Re: Hohosearch a MPCprotectService
Napsal: 10 čer 2016 17:05
Je to ono? Vyzkoušet nouzový režim - restartovat se zakázanými doplňky (dle návodu Reset Firefox to its default states)?
VIRY.CZ
Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/
Hohosearch a MPCprotectService
Stránka 4 z 4
Re: Hohosearch a MPCprotectService
Napsal: 10 čer 2016 18:27
Step 3 reset mozilla firefox browser
Re: Hohosearch a MPCprotectService
Napsal: 11 čer 2016 11:45
Dobrý den, já to restartoval, měl jsem kompletně nově prohlížeč Mozilla, tzn. bez hesel, bez záložek atd., a nyní jsem zapl počítač a mám zase tu starou verzi se starými záložkami a podobně. A i tam na tom ten idnes trošku blbnul s tím přesměrováním.. 
Re: Hohosearch a MPCprotectService
Napsal: 11 čer 2016 15:53
Skus este RK http://forum.viry.cz/viewtopic.php?f=24&t=120452
Re: Hohosearch a MPCprotectService
Napsal: 12 čer 2016 19:39
Dobrý den.. Ty odkazy nejdou, tak jsem je stáhl jide a rovněž ne. Zasekne se to. Mně v podstatě nejde o nic jiného, než abych nebyl přesměrováván na hovadiny z toho idnesu, a dalších stránek (to už je ale v menší míře). Nějaký hohosearch mi je ukradený. A ještě se zeptám. Když si resetuji Mozillu a znova si tam dám záložky a hesla, tak jak si to tam uchovám i po dalším přihlášení???
Re: Hohosearch a MPCprotectService
Napsal: 13 čer 2016 06:31
spus ComboFix http://forum.viry.cz/viewtopic.php?f=13 ... x#p1450667
Re: Hohosearch a MPCprotectService
Napsal: 13 čer 2016 12:56
Hezký den, zde log:
ComboFix 16-06-01.01 - Mirek 13.06.2016 12:59:06.9.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1038 [GMT 2:00]
Spuštěný z: c:\documents and settings\Mirek\Plocha\ComboFix.exe
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Mirek\Cookies\explibss.dll
c:\documents and settings\Mirek\Dokumenty\~WRL0002.tmp
c:\documents and settings\Mirek\Dokumenty\~WRL0004.tmp
c:\documents and settings\Mirek\Dokumenty\~WRL0764.tmp
c:\documents and settings\Mirek\Dokumenty\~WRL1050.tmp
c:\documents and settings\Mirek\Dokumenty\~WRL2963.tmp
c:\windows\msmqinst.log
c:\windows\unin0405.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-05-13 do 2016-06-13 )))))))))))))))))))))))))))))))
.
.
2016-06-12 13:49 . 2016-06-12 13:49 -------- d-----w- C:\Spidla
2016-06-10 13:47 . 2016-06-10 13:48 -------- dc-h--w- c:\windows\ie8
2016-06-09 12:29 . 2016-06-09 12:29 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2016-06-09 11:08 . 2013-10-25 11:14 78336 ----a-w- c:\windows\system32\ieencode.dll
2016-06-09 11:08 . 2013-10-25 11:14 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2016-06-09 10:40 . 2014-02-05 23:08 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2016-06-09 10:40 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2016-06-09 10:40 . 2014-02-05 23:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2016-06-09 10:40 . 2014-02-05 23:08 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2016-06-09 10:40 . 2014-02-05 23:08 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2016-06-07 12:38 . 2016-06-07 12:38 -------- d-----w- c:\documents and settings\Mirek\Local Settings\Data aplikací\WMTools Downloaded Files
2016-06-05 18:18 . 2016-06-05 18:18 -------- d-----w- c:\documents and settings\Mirek\Data aplikací\The_House_of_Fables
2016-06-05 18:14 . 2016-06-05 18:17 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AlawarWrapper
2016-06-03 11:11 . 2016-06-03 11:11 -------- d-----w- c:\documents and settings\Mirek\Data aplikací\WinZiper
2016-06-03 11:11 . 2016-06-03 11:11 -------- d-----w- c:\documents and settings\Mirek\Data aplikací\TSv
2016-05-31 15:51 . 2016-05-31 15:51 -------- d-----w- c:\documents and settings\Mirek\Local Settings\Data aplikací\GetGo
2016-05-31 15:50 . 2016-05-31 15:50 -------- d-----w- c:\documents and settings\Mirek\Data aplikací\GetGo Software
2016-05-31 15:50 . 2016-05-31 15:50 -------- d-----w- c:\documents and settings\Mirek\Local Settings\Data aplikací\Profiles
2016-05-31 15:50 . 2016-05-31 15:49 53992 ------w- c:\windows\system32\drivers\MPCKpt.sys
2016-05-31 15:50 . 2016-05-31 15:49 29032 ------w- c:\windows\system32\drivers\MPCBase.sys
2016-05-31 15:26 . 2016-05-31 15:27 -------- d-----w- c:\documents and settings\Mirek\Data aplikací\Profiles
2016-05-31 15:17 . 2000-01-04 04:39 212992 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
2016-05-31 14:45 . 2016-05-31 14:45 -------- d-----w- C:\Data
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-05-12 18:04 . 2012-05-25 21:17 797376 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-05-12 18:04 . 2012-05-25 21:17 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-04-11 18:44 . 2016-04-11 18:44 19984 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2016-04-09 10:41 . 2016-04-09 10:41 848437 ----a-w- c:\documents and settings\Mirek\Data aplikací\DamSantip.bin
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-07-30 08:09 . A825F4181AEC077D8DCA1053DC015265 . 1542656 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2008-07-30 . 12A799AD9415AE9C8ABCC5F75E9CF034 . 557056 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2010-08-23 . E145ADD7DAEF759C4F5FB80A180A9C30 . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\91c0d00449fe57ed4a4c0c930c390f2f\SP3QFE\comctl32.dll
[-] 2010-08-23 . 8A72A30FDC803DC06755D3B36D966F31 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\91c0d00449fe57ed4a4c0c930c390f2f\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2010-08-23 . 8A72A30FDC803DC06755D3B36D966F31 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\91c0d00449fe57ed4a4c0c930c390f2f\SP3QFE\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2008-07-30 . 97BF1C54DAF9FF61E897846DC7329CEF . 647680 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2008-04-14 . D7B7AE36A2EBA312AC4B53862019B3F5 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2001-10-25 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
.
