicsProfiles
2015-09-23 16:12 . 2015-09-23 16:12 -------- d-----w- c:\program files\Logitech
2015-09-23 16:12 . 2015-09-23 16:12 -------- d-----w- c:\program files\Common Files\Logitech
2015-09-23 16:08 . 2015-09-23 16:08 -------- d-----w- c:\programdata\SlimWare Utilities, Inc
2015-09-23 16:07 . 2015-09-23 16:07 -------- d-----w- c:\users\jemin\AppData\Local\Downloaded Installers
2015-09-23 16:07 . 2015-09-23 16:07 -------- d-----w- c:\program files (x86)\SlimDrivers
2015-09-21 14:09 . 2014-05-29 03:13 949763 ----a-w- c:\users\jemin\AppData\Roaming\Microsoft\Sensors\libiconv-2.dll
2015-09-21 14:09 . 2014-05-29 03:13 523635 ----a-w- c:\users\jemin\AppData\Roaming\Microsoft\Sensors\libcurl-4.dll
2015-09-21 14:09 . 2014-05-29 03:13 305490 ----a-w- c:\users\jemin\AppData\Roaming\Microsoft\Sensors\libwinpthread-1.dll
2015-09-21 14:09 . 2014-05-29 03:13 211196 ----a-w- c:\users\jemin\AppData\Roaming\Microsoft\Sensors\libidn-11.dll
2015-09-21 14:09 . 2014-05-29 03:13 116224 ----a-w- c:\users\jemin\AppData\Roaming\Microsoft\Sensors\zlib1.dll
2015-09-21 14:09 . 2014-05-29 03:13 114753 ----a-w- c:\users\jemin\AppData\Roaming\Microsoft\Sensors\libintl-8.dll
2015-09-14 10:26 . 2015-09-14 10:26 -------- d-----w- c:\program files (x86)\Common Files\Skype
2015-09-14 10:26 . 2015-09-14 10:26 -------- d-----r- c:\program files (x86)\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-04 06:08 . 2014-05-11 05:47 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-09-22 13:11 . 2015-04-16 10:58 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-09-22 13:11 . 2015-04-16 10:58 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-09-14 00:29 . 2015-08-13 16:27 15513208 ----a-w- c:\windows\system32\nvd3dumx.dll
2015-09-14 00:29 . 2015-07-30 19:40 14635600 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2015-09-14 00:29 . 2014-08-09 06:24 3530608 ----a-w- c:\windows\system32\nvapi64.dll
2015-09-14 00:29 . 2014-08-09 06:24 17082928 ----a-w- c:\windows\system32\nvwgf2umx.dll
2015-09-14 00:29 . 2014-08-09 06:24 12514824 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2015-09-14 00:29 . 2014-03-20 10:11 3116160 ----a-w- c:\windows\SysWow64\nvapi.dll
2015-09-13 22:09 . 2014-03-20 10:12 937776 ----a-w- c:\windows\system32\nvvsvc.exe
2015-09-13 22:09 . 2014-03-20 10:12 62584 ----a-w- c:\windows\system32\nvshext.dll
2015-09-13 22:09 . 2014-03-20 10:12 385144 ----a-w- c:\windows\system32\nvmctray.dll
2015-09-13 22:09 . 2014-03-20 10:12 2558584 ----a-w- c:\windows\system32\nvsvcr.dll
2015-09-13 22:09 . 2014-03-20 10:12 6884984 ----a-w- c:\windows\system32\nvcpl.dll
2015-09-13 22:09 . 2014-03-20 10:12 3496056 ----a-w- c:\windows\system32\nvsvc64.dll
2015-09-11 12:17 . 2014-03-20 10:12 5231082 ----a-w- c:\windows\system32\nvcoproc.bin
2015-08-27 00:37 . 2014-06-04 04:41 1316000 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-08-27 00:37 . 2014-05-30 08:32 1423120 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-08-27 00:36 . 2014-06-04 04:41 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-08-27 00:36 . 2014-05-30 08:32 1710568 ----a-w- c:\windows\system32\nvspcap64.dll
2015-08-25 18:46 . 2015-08-31 18:02 1898288 ----a-w- c:\windows\system32\nvdispco6435582.dll
2015-08-25 18:46 . 2015-08-31 18:02 1558648 ----a-w- c:\windows\system32\nvdispgenco6435582.dll
2015-08-11 04:52 . 2015-08-31 16:57 69416 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2015-08-11 04:52 . 2015-08-31 16:57 50472 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2015-08-11 04:52 . 2014-05-29 04:17 72504 ----a-w- c:\windows\system32\nvaudcap64v.dll
2015-08-07 11:06 . 2015-08-13 16:27 1898104 ----a-w- c:\windows\system32\nvdispco6435560.dll
2015-08-07 11:06 . 2015-08-13 16:27 1558832 ----a-w- c:\windows\system32\nvdispgenco6435560.dll
2015-07-23 04:06 . 2015-07-30 19:40 1898128 ----a-w- c:\windows\system32\nvdispco6435362.dll
2015-07-23 04:06 . 2015-07-30 19:40 1557648 ----a-w- c:\windows\system32\nvdispgenco6435362.dll
2015-07-15 03:19 . 2015-07-21 14:58 41984 ----a-w- c:\windows\system32\lpk.dll
2015-07-15 03:19 . 2015-07-21 14:58 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-07-15 03:19 . 2015-07-21 14:58 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-07-15 03:19 . 2015-07-21 14:58 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-07-15 02:55 . 2015-07-21 14:58 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-07-15 02:55 . 2015-07-21 14:58 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-07-15 02:55 . 2015-07-21 14:58 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-07-15 02:54 . 2015-07-21 14:58 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-07-15 01:59 . 2015-07-21 14:58 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-07-15 01:52 . 2015-07-21 14:58 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-07-09 17:59 . 2015-07-20 16:31 17856 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-07-09 17:58 . 2015-07-20 16:31 37888 ----a-w- c:\windows\system32\wups2.dll
2015-07-09 17:58 . 2015-07-20 16:31 36864 ----a-w- c:\windows\system32\wups.dll
2015-07-09 17:58 . 2015-07-20 16:31 192000 ----a-w- c:\windows\system32\wuwebv.dll
2015-07-09 17:58 . 2015-07-20 16:31 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-07-09 17:58 . 2015-07-20 16:31 696320 ----a-w- c:\windows\system32\wuapi.dll
2015-07-09 17:58 . 2015-07-20 16:31 3154944 ----a-w- c:\windows\system32\wucltux.dll
2015-07-09 17:58 . 2015-07-20 16:31 2603008 ----a-w- c:\windows\system32\wuaueng.dll
