Prosím o kontrolu logu
Napsal: 26 dub 2015 14:27
Zdravím,
nějak se mi do PC dostal vir, který k obtěžování používá soubor svchost.exe. Přes různé diskuze a debaty jsou došel až k programu ComboFix. Ten počítač proskenoval a vyplivl log, který přikládám. Prosím o vaší kontrolu, zda je problém vyřešen, nebo mám ještě něco opravit. Předem děkuji!
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ComboFix 15-04-19.01 - Michal 26.04.2015 14:35:29.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3327.1115 [GMT 2:00]
Spuštěný z: d:\download\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
/wow section - STAGE 4
Přístup byl odepřen.
.
/wow section - STAGE 6A
Přístup byl odepřen.
.
/wow section - STAGE 7
.
/wow section - STAGE 8
Přístup byl odepřen.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Michal\ia_remove.sh2740.tmp
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-03-26 do 2015-04-26 )))))))))))))))))))))))))))))))
.
.
2015-04-26 13:05 . 2015-04-26 13:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-26 12:34 . 2015-04-26 12:34 39464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{96104E74-5B1F-41CB-B246-3EEB7C301736}\MpKsl378ed4ba.sys
2015-04-26 12:31 . 2015-04-03 21:39 9201616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{96104E74-5B1F-41CB-B246-3EEB7C301736}\mpengine.dll
2015-04-26 12:28 . 2015-04-26 12:28 -------- d-----w- c:\program files\Microsoft Security Client
2015-04-24 20:12 . 2015-04-04 06:39 9201616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A2D7221C-6593-4AD3-9CFB-C6B93E9D8745}\mpengine.dll
2015-04-20 18:44 . 2015-04-26 11:51 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2015-04-17 20:26 . 2015-04-17 20:26 -------- d-----w- c:\users\Michal\AppData\Roaming\HP
2015-04-17 20:26 . 2015-04-17 20:26 -------- d-----w- c:\programdata\WEBREG
2015-04-17 20:25 . 2015-04-17 20:25 -------- d-----w- c:\programdata\Hewlett-Packard
2015-04-17 20:25 . 2009-07-14 01:15 280064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzppw71.dll
2015-04-17 20:06 . 2015-04-17 20:06 -------- d-----w- c:\program files\Common Files\HP
2015-04-17 20:06 . 2015-04-17 20:06 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2015-04-17 20:05 . 2015-04-17 20:08 -------- d-----w- c:\program files\HP
2015-04-17 20:03 . 2015-04-17 20:08 -------- d-----w- c:\programdata\HP
2015-04-17 20:02 . 2009-07-08 10:51 675840 ----a-w- c:\windows\system32\hpowiax3.dll
2015-04-17 20:02 . 2009-07-08 10:51 569344 ----a-w- c:\windows\system32\hpotscl3.dll
2015-04-17 20:02 . 2009-07-08 10:51 452408 ----a-w- c:\windows\system32\hpzids01.dll
2015-04-17 20:02 . 2009-07-08 10:51 364544 ----a-w- c:\windows\system32\hppldcoi.dll
2015-04-17 20:02 . 2009-07-08 10:51 303104 ----a-w- c:\windows\system32\hpovst10.dll
2015-04-11 21:28 . 2015-04-11 21:27 291312 ----a-w- c:\windows\system32\aswBoot.exe
2015-04-11 21:27 . 2015-04-11 21:27 43112 ----a-w- c:\windows\avastSS.scr
2015-04-04 19:17 . 2000-01-14 16:14 45568 ----a-w- c:\windows\UniFish3.exe
2015-03-28 19:57 . 2015-04-14 19:48 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-03-28 19:57 . 2015-04-14 19:48 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-03-28 19:51 . 2006-10-26 18:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2015-03-28 19:51 . 2006-10-26 18:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2015-03-28 10:19 . 2015-03-03 13:16 246920 ------w- c:\windows\system32\MpSigStub.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-11 21:28 . 2015-03-21 23:15 106912 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-04-11 21:28 . 2015-03-21 23:15 427736 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-04-11 21:28 . 2015-03-21 23:15 208024 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-04-11 21:28 . 2015-03-21 23:15 49904 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-04-11 21:28 . 2015-03-21 23:15 73440 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-04-11 21:28 . 2015-03-21 23:15 81728 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-04-11 21:28 . 2015-03-21 23:15 24144 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-04-11 21:27 . 2015-03-21 23:15 788272 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-03-22 11:35 . 2015-03-22 11:35 25104 ----a-w- c:\windows\system32\drivers\dtlitescsibus.sys
2015-03-21 21:42 . 2015-03-21 21:42 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-04-11 21:27 644608 ----a-w- e:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\DTLite.exe" [2015-02-27 4556048]