[-] 2008-07-30 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
.
[-] 2008-07-30 . DD7E25E20AEBD672DAE7E1D911C2D824 . 1589760 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
[-] 2008-04-14 . C2DCB09A1EA98F248DD9A5DE195B3DF3 . 277504 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2008-07-30 . 94927BB89A6825C4A5952A2BF78F027B . 40960 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[-] 2008-08-01 . 4904E891E6C814DE9225400C8DAD494D . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\documents and settings\Mirek\Data aplikací\uTorrent\uTorrent.exe" [2016-05-14 2133504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-06-21 15677728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-09-13 17:51 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-03-24 02:00 1983816 -c--a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-03-18 01:40 767312 -c--a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-07-30 08:10 40960 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate]
2013-05-16 13:25 1062472 ----a-w- c:\documents and settings\Mirek\Data aplikací\Seznam.cz\szninstall.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2013-06-21 09:54 15677728 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2013-06-21 09:54 223008 -c--a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-10-02 12:23 421888 ----a-w- c:\program files\QT Lite\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-03-17 14:52 19520544 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce]
2013-05-16 13:25 1062472 ----a-w- c:\program files\Seznam.cz\distribution\szninstall.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2016-05-14 12:30 2133504 ----a-w- c:\documents and settings\Mirek\Data aplikací\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AppfocserT"=2 (0x2)
"MPCProtectService"=2 (0x2)
"MSDTC"=3 (0x3)
"GeekBuddyRSP"=2 (0x2)
"CLPSLauncher"=2 (0x2)
"AteredomkefispCchservice"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Documents and Settings\\Mirek\\Data aplikací\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 MPCBase;MPCBase;c:\windows\system32\drivers\MPCBase.sys [31.5.2016 17:50 29032]
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [7.5.2013 9:00 36112]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [18.6.2013 17:16 18528]
R1 cmdGuard;COMODO Internet Security Driver;c:\windows\system32\drivers\cmdGuard.sys [8.7.2013 22:59 587352]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [18.6.2013 17:16 32816]
R1 HMD;COMODO livePCsupport Hardware Monitor Driver;c:\windows\system32\drivers\hmd.sys [7.10.2013 7:17 14272]
R1 MPCKpt;MPCKpt;c:\windows\system32\drivers\MPCKpt.sys [31.5.2016 17:50 53992]
S2 DCHP;DCHP;c:\documents and settings\All Users\Data aplikací\\DCHP\\DCHP.exe -f "c:\documents and settings\All Users\Data aplikací\\DCHP\\DCHP.dat" -l -a --> c:\documents and settings\All Users\Data aplikací\\DCHP\\DCHP.exe -f c:\documents and settings\All Users\Data aplikací\\DCHP\\DCHP.dat [?]
S2 MPCProtectService;MPC Core Protect Service;"c:\program files\MPC Cleaner\MPCProtectService.exe" --> c:\program files\MPC Cleaner\MPCProtectService.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9.4.2010 23:13 1691480]
S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [11.4.2016 20:44 19984]
S3 ZD1211BU(TP-LINK);TL-WN322G/WN322G+ Wireless USB Adapter Driver(TP-LINK);c:\windows\system32\drivers\ZD1211BU.sys [9.4.2010 22:40 500736]
S4 AppfocserT;AppfocserT;c:\documents and settings\All Users\Data aplikací\\AppfocserT\\AppfocserT.exe -f "c:\documents and settings\All Users\Data aplikací\\AppfocserT\\AppfocserT.dat" -l -a --> c:\documents and settings\All Users\Data aplikací\\AppfocserT\\AppfocserT.exe -f c:\documents and settings\All Users\Data aplikací\\AppfocserT\\AppfocserT.dat [?]
S4 AteredomkefispCchservice;Ateredomkefisp Cache;"c:\program files\Ateredomkefisp\AteredomkefispCchservice.exe32" {79740E79-A383-47A7-B513-3DF6563D007F} {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} --> c:\program files\Ateredomkefisp\AteredomkefispCchservice.exe32 [?]
S4 CLPSLauncher;COMODO LPS Launcher;c:\program files\Common Files\COMODO\launcher_service.exe [28.11.2013 12:17 70352]
S4 GeekBuddyRSP;GeekBuddyRSP Server;c:\program files\Common Files\COMODO\GeekBuddyRSP.exe [28.11.2013 10:58 2327248]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2016-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-25 18:04]
.
2016-06-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2016-06-13 c:\windows\Tasks\Opera scheduled Autoupdate 1455891128.job
- c:\program files\Opera\launcher.exe [2016-02-19 07:19]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
mStart Page = search.mpc.am
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: Interfaces\{3D051471-358E-4E7B-936D-272584C91DC7}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
TCP: Interfaces\{912994FC-195C-4101-A02D-A9B71DB1CF9B}: NameServer = 10.1.0.56,10.1.0.20
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\69axwvoh.default-1465644640734\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
ShellExecuteHooks-{7AD1C0F5-07A2-40E5-8608-C6EAA0FF362F} - c:\documents and settings\Mirek\Cookies\explibss.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-AVCHD Video Converter_is1 - c:\program files\iOrgSoft\AVCHD Video Converter\unins000.exe
AddRemove-Djerba 2005 - c:\program files\Microsoft Games\FS2002\ADDON SCENERY\SCENERY\Uninstal.exe
AddRemove-MediaPlayerV1alpha8194 - c:\program files\MediaPlayerV1\MediaPlayerV1alpha8194\uninstall.exe
AddRemove-Revo Uninstaller - c:\program files\VS Revo Group\Revo Uninstaller\uninst.exe
AddRemove-WinZip - c:\program files\WinZipper\wzUninstall.exe
AddRemove-{A901BF63-29AD-49A3-B067-231925E98B62}_is1 - c:\program files\Microsoft Games\FS2002\Real Environment Pro\unins000.exe
AddRemove-{f0080ca2-80ae-4958-b6eb-e8fa916d744a} - c:\documents and settings\All Users\Data aplikací\Package Cache\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}\vcredist_x86.exe
AddRemove-Free mp3 Wma Converter - c:\program files\Free mp3 Wma Converter\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-06-13 13:28
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AteredomkefispCchservice]
"ImagePath"="\"c:\program files\Ateredomkefisp\AteredomkefispCchservice.exe32\" {79740E79-A383-47A7-B513-3DF6563D007F} {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(892)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\mswsock.dll
c:\windows\System32\wshtcpip.dll
.
- - - - - - - > 'csrss.exe'(808)
c:\windows\system32\cmdcsr.dll
.
Celkový čas: 2016-06-13 13:40:32
ComboFix-quarantined-files.txt 2016-06-13 11:40
.
Před spuštěním: Volných bajtů: 41 901 281 280
Po spuštění: Volných bajtů: 41 885 208 576
.
- - End Of File - - 5BB20B555C8851750C2B369176097C45
413FC2A0C716421B3158746D63736515
ComboFix 16-06-01.01 - Mirek 13.06.2016 12:59:06.9.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1038 [GMT 2:00]
Spuštěný z: c:\documents and settings\Mirek\Plocha\ComboFix.exe
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Mirek\Cookies\explibss.dll
c:\documents and settings\Mirek\Dokumenty\~WRL0002.tmp
c:\documents and settings\Mirek\Dokumenty\~WRL0004.tmp
c:\documents and settings\Mirek\Dokumenty\~WRL0764.tmp
c:\documents and settings\Mirek\Dokumenty\~WRL1050.tmp
c:\documents and settings\Mirek\Dokumenty\~WRL2963.tmp
c:\windows\msmqinst.log
c:\windows\unin0405.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-05-13 do 2016-06-13 )))))))))))))))))))))))))))))))
.
.
2016-06-12 13:49 . 2016-06-12 13:49 -------- d-----w- C:\Spidla
2016-06-10 13:47 . 2016-06-10 13:48 -------- dc-h--w- c:\windows\ie8
2016-06-09 12:29 . 2016-06-09 12:29 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2016-06-09 11:08 . 2013-10-25 11:14 78336 ----a-w- c:\windows\system32\ieencode.dll
2016-06-09 11:08 . 2013-10-25 11:14 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2016-06-09 10:40 . 2014-02-05 23:08 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2016-06-09 10:40 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2016-06-09 10:40 . 2014-02-05 23:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2016-06-09 10:40 . 2014-02-05 23:08 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2016-06-09 10:40 . 2014-02-05 23:08 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2016-06-07 12:38 . 2016-06-07 12:38 -------- d-----w- c:\documents and settings\Mirek\Local Settings\Data aplikací\WMTools Downloaded Files
2016-06-05 18:18 . 2016-06-05 18:18 -------- d-----w- c:\documents and settings\Mirek\Data aplikací\The_House_of_Fables
2016-06-05 18:14 . 2016-06-05 18:17 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AlawarWrapper
2016-06-03 11:11 . 2016-06-03 11:11 -------- d-----w- c:\documents and settings\Mirek\Data aplikací\WinZiper
2016-06-03 11:11 . 2016-06-03 11:11 -------- d-----w- c:\documents and settings\Mirek\Data aplikací\TSv
2016-05-31 15:51 . 2016-05-31 15:51 -------- d-----w- c:\documents and settings\Mirek\Local Settings\Data aplikací\GetGo
2016-05-31 15:50 . 2016-05-31 15:50 -------- d-----w- c:\documents and settings\Mirek\Data aplikací\GetGo Software
2016-05-31 15:50 . 2016-05-31 15:50 -------- d-----w- c:\documents and settings\Mirek\Local Settings\Data aplikací\Profiles
2016-05-31 15:50 . 2016-05-31 15:49 53992 ------w- c:\windows\system32\drivers\MPCKpt.sys
2016-05-31 15:50 . 2016-05-31 15:49 29032 ------w- c:\windows\system32\drivers\MPCBase.sys
2016-05-31 15:26 . 2016-05-31 15:27 -------- d-----w- c:\documents and settings\Mirek\Data aplikací\Profiles
2016-05-31 15:17 . 2000-01-04 04:39 212992 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
2016-05-31 14:45 . 2016-05-31 14:45 -------- d-----w- C:\Data
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-05-12 18:04 . 2012-05-25 21:17 797376 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-05-12 18:04 . 2012-05-25 21:17 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-04-11 18:44 . 2016-04-11 18:44 19984 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2016-04-09 10:41 . 2016-04-09 10:41 848437 ----a-w- c:\documents and settings\Mirek\Data aplikací\DamSantip.bin
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-07-30 08:09 . A825F4181AEC077D8DCA1053DC015265 . 1542656 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2008-07-30 . 12A799AD9415AE9C8ABCC5F75E9CF034 . 557056 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2010-08-23 . E145ADD7DAEF759C4F5FB80A180A9C30 . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\91c0d00449fe57ed4a4c0c930c390f2f\SP3QFE\comctl32.dll
[-] 2010-08-23 . 8A72A30FDC803DC06755D3B36D966F31 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\91c0d00449fe57ed4a4c0c930c390f2f\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2010-08-23 . 8A72A30FDC803DC06755D3B36D966F31 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\91c0d00449fe57ed4a4c0c930c390f2f\SP3QFE\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2008-07-30 . 97BF1C54DAF9FF61E897846DC7329CEF . 647680 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2008-04-14 . D7B7AE36A2EBA312AC4B53862019B3F5 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2001-10-25 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
.