2015-07-09 17:58 . 2015-07-20 16:31 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-07-09 17:58 . 2015-07-20 16:31 91136 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-07-09 17:58 . 2015-07-20 16:31 765440 ----a-w- c:\windows\system32\invagent.dll
2015-07-09 17:58 . 2015-07-20 16:31 433664 ----a-w- c:\windows\system32\devinv.dll
2015-07-09 17:58 . 2015-07-20 16:31 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-07-09 17:58 . 2015-07-20 16:31 1085440 ----a-w- c:\windows\system32\appraiser.dll
2015-07-09 17:58 . 2015-07-20 16:31 67584 ----a-w- c:\windows\system32\acmigration.dll
2015-07-09 17:58 . 2015-07-20 16:31 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-07-09 17:58 . 2015-07-20 16:31 37376 ----a-w- c:\windows\system32\wuapp.exe
2015-07-09 17:58 . 2015-07-20 16:31 139776 ----a-w- c:\windows\system32\wuauclt.exe
2015-07-09 17:50 . 2015-07-20 16:31 1145856 ----a-w- c:\windows\system32\aeinv.dll
2015-07-09 17:43 . 2015-07-20 16:31 93184 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-07-09 17:43 . 2015-07-20 16:31 30208 ----a-w- c:\windows\SysWow64\wups.dll
2015-07-09 17:43 . 2015-07-20 16:31 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-07-09 17:43 . 2015-07-20 16:31 566784 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-07-09 17:42 . 2015-07-20 16:31 34816 ----a-w- c:\windows\SysWow64\wuapp.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Svátky a výročí"="c:\program files (x86)\OKsoftware\Svátky a výročí\Vyroci.exe" [2015-09-30 1061376]
"HP Deskjet 3520 series (NET)"="c:\program files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-08-07 53736048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
.
c:\users\jemin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Sledovat výstrahy inkoustu - HP Deskjet 3520 series (Síť).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 3520 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN42H2G0CM05SZ;CONNECTION=NW;MONITOR=1; [2009-7-14 45568]
Vesmír na dlani.lnk - c:\program files (x86)\Noční obloha\vesmir.exe [2003-11-29 98816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GamePark klient 2.lnk - c:\program files\GamePark2\gpcl.exe [2014-3-22 442880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl561a97af;MpKsl561a97af;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29CE705E-E86C-4B09-9E9E-6B47C8595B0B}\MpKsl561a97af.sys;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29CE705E-E86C-4B09-9E9E-6B47C8595B0B}\MpKsl561a97af.sys [x]
R1 UsbCharger;UsbCharger;c:\windows\system32\DRIVERS\UsbCharger.sys;c:\windows\SYSNATIVE\DRIVERS\UsbCharger.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 SlimService;SlimWare Utility Service Launcher;c:\program files\SlimService\SlimServiceFactory.exe;c:\program files\SlimService\SlimServiceFactory.exe [x]
R2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe;c:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys;c:\windows\SYSNATIVE\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys;c:\windows\SYSNATIVE\DRIVERS\NBVolUp.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 ABBYY.Licensing.FineReader.Home.10.0;ABBYY FineReader 10 HE Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\Home\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\Home\NetworkLicenseServer.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 ssinstall;SInstalátor;c:\windows\SysWOW64\ssins.exe;c:\windows\SysWOW64\ssins.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-09-30 16:03 1039176 ----a-w- c:\program files (x86)\Google\Chrome\Application\45.0.2454.101\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-10-04 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\users\jemin\AppData\Roaming\HP Photo Creations\Communicator.exe [2011-06-16 16:02]
.
2015-10-04 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2015-08-19 13:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-07-29 07:23 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-07-29 07:23 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-07-29 07:23 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-08-07 36352]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-10-04 2717816]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-08-27 1710568]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2000-01-01 190536]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2000-01-01 13876952]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.seznam.cz/
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} - (no file)
AddRemove-QXNzYXNzaW5zQ3JlZWRVbml0eQ==_is1 - c:\program files (x86)\Assassin's Creed Unity\unins000.exe
AddRemove-ssinstall - c:\windows\system32\ssinstall-uninstall.bat
AddRemove-The Evil Within_is1 - d:\program files (x86)\The Evil Within\unins001.exe
AddRemove-V29sZmVuc3RlaW5UaGVOZXdPcmRlcg==_is1 - d:\program files (x86)\Wolfenstein The New Order\unins001.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_185_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_185_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\TEMP\3582-490\MBAMSC~1.EXE
c:\fraps\fraps.exe
c:\users\jemin\AppData\Local\Temp\3582-490\fraps.exe
c:\windows\TEMP\3582-490\MBAMSE~1.EXE
c:\windows\TEMP\3582-490\SS_CON~1.EXE
.
**************************************************************************
.
Celkový čas: 2015-10-04 15:09:04 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-10-04 13:09
ComboFix2.txt 2015-10-04 11:17
ComboFix3.txt 2015-10-04 06:18
ComboFix4.txt 2015-10-01 17:07
ComboFix5.txt 2015-10-04 13:04
.
Před spuštěním: Volných bajtů: 49 193 635 840
Po spuštění: Volných bajtů: 49 087 950 848
.
- - End Of File - - 207ADDAF7F39D4E4C9ED71F5CF4BFF0E
A36C5E4F47E84449FF07ED3517B43A31