"CCleaner Monitoring"="e:\program files\CCleaner\CCleaner.exe" [2015-02-19 5503768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-29 642304]
"SDTray"="e:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-05-16 3830224]
"AvastUI.exe"="e:\program files\AVAST Software\Avast\AvastUI.exe" [2015-04-11 5512912]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-29 978520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MSI Wireless Utility.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MSI Wireless Utility.lnk
backup=c:\windows\pss\MSI Wireless Utility.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 03:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
2014-11-17 08:11 448856 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2014-01-10 05:26 1861968 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- e:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
2005-10-11 19:54 339968 ----a-w- c:\windows\vsnpstd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
R2 SDScannerService;Spybot-S&D 2 Scanner Service;e:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-07-04 1188896]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-11-15 95408]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2015-01-29 284472]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2015-04-11 788272]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2015-04-11 427736]
S1 MpKsl378ed4ba;MpKsl378ed4ba;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{96104E74-5B1F-41CB-B246-3EEB7C301736}\MpKsl378ed4ba.sys [2015-04-26 39464]
S1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\windows\system32\DRIVERS\wfcxacap.sys [2007-09-19 9856]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-04-30 217088]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-04-11 24144]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-04-11 73440]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2015-04-11 106912]
S2 IHProtect Service;IHProtect Service;c:\program files\XTab\ProtectService.exe [2015-03-16 158816]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;e:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-05-16 1033688]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;e:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-05-15 171928]
S2 VBoxAswDrv;VBoxAsw Support Driver;e:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-03-21 220240]
S2 wfcxatun;WinFast TV Analog Tuner Driver;c:\windows\system32\drivers\wfcxatun.sys [2007-09-19 31744]
S2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys [2007-09-19 167040]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [2009-10-13 49152]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-05-14 86656]
S3 AvastVBoxSvc;AvastVBox COM Service;e:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-03-21 3205216]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;e:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [2015-02-27 1030928]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys [2015-03-22 25104]
S3 rt61x86;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr61.sys [2010-04-07 376160]
S3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys [2007-09-19 21248]
S3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\system32\drivers\wfcxtcap.sys [2007-09-19 15872]
S3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\system32\drivers\wfcxxbar.sys [2007-09-19 10496]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPFILTER
*NewlyCreated* - MPKSL378ED4BA
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-18 17:54 988488 ----a-w- c:\program files\Google\Chrome\Application\42.0.2311.90\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-04-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-28 19:48]
.
2015-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-03-22 10:48]
.
2015-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-03-22 10:48]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.mystartsearch.com/?type=hppp&ts=142 ... A_4LJ0JZYL
mStart Page = hxxp://www.mystartsearch.com/?type=hppp&ts=142 ... A_4LJ0JZYL
mSearch Bar = https://www.google.com/?trackid=sp-006
IE: E&xportovat do aplikace Microsoft Excel - e:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 93.89.159.2 82.208.56.105 8.8.8.8
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-04-26 15:12:43
ComboFix-quarantined-files.txt 2015-04-26 13:12
.
Před spuštěním: Volných bajtů: 20 957 872 128
Po spuštění: Volných bajtů: 20 666 933 248
.
- - End Of File - - 85E87BB5AB5336C12C2FDCED2A69B4C0
A36C5E4F47E84449FF07ED3517B43A31
nějak se mi do PC dostal vir, který k obtěžování používá soubor svchost.exe. Přes různé diskuze a debaty jsou došel až k programu ComboFix. Ten počítač proskenoval a vyplivl log, který přikládám. Prosím o vaší kontrolu, zda je problém vyřešen, nebo mám ještě něco opravit. Předem děkuji!
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ComboFix 15-04-19.01 - Michal 26.04.2015 14:35:29.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3327.1115 [GMT 2:00]
Spuštěný z: d:\download\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
/wow section - STAGE 4
Přístup byl odepřen.
.
/wow section - STAGE 6A
Přístup byl odepřen.
.
/wow section - STAGE 7
.
/wow section - STAGE 8
Přístup byl odepřen.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Michal\ia_remove.sh2740.tmp
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-03-26 do 2015-04-26 )))))))))))))))))))))))))))))))
.
.
2015-04-26 13:05 . 2015-04-26 13:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-26 12:34 . 2015-04-26 12:34 39464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{96104E74-5B1F-41CB-B246-3EEB7C301736}\MpKsl378ed4ba.sys
2015-04-26 12:31 . 2015-04-03 21:39 9201616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{96104E74-5B1F-41CB-B246-3EEB7C301736}\mpengine.dll
2015-04-26 12:28 . 2015-04-26 12:28 -------- d-----w- c:\program files\Microsoft Security Client
2015-04-24 20:12 . 2015-04-04 06:39 9201616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A2D7221C-6593-4AD3-9CFB-C6B93E9D8745}\mpengine.dll
2015-04-20 18:44 . 2015-04-26 11:51 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2015-04-17 20:26 . 2015-04-17 20:26 -------- d-----w- c:\users\Michal\AppData\Roaming\HP
2015-04-17 20:26 . 2015-04-17 20:26 -------- d-----w- c:\programdata\WEBREG
2015-04-17 20:25 . 2015-04-17 20:25 -------- d-----w- c:\programdata\Hewlett-Packard
2015-04-17 20:25 . 2009-07-14 01:15 280064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzppw71.dll
2015-04-17 20:06 . 2015-04-17 20:06 -------- d-----w- c:\program files\Common Files\HP
2015-04-17 20:06 . 2015-04-17 20:06 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2015-04-17 20:05 . 2015-04-17 20:08 -------- d-----w- c:\program files\HP
2015-04-17 20:03 . 2015-04-17 20:08 -------- d-----w- c:\programdata\HP
2015-04-17 20:02 . 2009-07-08 10:51 675840 ----a-w- c:\windows\system32\hpowiax3.dll
2015-04-17 20:02 . 2009-07-08 10:51 569344 ----a-w- c:\windows\system32\hpotscl3.dll
2015-04-17 20:02 . 2009-07-08 10:51 452408 ----a-w- c:\windows\system32\hpzids01.dll
2015-04-17 20:02 . 2009-07-08 10:51 364544 ----a-w- c:\windows\system32\hppldcoi.dll
2015-04-17 20:02 . 2009-07-08 10:51 303104 ----a-w- c:\windows\system32\hpovst10.dll
2015-04-11 21:28 . 2015-04-11 21:27 291312 ----a-w- c:\windows\system32\aswBoot.exe
2015-04-11 21:27 . 2015-04-11 21:27 43112 ----a-w- c:\windows\avastSS.scr
2015-04-04 19:17 . 2000-01-14 16:14 45568 ----a-w- c:\windows\UniFish3.exe
2015-03-28 19:57 . 2015-04-14 19:48 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-03-28 19:57 . 2015-04-14 19:48 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-03-28 19:51 . 2006-10-26 18:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2015-03-28 19:51 . 2006-10-26 18:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2015-03-28 10:19 . 2015-03-03 13:16 246920 ------w- c:\windows\system32\MpSigStub.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-11 21:28 . 2015-03-21 23:15 106912 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-04-11 21:28 . 2015-03-21 23:15 427736 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-04-11 21:28 . 2015-03-21 23:15 208024 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-04-11 21:28 . 2015-03-21 23:15 49904 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-04-11 21:28 . 2015-03-21 23:15 73440 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-04-11 21:28 . 2015-03-21 23:15 81728 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-04-11 21:28 . 2015-03-21 23:15 24144 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-04-11 21:27 . 2015-03-21 23:15 788272 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-03-22 11:35 . 2015-03-22 11:35 25104 ----a-w- c:\windows\system32\drivers\dtlitescsibus.sys
2015-03-21 21:42 . 2015-03-21 21:42 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-04-11 21:27 644608 ----a-w- e:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\DTLite.exe" [2015-02-27 4556048]
"CCleaner Monitoring"="e:\program files\CCleaner\CCleaner.exe" [2015-02-19 5503768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-29 642304]
"SDTray"="e:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-05-16 3830224]
"AvastUI.exe"="e:\program files\AVAST Software\Avast\AvastUI.exe" [2015-04-11 5512912]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-29 978520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MSI Wireless Utility.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MSI Wireless Utility.lnk
backup=c:\windows\pss\MSI Wireless Utility.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 03:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
2014-11-17 08:11 448856 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2014-01-10 05:26 1861968 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- e:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
2005-10-11 19:54 339968 ----a-w- c:\windows\vsnpstd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
R2 SDScannerService;Spybot-S&D 2 Scanner Service;e:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-07-04 1188896]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-11-15 95408]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2015-01-29 284472]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2015-04-11 788272]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2015-04-11 427736]
S1 MpKsl378ed4ba;MpKsl378ed4ba;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{96104E74-5B1F-41CB-B246-3EEB7C301736}\MpKsl378ed4ba.sys [2015-04-26 39464]
S1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\windows\system32\DRIVERS\wfcxacap.sys [2007-09-19 9856]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-04-30 217088]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-04-11 24144]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-04-11 73440]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2015-04-11 106912]
S2 IHProtect Service;IHProtect Service;c:\program files\XTab\ProtectService.exe [2015-03-16 158816]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;e:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-05-16 1033688]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;e:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-05-15 171928]
S2 VBoxAswDrv;VBoxAsw Support Driver;e:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-03-21 220240]
S2 wfcxatun;WinFast TV Analog Tuner Driver;c:\windows\system32\drivers\wfcxatun.sys [2007-09-19 31744]
S2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys [2007-09-19 167040]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [2009-10-13 49152]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-05-14 86656]
S3 AvastVBoxSvc;AvastVBox COM Service;e:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-03-21 3205216]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;e:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [2015-02-27 1030928]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys [2015-03-22 25104]
S3 rt61x86;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr61.sys [2010-04-07 376160]
S3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys [2007-09-19 21248]
S3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\system32\drivers\wfcxtcap.sys [2007-09-19 15872]
S3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\system32\drivers\wfcxxbar.sys [2007-09-19 10496]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPFILTER
*NewlyCreated* - MPKSL378ED4BA
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-18 17:54 988488 ----a-w- c:\program files\Google\Chrome\Application\42.0.2311.90\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-04-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-28 19:48]
.
2015-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-03-22 10:48]
.
2015-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-03-22 10:48]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.mystartsearch.com/?type=hppp&ts=142 ... A_4LJ0JZYL
mStart Page = hxxp://www.mystartsearch.com/?type=hppp&ts=142 ... A_4LJ0JZYL
mSearch Bar = https://www.google.com/?trackid=sp-006
IE: E&xportovat do aplikace Microsoft Excel - e:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 93.89.159.2 82.208.56.105 8.8.8.8
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-04-26 15:12:43
ComboFix-quarantined-files.txt 2015-04-26 13:12
.
Před spuštěním: Volných bajtů: 20 957 872 128
Po spuštění: Volných bajtů: 20 666 933 248
.
- - End Of File - - 85E87BB5AB5336C12C2FDCED2A69B4C0
A36C5E4F47E84449FF07ED3517B43A31