[-] 2008-07-30 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
.
[-] 2008-07-30 . DD7E25E20AEBD672DAE7E1D911C2D824 . 1589760 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
[-] 2008-04-14 . C2DCB09A1EA98F248DD9A5DE195B3DF3 . 277504 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2008-07-30 . 94927BB89A6825C4A5952A2BF78F027B . 40960 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[-] 2008-08-01 . 4904E891E6C814DE9225400C8DAD494D . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\documents and settings\Mirek\Data aplikací\uTorrent\uTorrent.exe" [2016-05-14 2133504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-06-21 15677728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-09-13 17:51 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-03-24 02:00 1983816 -c--a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-03-18 01:40 767312 -c--a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-07-30 08:10 40960 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate]
2013-05-16 13:25 1062472 ----a-w- c:\documents and settings\Mirek\Data aplikací\Seznam.cz\szninstall.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2013-06-21 09:54 15677728 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2013-06-21 09:54 223008 -c--a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-10-02 12:23 421888 ----a-w- c:\program files\QT Lite\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-03-17 14:52 19520544 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce]
2013-05-16 13:25 1062472 ----a-w- c:\program files\Seznam.cz\distribution\szninstall.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2016-05-14 12:30 2133504 ----a-w- c:\documents and settings\Mirek\Data aplikací\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AppfocserT"=2 (0x2)
"MPCProtectService"=2 (0x2)
"MSDTC"=3 (0x3)
"GeekBuddyRSP"=2 (0x2)
"CLPSLauncher"=2 (0x2)
"AteredomkefispCchservice"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Documents and Settings\\Mirek\\Data aplikací\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 MPCBase;MPCBase;c:\windows\system32\drivers\MPCBase.sys [31.5.2016 17:50 29032]
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [7.5.2013 9:00 36112]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [18.6.2013 17:16 18528]
R1 cmdGuard;COMODO Internet Security Driver;c:\windows\system32\drivers\cmdGuard.sys [8.7.2013 22:59 587352]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [18.6.2013 17:16 32816]
R1 HMD;COMODO livePCsupport Hardware Monitor Driver;c:\windows\system32\drivers\hmd.sys [7.10.2013 7:17 14272]
R1 MPCKpt;MPCKpt;c:\windows\system32\drivers\MPCKpt.sys [31.5.2016 17:50 53992]
S2 DCHP;DCHP;c:\documents and settings\All Users\Data aplikací\\DCHP\\DCHP.exe -f "c:\documents and settings\All Users\Data aplikací\\DCHP\\DCHP.dat" -l -a --> c:\documents and settings\All Users\Data aplikací\\DCHP\\DCHP.exe -f c:\documents and settings\All Users\Data aplikací\\DCHP\\DCHP.dat [?]
S2 MPCProtectService;MPC Core Protect Service;"c:\program files\MPC Cleaner\MPCProtectService.exe" --> c:\program files\MPC Cleaner\MPCProtectService.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9.4.2010 23:13 1691480]
S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [11.4.2016 20:44 19984]
S3 ZD1211BU(TP-LINK);TL-WN322G/WN322G+ Wireless USB Adapter Driver(TP-LINK);c:\windows\system32\drivers\ZD1211BU.sys [9.4.2010 22:40 500736]
S4 AppfocserT;AppfocserT;c:\documents and settings\All Users\Data aplikací\\AppfocserT\\AppfocserT.exe -f "c:\documents and settings\All Users\Data aplikací\\AppfocserT\\AppfocserT.dat" -l -a --> c:\documents and settings\All Users\Data aplikací\\AppfocserT\\AppfocserT.exe -f c:\documents and settings\All Users\Data aplikací\\AppfocserT\\AppfocserT.dat [?]
S4 AteredomkefispCchservice;Ateredomkefisp Cache;"c:\program files\Ateredomkefisp\AteredomkefispCchservice.exe32" {79740E79-A383-47A7-B513-3DF6563D007F} {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} --> c:\program files\Ateredomkefisp\AteredomkefispCchservice.exe32 [?]
S4 CLPSLauncher;COMODO LPS Launcher;c:\program files\Common Files\COMODO\launcher_service.exe [28.11.2013 12:17 70352]
S4 GeekBuddyRSP;GeekBuddyRSP Server;c:\program files\Common Files\COMODO\GeekBuddyRSP.exe [28.11.2013 10:58 2327248]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2016-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-25 18:04]
.
2016-06-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2016-06-13 c:\windows\Tasks\Opera scheduled Autoupdate 1455891128.job
- c:\program files\Opera\launcher.exe [2016-02-19 07:19]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
mStart Page = search.mpc.am
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: Interfaces\{3D051471-358E-4E7B-936D-272584C91DC7}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
TCP: Interfaces\{912994FC-195C-4101-A02D-A9B71DB1CF9B}: NameServer = 10.1.0.56,10.1.0.20
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\69axwvoh.default-1465644640734\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
ShellExecuteHooks-{7AD1C0F5-07A2-40E5-8608-C6EAA0FF362F} - c:\documents and settings\Mirek\Cookies\explibss.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-AVCHD Video Converter_is1 - c:\program files\iOrgSoft\AVCHD Video Converter\unins000.exe
AddRemove-Djerba 2005 - c:\program files\Microsoft Games\FS2002\ADDON SCENERY\SCENERY\Uninstal.exe
AddRemove-MediaPlayerV1alpha8194 - c:\program files\MediaPlayerV1\MediaPlayerV1alpha8194\uninstall.exe
AddRemove-Revo Uninstaller - c:\program files\VS Revo Group\Revo Uninstaller\uninst.exe
AddRemove-WinZip - c:\program files\WinZipper\wzUninstall.exe
AddRemove-{A901BF63-29AD-49A3-B067-231925E98B62}_is1 - c:\program files\Microsoft Games\FS2002\Real Environment Pro\unins000.exe
AddRemove-{f0080ca2-80ae-4958-b6eb-e8fa916d744a} - c:\documents and settings\All Users\Data aplikací\Package Cache\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}\vcredist_x86.exe
AddRemove-Free mp3 Wma Converter - c:\program files\Free mp3 Wma Converter\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-06-13 13:28
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AteredomkefispCchservice]
"ImagePath"="\"c:\program files\Ateredomkefisp\AteredomkefispCchservice.exe32\" {79740E79-A383-47A7-B513-3DF6563D007F} {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(892)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\mswsock.dll
c:\windows\System32\wshtcpip.dll
.
- - - - - - - > 'csrss.exe'(808)
c:\windows\system32\cmdcsr.dll
.
Celkový čas: 2016-06-13 13:40:32
ComboFix-quarantined-files.txt 2016-06-13 11:40
.
Před spuštěním: Volných bajtů: 41 901 281 280
Po spuštění: Volných bajtů: 41 885 208 576
.
- - End Of File - - 5BB20B555C8851750C2B369176097C45
413FC2A0C716421B3158746D63736515
Re: Hohosearch a MPCprotectService
Napsal: 13 čer 2016 13:25
pouzi CFScript.txt pretiahnutim nad ikonu Combofix-u
Kód: Vybrat vše
KillAll::
Registry::
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AteredomkefispCchservice]
"ImagePath"=-
Driver::
DCHP
MPCProtectService
AppfocserT
AteredomkefispCchservice
sptd
MPCBase
MPCKpt
Reboot::
Re: Hohosearch a MPCprotectService
Napsal: 13 čer 2016 13:34
Pardon, teď nerozumím. To zelené mám přetáhnout k logu Combofix?? To ale nejde...
Btw. po comboscanu se restartoval prohlížeč a zase jsem o několik dní nazpět a horní pravé vyhledávací okno mi to nehledá v googlu, ale v nějakém po***ném OZIPu bez diakritiky!! Já už vážně nevím!
Btw. po comboscanu se restartoval prohlížeč a zase jsem o několik dní nazpět a horní pravé vyhledávací okno mi to nehledá v googlu, ale v nějakém po***ném OZIPu bez diakritiky!! Já už vážně nevím!
Re: Hohosearch a MPCprotectService
Napsal: 13 čer 2016 13:40
Re: Hohosearch a MPCprotectService
Napsal: 13 čer 2016 14:54
tak tady log:
ComboFix 16-06-01.01 - Mirek 13.06.2016 15:17:07.10.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1457 [GMT 2:00]
Spuštěný z: c:\documents and settings\Mirek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Mirek\Plocha\CFScript.txt.txt
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_APPFOCSERT
-------\Legacy_ATEREDOMKEFISPCCHSERVICE
-------\Legacy_DCHP
-------\Legacy_MPCBASE
-------\Legacy_MPCKPT
-------\Legacy_MPCPROTECTSERVICE
-------\Legacy_SPTD
-------\Service_AppfocserT
-------\Service_AteredomkefispCchservice
-------\Service_DCHP
-------\Service_MPCBase
-------\Service_MPCKpt
-------\Service_MPCProtectService
-------\Service_sptd
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-05-13 do 2016-06-13 )))))))))))))))))))))))))))))))
.
.
2016-06-12 13:49 . 2016-06-12 13:49 -------- d-----w- C:\Spidla
2016-06-10 13:47 . 2016-06-10 13:48 -------- dc-h--w- c:\windows\ie8
2016-06-09 12:29 . 2016-06-09 12:29 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2016-06-09 11:08 . 2013-10-25 11:14 78336 ----a-w- c:\windows\system32\ieencode.dll
2016-06-09 11:08 . 2013-10-25 11:14 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2016-06-09 10:40 . 2014-02-05 23:08 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2016-06-09 10:40 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2016-06-09 10:40 . 2014-02-05 23:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2016-06-09 10:40 . 2014-02-05 23:08 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2016-06-09 10:40 . 2014-02-05 23:08 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2016-06-07 12:38 . 2016-06-07 12:38 -------- d-----w- c:\documents and settings\Mirek\Local Settings\Data aplikací\WMTools Downloaded Files
2016-06-05 18:18 . 2016-06-05 18:18 -------- d-----w- c:\documents and settings\Mirek\Data aplikací\The_House_of_Fables
2016-06-05 18:14 . 2016-06-05 18:17 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AlawarWrapper
2016-06-03 11:11 . 2016-06-03 11:11 -------- d-----w- c:\documents and settings\Mirek\Data aplikací\WinZiper
2016-06-03 11:11 . 2016-06-03 11:11 -------- d-----w- c:\documents and settings\Mirek\Data aplikací\TSv
2016-05-31 15:51 . 2016-05-31 15:51 -------- d-----w- c:\documents and settings\Mirek\Local Settings\Data aplikací\GetGo
2016-05-31 15:50 . 2016-05-31 15:50 -------- d-----w- c:\documents and settings\Mirek\Data aplikací\GetGo Software
2016-05-31 15:50 . 2016-05-31 15:50 -------- d-----w- c:\documents and settings\Mirek\Local Settings\Data aplikací\Profiles
2016-05-31 15:50 . 2016-05-31 15:49 53992 ------w- c:\windows\system32\drivers\MPCKpt.sys
2016-05-31 15:50 . 2016-05-31 15:49 29032 ------w- c:\windows\system32\drivers\MPCBase.sys
2016-05-31 15:26 . 2016-05-31 15:27 -------- d-----w- c:\documents and settings\Mirek\Data aplikací\Profiles
2016-05-31 15:17 . 2000-01-04 04:39 212992 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
2016-05-31 14:45 . 2016-05-31 14:45 -------- d-----w- C:\Data
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-05-12 18:04 . 2012-05-25 21:17 797376 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-05-12 18:04 . 2012-05-25 21:17 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-04-11 18:44 . 2016-04-11 18:44 19984 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2016-04-09 10:41 . 2016-04-09 10:41 848437 ----a-w- c:\documents and settings\Mirek\Data aplikací\DamSantip.bin
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-07-30 08:09 . A825F4181AEC077D8DCA1053DC015265 . 1542656 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2008-07-30 . 12A799AD9415AE9C8ABCC5F75E9CF034 . 557056 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2010-08-23 . E145ADD7DAEF759C4F5FB80A180A9C30 . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\91c0d00449fe57ed4a4c0c930c390f2f\SP3QFE\comctl32.dll
[-] 2010-08-23 . 8A72A30FDC803DC06755D3B36D966F31 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\91c0d00449fe57ed4a4c0c930c390f2f\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2010-08-23 . 8A72A30FDC803DC06755D3B36D966F31 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\91c0d00449fe57ed4a4c0c930c390f2f\SP3QFE\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2008-07-30 . 97BF1C54DAF9FF61E897846DC7329CEF . 647680 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2008-04-14 . D7B7AE36A2EBA312AC4B53862019B3F5 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2001-10-25 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
.
[-] 2008-07-30 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
.
[-] 2008-07-30 . DD7E25E20AEBD672DAE7E1D911C2D824 . 1589760 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
[-] 2008-04-14 . C2DCB09A1EA98F248DD9A5DE195B3DF3 . 277504 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2008-07-30 . 94927BB89A6825C4A5952A2BF78F027B . 40960 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[-] 2008-08-01 . 4904E891E6C814DE9225400C8DAD494D . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\documents and settings\Mirek\Data aplikací\uTorrent\uTorrent.exe" [2016-05-14 2133504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-06-21 15677728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-09-13 17:51 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-03-24 02:00 1983816 -c--a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-03-18 01:40 767312 -c--a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-07-30 08:10 40960 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate]
2013-05-16 13:25 1062472 ----a-w- c:\documents and settings\Mirek\Data aplikací\Seznam.cz\szninstall.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2013-06-21 09:54 15677728 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2013-06-21 09:54 223008 -c--a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-10-02 12:23 421888 ----a-w- c:\program files\QT Lite\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-03-17 14:52 19520544 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce]
2013-05-16 13:25 1062472 ----a-w- c:\program files\Seznam.cz\distribution\szninstall.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2016-05-14 12:30 2133504 ----a-w- c:\documents and settings\Mirek\Data aplikací\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AppfocserT"=2 (0x2)
"MPCProtectService"=2 (0x2)
"MSDTC"=3 (0x3)
"GeekBuddyRSP"=2 (0x2)
"CLPSLauncher"=2 (0x2)
"AteredomkefispCchservice"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Documents and Settings\\Mirek\\Data aplikací\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [7.5.2013 9:00 36112]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [18.6.2013 17:16 18528]
R1 cmdGuard;COMODO Internet Security Driver;c:\windows\system32\drivers\cmdGuard.sys [8.7.2013 22:59 587352]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [18.6.2013 17:16 32816]
R1 HMD;COMODO livePCsupport Hardware Monitor Driver;c:\windows\system32\drivers\hmd.sys [7.10.2013 7:17 14272]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9.4.2010 23:13 1691480]
S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [11.4.2016 20:44 19984]
S3 ZD1211BU(TP-LINK);TL-WN322G/WN322G+ Wireless USB Adapter Driver(TP-LINK);c:\windows\system32\drivers\ZD1211BU.sys [9.4.2010 22:40 500736]
S4 CLPSLauncher;COMODO LPS Launcher;c:\program files\Common Files\COMODO\launcher_service.exe [28.11.2013 12:17 70352]
S4 GeekBuddyRSP;GeekBuddyRSP Server;c:\program files\Common Files\COMODO\GeekBuddyRSP.exe [28.11.2013 10:58 2327248]
.
Obsah adresáře 'Naplánované úlohy'
.
2016-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-25 18:04]
.
2016-06-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2016-06-13 c:\windows\Tasks\Opera scheduled Autoupdate 1455891128.job
- c:\program files\Opera\launcher.exe [2016-02-19 07:19]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
mStart Page = search.mpc.am
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: Interfaces\{3D051471-358E-4E7B-936D-272584C91DC7}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
TCP: Interfaces\{912994FC-195C-4101-A02D-A9B71DB1CF9B}: NameServer = 10.1.0.56,10.1.0.20
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\69axwvoh.default-1465644640734\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-06-13 15:46
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(844)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(900)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\mswsock.dll
c:\windows\System32\wshtcpip.dll
.
- - - - - - - > 'explorer.exe'(3040)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\guard32.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\SETUPAPI.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
.
- - - - - - - > 'csrss.exe'(812)
c:\windows\system32\cmdcsr.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\documents and settings\Mirek\Data aplikací\uTorrent\updates\3.4.7_42330\utorrentie.exe
c:\documents and settings\Mirek\Data aplikací\uTorrent\updates\3.4.7_42330\utorrentie.exe
.
**************************************************************************
.
Celkový čas: 2016-06-13 15:51:07 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-06-13 13:51
ComboFix2.txt 2016-06-13 11:40
.
Před spuštěním: Volných bajtů: 41 851 346 944
Po spuštění: Volných bajtů: 41 745 272 832
.
- - End Of File - - 58B494C4E7BECE60160165099CD4C80F
413FC2A0C716421B3158746D63736515
ComboFix 16-06-01.01 - Mirek 13.06.2016 15:17:07.10.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1457 [GMT 2:00]
Spuštěný z: c:\documents and settings\Mirek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Mirek\Plocha\CFScript.txt.txt
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_APPFOCSERT
-------\Legacy_ATEREDOMKEFISPCCHSERVICE
-------\Legacy_DCHP
-------\Legacy_MPCBASE
-------\Legacy_MPCKPT
-------\Legacy_MPCPROTECTSERVICE
-------\Legacy_SPTD
-------\Service_AppfocserT
-------\Service_AteredomkefispCchservice
-------\Service_DCHP
-------\Service_MPCBase
-------\Service_MPCKpt
-------\Service_MPCProtectService
-------\Service_sptd
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-05-13 do 2016-06-13 )))))))))))))))))))))))))))))))
.
.
2016-06-12 13:49 . 2016-06-12 13:49 -------- d-----w- C:\Spidla
2016-06-10 13:47 . 2016-06-10 13:48 -------- dc-h--w- c:\windows\ie8
2016-06-09 12:29 . 2016-06-09 12:29 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2016-06-09 11:08 . 2013-10-25 11:14 78336 ----a-w- c:\windows\system32\ieencode.dll
2016-06-09 11:08 . 2013-10-25 11:14 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2016-06-09 10:40 . 2014-02-05 23:08 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2016-06-09 10:40 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2016-06-09 10:40 . 2014-02-05 23:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2016-06-09 10:40 . 2014-02-05 23:08 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2016-06-09 10:40 . 2014-02-05 23:08 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2016-06-07 12:38 . 2016-06-07 12:38 -------- d-----w- c:\documents and settings\Mirek\Local Settings\Data aplikací\WMTools Downloaded Files
2016-06-05 18:18 . 2016-06-05 18:18 -------- d-----w- c:\documents and settings\Mirek\Data aplikací\The_House_of_Fables
2016-06-05 18:14 . 2016-06-05 18:17 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AlawarWrapper
2016-06-03 11:11 . 2016-06-03 11:11 -------- d-----w- c:\documents and settings\Mirek\Data aplikací\WinZiper
2016-06-03 11:11 . 2016-06-03 11:11 -------- d-----w- c:\documents and settings\Mirek\Data aplikací\TSv
2016-05-31 15:51 . 2016-05-31 15:51 -------- d-----w- c:\documents and settings\Mirek\Local Settings\Data aplikací\GetGo
2016-05-31 15:50 . 2016-05-31 15:50 -------- d-----w- c:\documents and settings\Mirek\Data aplikací\GetGo Software
2016-05-31 15:50 . 2016-05-31 15:50 -------- d-----w- c:\documents and settings\Mirek\Local Settings\Data aplikací\Profiles
2016-05-31 15:50 . 2016-05-31 15:49 53992 ------w- c:\windows\system32\drivers\MPCKpt.sys
2016-05-31 15:50 . 2016-05-31 15:49 29032 ------w- c:\windows\system32\drivers\MPCBase.sys
2016-05-31 15:26 . 2016-05-31 15:27 -------- d-----w- c:\documents and settings\Mirek\Data aplikací\Profiles
2016-05-31 15:17 . 2000-01-04 04:39 212992 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
2016-05-31 14:45 . 2016-05-31 14:45 -------- d-----w- C:\Data
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-05-12 18:04 . 2012-05-25 21:17 797376 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-05-12 18:04 . 2012-05-25 21:17 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-04-11 18:44 . 2016-04-11 18:44 19984 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2016-04-09 10:41 . 2016-04-09 10:41 848437 ----a-w- c:\documents and settings\Mirek\Data aplikací\DamSantip.bin
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-07-30 08:09 . A825F4181AEC077D8DCA1053DC015265 . 1542656 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2008-07-30 . 12A799AD9415AE9C8ABCC5F75E9CF034 . 557056 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2010-08-23 . E145ADD7DAEF759C4F5FB80A180A9C30 . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\91c0d00449fe57ed4a4c0c930c390f2f\SP3QFE\comctl32.dll
[-] 2010-08-23 . 8A72A30FDC803DC06755D3B36D966F31 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\91c0d00449fe57ed4a4c0c930c390f2f\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2010-08-23 . 8A72A30FDC803DC06755D3B36D966F31 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\91c0d00449fe57ed4a4c0c930c390f2f\SP3QFE\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2008-07-30 . 97BF1C54DAF9FF61E897846DC7329CEF . 647680 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2008-04-14 . D7B7AE36A2EBA312AC4B53862019B3F5 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2001-10-25 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
.
[-] 2008-07-30 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
.
[-] 2008-07-30 . DD7E25E20AEBD672DAE7E1D911C2D824 . 1589760 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
[-] 2008-04-14 . C2DCB09A1EA98F248DD9A5DE195B3DF3 . 277504 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2008-07-30 . 94927BB89A6825C4A5952A2BF78F027B . 40960 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[-] 2008-08-01 . 4904E891E6C814DE9225400C8DAD494D . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\documents and settings\Mirek\Data aplikací\uTorrent\uTorrent.exe" [2016-05-14 2133504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-06-21 15677728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-09-13 17:51 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-03-24 02:00 1983816 -c--a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-03-18 01:40 767312 -c--a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-07-30 08:10 40960 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate]
2013-05-16 13:25 1062472 ----a-w- c:\documents and settings\Mirek\Data aplikací\Seznam.cz\szninstall.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2013-06-21 09:54 15677728 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2013-06-21 09:54 223008 -c--a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-10-02 12:23 421888 ----a-w- c:\program files\QT Lite\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-03-17 14:52 19520544 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce]
2013-05-16 13:25 1062472 ----a-w- c:\program files\Seznam.cz\distribution\szninstall.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2016-05-14 12:30 2133504 ----a-w- c:\documents and settings\Mirek\Data aplikací\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AppfocserT"=2 (0x2)
"MPCProtectService"=2 (0x2)
"MSDTC"=3 (0x3)
"GeekBuddyRSP"=2 (0x2)
"CLPSLauncher"=2 (0x2)
"AteredomkefispCchservice"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Documents and Settings\\Mirek\\Data aplikací\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [7.5.2013 9:00 36112]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [18.6.2013 17:16 18528]
R1 cmdGuard;COMODO Internet Security Driver;c:\windows\system32\drivers\cmdGuard.sys [8.7.2013 22:59 587352]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [18.6.2013 17:16 32816]
R1 HMD;COMODO livePCsupport Hardware Monitor Driver;c:\windows\system32\drivers\hmd.sys [7.10.2013 7:17 14272]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9.4.2010 23:13 1691480]
S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [11.4.2016 20:44 19984]
S3 ZD1211BU(TP-LINK);TL-WN322G/WN322G+ Wireless USB Adapter Driver(TP-LINK);c:\windows\system32\drivers\ZD1211BU.sys [9.4.2010 22:40 500736]
S4 CLPSLauncher;COMODO LPS Launcher;c:\program files\Common Files\COMODO\launcher_service.exe [28.11.2013 12:17 70352]
S4 GeekBuddyRSP;GeekBuddyRSP Server;c:\program files\Common Files\COMODO\GeekBuddyRSP.exe [28.11.2013 10:58 2327248]
.
Obsah adresáře 'Naplánované úlohy'
.
2016-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-25 18:04]
.
2016-06-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2016-06-13 c:\windows\Tasks\Opera scheduled Autoupdate 1455891128.job
- c:\program files\Opera\launcher.exe [2016-02-19 07:19]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
mStart Page = search.mpc.am
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: Interfaces\{3D051471-358E-4E7B-936D-272584C91DC7}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
TCP: Interfaces\{912994FC-195C-4101-A02D-A9B71DB1CF9B}: NameServer = 10.1.0.56,10.1.0.20
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\69axwvoh.default-1465644640734\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-06-13 15:46
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(844)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(900)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\mswsock.dll
c:\windows\System32\wshtcpip.dll
.
- - - - - - - > 'explorer.exe'(3040)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\guard32.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\SETUPAPI.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
.
- - - - - - - > 'csrss.exe'(812)
c:\windows\system32\cmdcsr.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\documents and settings\Mirek\Data aplikací\uTorrent\updates\3.4.7_42330\utorrentie.exe
c:\documents and settings\Mirek\Data aplikací\uTorrent\updates\3.4.7_42330\utorrentie.exe
.
**************************************************************************
.
Celkový čas: 2016-06-13 15:51:07 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-06-13 13:51
ComboFix2.txt 2016-06-13 11:40
.
Před spuštěním: Volných bajtů: 41 851 346 944
Po spuštění: Volných bajtů: 41 745 272 832
.
- - End Of File - - 58B494C4E7BECE60160165099CD4C80F
413FC2A0C716421B3158746D63736515
Re: Hohosearch a MPCprotectService
Napsal: 13 čer 2016 17:48
Pouzi este delfix http://forum.viry.cz/viewtopic.php?f=30 ... x#p1450462
Ak to stale nebude podla Tvojich predstav, ja sa vzdavam
Ak to stale nebude podla Tvojich predstav, ja sa vzdavam
Re: Hohosearch a MPCprotectService
Napsal: 14 čer 2016 13:40
Ahoj. Po tomto kroku zdá se, vše funguje v normálu. Doposud mi na idnesu neskočil redirect a při startování netu rovnou seznam, ne ten hohofucksearch 
Díky moc. Za pár dní Vám odešlu odměnu na účet. S uctivým pozdravem Miroslav 
Díky moc. Za pár dní Vám odešlu odměnu na účet. S uctivým pozdravem Miroslav Re: Hohosearch a MPCprotectService
Napsal: 14 čer 2016 13:45
no spina bola zazrana hlboko, az CF urobil poriadok
aj za Rudyho: radi sme pomohli a vdaka za príspevok
aj za Rudyho: radi sme pomohli a vdaka za príspevok