Re: svchost.com ,se ukazuje a blokuje vše

Napsal: 04 říj 2015 18:14
od Rudy
Tak jsem nikde nenašel žádnou pozitivní informaci, je tento troják zničit. Vidím to tak, že spustíte tento skener: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 . Na konci skenu buedete informován, co s tím virem udělal. Pokud to nezmůže ani ten, budete muset PC nastartovat z cizího zdroje (třeba HBCD: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179) a přes MiniXP (ořezaná verze WinXP) to ručně odmáznout z disku. Anebo renistal s format C:\.

Re: svchost.com ,se ukazuje a blokuje vše

Napsal: 05 říj 2015 14:56
od ebola
zdravim,tak to zabralo.vypadá,že je to pryč.akorát vše co chci pustit, musím pouštět jako správce, jinak se to nespustí.díky moc za váš čas a pomoc. :thumbsup:

Re: svchost.com ,se ukazuje a blokuje vše

Napsal: 05 říj 2015 18:34
od Rudy
Já jsem rád, že jsme ten úporný šmejd dostali pryč. Ty aplikace asi budete muset přeinstalovat, pokud budete chtít, aby se spouštěly normálně. Rádo se stalo! :)

Re: svchost.com ,se ukazuje a blokuje vše

Napsal: 05 říj 2015 19:47
od ebola
od čtvrtka do nedělě,držel neřád :) zítra pošlu něco na podporu fóra.ještě jednou díky :closed:
Všechny časy jsou v UTC+01:00
Stránka 2 z 3

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz