VIRY.CZ

Dobré ráno, posílám log. Ten TeamViever byl před spuštěním ComboFixu vypnut, ale po restartu je nastaven na automat.zapnutí....

ComboFix 14-07-22.01 - Dios 24.07.2014 6:30.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4030.2079 [GMT 2:00]
Spuštěný z: c:\users\Dios\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Dios\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Internet Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Internet Security *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\eek\Run\cleanhlp64.sys"
.
ADS - windows: deleted 192 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\eek\Run\cleanhlp64.sys
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_CLEANHLP
-------\Service_cleanhlp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-06-24 do 2014-07-24 )))))))))))))))))))))))))))))))
.
.
2014-07-24 04:48 . 2014-07-24 04:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-23 05:51 . 2014-07-23 05:51 -------- d-----w- c:\program files\Defraggler
2014-07-22 07:33 . 2014-07-22 14:15 -------- d-----w- c:\program files\trend micro
2014-07-19 09:27 . 2014-07-19 09:28 -------- d-----w- C:\EEK
2014-07-17 15:41 . 2014-07-17 15:41 -------- d-----w- c:\program files (x86)\Bethesda Softworks
2014-07-17 06:12 . 2012-09-18 12:28 29704 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2014-07-17 06:12 . 2012-09-18 12:28 17928 ----a-w- c:\windows\system32\nitrolocalui2.dll
2014-07-17 06:12 . 2014-07-17 06:12 -------- d-----w- c:\program files\Common Files\Nitro
2014-07-17 06:12 . 2014-07-17 06:12 -------- d-----w- c:\program files (x86)\Nitro
2014-07-17 06:12 . 2014-07-17 06:12 -------- d-----w- c:\program files (x86)\Common Files\Nitro
2014-07-14 08:11 . 2008-08-08 09:09 55808 ----a-w- c:\windows\system32\Spool\prtprocs\x64\zimfprnt.dll
2014-07-14 08:11 . 2008-08-08 09:11 413696 ----a-w- c:\windows\system32\ZSM1120.exe
2014-07-14 08:11 . 2008-08-08 09:09 52224 ----a-w- c:\windows\system32\ZTAG.dll
2014-07-14 08:11 . 2008-08-08 09:09 127488 ----a-w- c:\windows\system32\ZSPOOL.dll
2014-07-14 08:11 . 2008-08-08 09:18 114688 ----a-w- c:\windows\system32\HPMCoSetup.dll
2014-07-14 08:11 . 2008-08-08 09:09 61952 ----a-w- c:\windows\system32\ZIMF.DLL
2014-07-14 08:11 . 2008-08-08 09:06 152576 ----a-w- c:\windows\system32\ZLM1120.dll
2014-07-09 08:33 . 2014-07-09 08:34 -------- d-----w- c:\users\Dios\AppData\Roaming\Mobipocket
2014-07-09 08:33 . 2014-07-09 08:33 -------- d-----w- c:\program files (x86)\Mobipocket.com
2014-07-09 05:05 . 2014-06-03 10:02 1719296 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2014-07-09 05:05 . 2014-06-03 10:02 1389568 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2014-07-09 05:05 . 2014-06-03 10:02 1380864 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2014-07-09 05:05 . 2014-06-03 10:02 1354240 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 05:05 . 2014-06-03 09:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 05:05 . 2014-06-30 02:09 519168 ----a-w- c:\windows\system32\aepdu.dll
2014-07-09 05:05 . 2014-06-30 02:04 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-07-09 05:03 . 2014-06-19 00:53 48640 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll
2014-07-09 05:01 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-07-09 05:01 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-07-09 05:01 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-07-08 04:40 . 2014-07-19 07:06 -------- d-----w- c:\windows\system32\drivers\NISx64\1504000.00D
2014-06-30 07:20 . 2014-06-30 07:20 -------- d-----w- c:\program files (x86)\Richter + Frenzel
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-09 09:28 . 2011-11-14 07:50 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-07-09 07:39 . 2012-04-21 04:58 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-09 07:39 . 2011-11-08 13:36 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-02 03:09 . 2014-07-23 04:56 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7638F81-5CE0-409F-B32F-DB7B79076ACD}\mpengine.dll
2014-06-23 09:51 . 2014-06-23 09:51 7680 ----a-w- c:\windows\system32\Ry4CoInst.dll
2014-06-23 09:51 . 2014-06-23 09:51 36904 ----a-w- c:\windows\system32\drivers\Rockey4.sys
2014-06-23 09:51 . 2014-06-23 09:51 23592 ----a-w- c:\windows\system32\drivers\Rockey4USB.sys
2014-06-13 06:47 . 2014-06-13 06:47 1175552 ----a-w- c:\windows\SysWow64\TTF16.ocx
2014-06-13 06:45 . 2014-06-13 06:45 1238288 ----a-w- c:\windows\SysWow64\msjt4jlt.dll
2014-06-13 06:07 . 2014-06-13 06:07 1893792 ----a-w- c:\windows\SysWow64\fpSpru70.ocx
2014-06-12 08:22 . 2014-06-12 08:05 65536 ----a-r- c:\users\Dios\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
2014-06-11 08:38 . 2012-06-21 13:20 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2014-06-06 05:25 . 2014-06-06 05:25 507904 ----a-w- c:\windows\SysWow64\Cfx4032.dll
2014-06-06 05:21 . 2014-06-06 05:21 111072 ----a-w- c:\windows\SysWow64\xadb7.ocx
2014-06-05 09:21 . 2014-06-05 09:21 1418632 ----a-w- c:\windows\SysWow64\FPSPR70.ocx
2014-06-05 09:21 . 2014-06-05 09:21 1355776 ----a-w- c:\windows\SysWow64\msvbvm50.dll
2014-06-05 09:21 . 2014-06-05 09:21 3083776 ----a-w- c:\windows\SysWow64\FarPoint.Spread8U.Excel2007.dll
2014-06-05 09:21 . 2014-06-05 09:21 3083776 ----a-w- c:\windows\SysWow64\FarPoint.Spread8.Excel2007.dll
2014-06-05 09:21 . 2013-12-04 06:40 4194304 ----a-w- c:\windows\SysWow64\cdintf400.dll
2014-06-05 09:17 . 2014-06-05 09:17 238072 ----a-w- c:\windows\SysWow64\todgub7.dll
2014-06-05 09:17 . 2014-06-05 09:17 250128 ----a-w- c:\windows\SysWow64\mspdox35.dll
2014-06-05 09:16 . 2014-06-05 09:16 433528 ----a-w- c:\windows\SysWow64\dXEditrs.dll
2014-06-05 09:16 . 2014-06-05 09:16 554928 ----a-w- c:\windows\SysWow64\Codejock.TaskPanel.v11.2.0.ocx
2014-06-05 09:16 . 2014-06-05 09:16 1709056 ----a-r- c:\windows\SysWow64\XlsImportLib.dll
2014-06-05 09:16 . 2014-06-05 09:16 3858432 ----a-w- c:\windows\SysWow64\FoxitReader_AX.ocx
2014-06-05 09:15 . 2014-06-05 09:15 1279920 ----a-w- c:\windows\SysWow64\Codejock.Controls.v11.2.0.ocx
2014-06-05 09:14 . 2014-06-05 09:14 559104 ----a-w- c:\windows\SysWow64\dXQWzrd.dll
2014-06-05 09:11 . 2014-06-05 09:11 2225624 ----a-w- c:\windows\SysWow64\FPSPRU80.ocx
2014-06-05 08:20 . 2014-06-05 08:20 1734576 ----a-w- c:\windows\SysWow64\Codejock.CommandBars.v11.2.0.ocx
2014-06-05 08:20 . 2014-06-05 08:20 599800 ----a-w- c:\windows\SysWow64\cfx4032.ocx
2014-06-05 08:16 . 2014-06-05 08:16 205848 ----a-w- c:\windows\SysWow64\threed32.ocx
2014-06-05 08:16 . 2014-06-05 08:16 203976 ----a-w- c:\windows\SysWow64\richtx32.ocx
2014-06-05 08:15 . 2014-06-05 08:15 1803760 ----a-w- c:\windows\SysWow64\IANGEL32.DLL
2014-06-05 08:15 . 2014-06-05 08:15 784304 ----a-w- c:\windows\SysWow64\Codejock.DockingPane.v11.2.0.ocx
2014-06-05 08:15 . 2014-06-05 08:15 1843200 ----a-w- c:\windows\SysWow64\ExG2antt.dll
2014-06-05 08:14 . 2014-06-05 08:14 137216 ----a-w- c:\windows\SysWow64\dXGridEditor.dll
2014-06-05 08:14 . 2014-06-05 08:14 132880 ----a-w- c:\windows\SysWow64\sfxbar.dll
2014-06-05 08:14 . 2014-06-05 08:14 138752 ----a-w- c:\windows\SysWow64\dXPSystm.dll
2014-06-05 08:11 . 2014-06-05 08:11 192512 ----a-w- c:\windows\SysWow64\ExPrint.dll
2014-06-05 08:11 . 2014-06-05 08:11 808880 ----a-w- c:\windows\SysWow64\Codejock.DockingPane.v13.2.1.ocx
2014-06-05 08:10 . 2014-06-05 08:10 61440 ----a-r- c:\windows\SysWow64\psllbl.ocx
2014-06-05 08:10 . 2014-06-05 08:10 618496 ----a-w- c:\windows\SysWow64\dXQGridEdit.dll
2014-06-05 08:10 . 2014-06-05 08:10 294912 ----a-w- c:\windows\SysWow64\msxbse35.dll
2014-06-05 08:05 . 2014-06-05 08:05 73728 ----a-r- c:\windows\SysWow64\ASPE.dll
2014-06-05 08:05 . 2014-06-05 08:05 66048 ----a-w- c:\windows\SysWow64\cfx4data.dll
2014-06-05 08:05 . 2014-06-05 08:05 81920 ----a-w- c:\windows\SysWow64\DLGOBJS.DLL
2014-06-05 08:03 . 2014-06-05 08:03 983040 ----a-w- c:\windows\SysWow64\todg7.ocx
2014-06-05 08:03 . 2014-06-05 08:03 766025 ----a-w- c:\windows\SysWow64\fpimage.dll
2014-06-05 08:03 . 2014-06-05 08:03 1660352 ----a-w- c:\windows\SysWow64\fpSPR80.OCX
2014-06-05 08:03 . 2014-06-05 08:03 167936 ----a-w- c:\windows\SysWow64\dXSBar.dll
2014-06-05 08:03 . 2014-06-05 08:03 166672 ----a-w- c:\windows\SysWow64\mstext35.dll
2014-06-05 08:03 . 2014-06-05 08:03 168720 ----a-w- c:\windows\SysWow64\msltus35.dll
2014-06-05 08:02 . 2014-06-05 08:02 988160 ----a-w- c:\windows\SysWow64\VCF15.ocx
2014-06-05 08:01 . 2014-06-05 08:01 415504 ----a-w- c:\windows\SysWow64\msrepl35.dll
2014-06-05 08:01 . 2014-06-05 08:01 416528 ----a-w- c:\windows\SysWow64\COMCT332.OCX
2014-06-05 08:00 . 2014-06-05 08:00 44304 ----a-w- c:\windows\SysWow64\msrpfs35.dll
2014-06-05 08:00 . 2014-06-05 08:00 41472 ----a-w- c:\windows\SysWow64\RYDLL32.DLL
2014-06-05 08:00 . 2014-06-05 08:00 39424 ----a-w- c:\windows\SysWow64\JETCOMP.exe
2014-06-05 08:00 . 2014-06-05 08:00 5632 ----a-w- c:\windows\SysWow64\ANGELVDD.DLL
2014-06-05 08:00 . 2014-06-05 08:00 24576 ----a-r- c:\windows\SysWow64\AST.dll
2014-06-05 08:00 . 2014-06-05 08:00 24848 ----a-w- c:\windows\SysWow64\msjter35.dll
2014-06-05 08:00 . 2014-06-05 08:00 26112 ----a-w- c:\windows\SysWow64\angel32.dll
2014-06-05 08:00 . 2014-06-05 08:00 29696 ----a-w- c:\windows\SysWow64\VB5StKit.dll
2014-06-05 07:59 . 2014-06-05 07:59 424448 ----a-w- c:\windows\SysWow64\dXTList.dll
2014-06-05 07:59 . 2014-06-05 07:59 283120 ----a-w- c:\windows\SysWow64\tdbgpp7.dll
2014-06-05 07:57 . 2014-06-05 07:57 252688 ----a-w- c:\windows\SysWow64\msexcl35.dll
2014-06-05 07:57 . 2014-06-05 07:57 262144 ----a-w- c:\windows\SysWow64\msrd2x35.dll
2014-06-05 07:57 . 2014-06-05 07:57 665600 ----a-w- c:\windows\SysWow64\dXDBGrid.dll
2014-06-05 07:52 . 2014-06-05 07:52 143360 ----a-w- c:\windows\SysWow64\xceedzip.ocx
2014-06-05 07:52 . 2014-06-05 07:52 139264 ----a-w- c:\windows\SysWow64\msjint35.dll
2014-06-05 07:52 . 2014-06-05 07:52 344064 ----a-w- c:\windows\SysWow64\msexch35.dll
2014-06-05 07:46 . 2014-06-05 07:46 505776 ----a-w- c:\windows\SysWow64\Codejock.SkinFramework.v11.2.0.ocx
2014-06-05 07:46 . 2014-06-05 07:46 497488 ----a-w- c:\windows\SysWow64\XceedZip.dll
2014-05-30 07:52 . 2014-07-09 05:06 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2014-05-08 09:32 . 2014-06-11 04:48 3178496 ----a-w- c:\windows\system32\rdpcorets.dll
2014-05-08 09:32 . 2014-06-11 04:48 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
"AppleIEDAV"="c:\program files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe" [2013-11-15 1326408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-01-28 299576]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2011-02-07 12274688]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-26 283160]
"DTRun"="c:\program files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe" [2010-11-24 517456]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-04-05 94264]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-02-11 76344]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"Nástroj WD Drive Unlocker"="c:\program files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe" [2012-09-06 1688008]
"WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2014-06-02 5563760]
.
c:\users\Dios\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Kooperativa - PDF Server.lnk - c:\program files\Kooperativa\KoopPxBN\KoopPDFServerSA.exe [2012-10-10 10623488]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
Údržba databáze BUILDpower.lnk - c:\rts\BUILDpower\BPStartUp.exe /L [2014-6-20 847872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2011-02-03 22:09 75360 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
R2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe;c:\program files (x86)\Xobni\XobniService.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys;c:\windows\SYSNATIVE\DRIVERS\DAMDrv64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe;c:\windows\SysWOW64\flcdlock.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 GemCCID;GemCCID;c:\windows\system32\DRIVERS\GemCCID.sys;c:\windows\SYSNATIVE\DRIVERS\GemCCID.sys [x]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 WSDScan;Podpora skenování WSD přes UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
S0 MfeEpePc;MfeEpePc; [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1504000.00D\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1504000.00D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1504000.00D\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1504000.00D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20140718.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20140718.001\BHDrvx64.sys [x]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1504000.00D\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1504000.00D\ccSetx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20140722.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20140722.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1504000.00D\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1504000.00D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1504000.00D\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1504000.00D\SYMNETS.SYS [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\bin\fbguard.exe;c:\program files (x86)\Firebird\bin\fbguard.exe [x]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [x]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [x]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe [x]
S2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
S2 xmengine service;CryptoPlus XME Engine Service;c:\windows\SysWOW64\xmesrv.exe;c:\windows\SysWOW64\xmesrv.exe [x]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftVCapture.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\bin\fbserver.exe;c:\program files (x86)\Firebird\bin\fbserver.exe [x]
S3 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys;c:\windows\SYSNATIVE\DRIVERS\teamviewervpn.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-01-27 13880]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-01-07 615584]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-01-07 379040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-31 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-31 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-31 418840]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-27 835072]
"MfeEpePcMonitor"="c:\program files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe" [2011-02-09 200704]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: business24.cz\www
Trusted Zone: ppe.cz\www
Trusted Zone: servis24.cz\www
TCP: DhcpNameServer = 217.196.124.1 217.196.124.14
TCP: Interfaces\{010225A0-1DFD-CB3D-7CBF-F81DEAD6A5B5}: NameServer = 62.141.0.1 213.162.65.1
TCP: Interfaces\{010225A2-1DFD-CB3D-7CBF-F81DEAD6A5B5}: NameServer = 93.153.117.1 93.153.117.33
TCP: Interfaces\{44DA3733-12EA-4092-AB15-CB3B918A7993}: NameServer = 192.168.100.1,8.8.8.8
FF - ProfilePath - c:\users\Dios\AppData\Roaming\Mozilla\Firefox\Profiles\g9codzi1.default-1359006030913\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: !HIDDEN! 2012-01-26 19:35; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.4.0.13\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
"ImagePath"="\SystemRoot\System32\Drivers\NISx64\1504000.00D\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.4.0.13;c:\program files (x86)\Norton Internet Security\Engine64\21.4.0.13"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\TeamViewer\Version9\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version9\tv_w32.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2014-07-24 07:07:53 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-07-24 05:07
ComboFix2.txt 2014-07-23 14:03
.
Před spuštěním: Volných bajtů: 429 095 907 328
Po spuštění: Volných bajtů: 428 791 840 768
.
- - End Of File - - 9F3B6F292B9D45E5B6B81E785D0286D3

Spikl píše:Ten TeamViever byl před spuštěním ComboFixu vypnut, ale po restartu je nastaven na automat.zapnutí....

A schvalne, nebo ho mam odpalit?

Dobré ránko, je tak nastaven schválně.

Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

Prejmenujte ComboFix na Uninstall a spustte ho. CF by se mel odinstalovat.

vyosek píše: T-Cleaner http://tharifas.sweb.cz/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry mohou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

Kliknete na START -> Spustit -> napiste msconfig -> OK
V okne najdete zalozku Po spuštění a povypinejte vse, co nepotrebujete aby se spoustelo hned pri startu pc. Tedy to, co si muzete spustit rucne az v pripade potreby.



Nastala nejaka zmena?

Dobré poledne,

jediná větší změna je, že po restartu mi NIS vypíná ochranu prohlížeče, která nejde nastavit
Jiank načítání po restartu trvá stejně dlouho jako před tím. RAM jede na 50%.
Mám u NIS provést reinstall, aby se ochrana chytla na 100% a má být DEFENDER vypnut permanentně?

NISu jsme nic nemazali Preinstalaci se nic nezkazi, nevim, co by mu mohlo vadit, ze nejde nastavit.

Podivejte se do spravce uloh, ktery proces zere nejvic pameti.

Zkuste, jak dlouho trva start do nouzoveho rezimu

Defender by mel byt vypnuty, je zbytecny, kdyz tam jede NIS. Akorat by se prali.

Tak NIS se po vypnutí a zapnutí dal do pohody a funguje jak má.

Paměť nejvíc žere Firefox- 240.500 kB, následuje HP Connection manager-42.350 kB a NIS-41.700 kB.

Start vyzkouším a dám vědět. Jinak se po čištění NTB neskutečně zrychlil .

Porzatím velký dík a letí podpora

Tak naběhnutí v nouzovém režimu (bez sítě) netrvá ani minutu.

Cili to vypada, ze to dela nejaky legitimni soft, protoze havet tam neni. Ovsem ktery, tezko rict.


Zkuste http://www.stahuj.centrum.cz/utility_a_ ... mu/soluto/


Neni za co! Za podporu samozrejme dekujem

Dobrý podvečer,

teď NIS dokončil prověřování a našel- Trojan.Gen - T-cleaner.exe.

Je to v pořádku, nebo budem muset vše absolvovat znovu?

T-Cleaner je mnou pouzity program. Je to falesna detekce antiviru. Pise se to i v navodu, ze ho nektere AV oznacuji jako havet, ale neni to tak, pouzivame ho porad


Co ten start, prisel jste na to, ktery program to dela? Muzem tema uzavrit?

OK, díky za odpověď.
Start budu sledovat a zkoušet vypínat a zapínat spouštěné programy.

Jěště jednou velké díky

The end

Ten program Soluto, na ktery jsem vam dal odkaz, to pry sleduje, ktery program zabira jaky cas. Ale osobne ho nemam vyzkouseny, takze nemuzu posoudit, jestli jsou jeho udaje pravdive.


Neni vubec zac!

Mejte se a treba zase nekdy