Zavirovane PC

[Alexandros]

Zdravím,
před týdnem jsem po skenu na MBM zjistil Trójského koně-downloader, PC však bylo stále viditelně pomalejší a dnes mi zmizely miniaplikace na ploše. Nechal jsem projít Combofixem 3x a logy přikládám. Neovládl jsem se a infikovaný soubor jsem vyhodil. Nicméně PC se zrychlilo a miniaplikace se objevily. Teď to prochází MBM a zatím je bez infekce. Můžete se mi mrknout, jestli tam není ještě nějaká zrada? Díky. Alexandros

ComboFix 14-02-11.01 - Sipan 11.02.2014 14:07:49.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4094.2250 [GMT 1:00]
Spuštěný z: c:\users\Sipan\Desktop\ComboFix.exe
AV: ESET Smart Security 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personální firewall *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-01-11 do 2014-02-11 )))))))))))))))))))))))))))))))
.
.
2014-02-11 13:12 . 2014-02-11 13:12 -------- dc----w- c:\users\Default\AppData\Local\temp
2014-02-11 13:12 . 2014-02-11 13:12 -------- dc----w- c:\users\Administrator.Sipan-PC\AppData\Local\temp
2014-02-11 11:03 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B8EBCF07-A0E8-4A3A-88C3-780E964F10EB}\mpengine.dll
2014-02-07 18:58 . 2014-02-07 18:58 -------- dc----w- c:\programdata\CDB
2014-02-07 18:57 . 2014-02-07 18:57 -------- dc-h--w- c:\programdata\Common Files
2014-02-07 15:31 . 2014-02-07 15:31 -------- dc-h--w- c:\programdata\CanonBJ
2014-02-07 15:31 . 2014-02-07 15:31 -------- dc-h--w- c:\windows\system32\CanonIJ Uninstaller Information
2014-02-07 15:30 . 2010-03-11 07:57 248320 -c--a-w- c:\windows\system32\CNMIUAF.DLL
2014-02-07 15:30 . 2014-02-07 15:30 -------- dc-h--w- c:\program files\CanonBJ
2014-02-07 14:50 . 2014-02-07 14:50 -------- dc-h--w- c:\programdata\CanonIJMyPrinter
2014-02-07 00:26 . 2014-02-07 00:26 -------- dc----w- c:\programdata\HP Product Assistant
2014-02-07 00:25 . 2014-02-07 00:26 -------- dc----w- c:\program files (x86)\HP
2014-02-07 00:24 . 2014-02-07 00:31 -------- dc----w- c:\programdata\HP
2014-02-05 14:28 . 2014-02-05 15:27 -------- dc----w- c:\program files (x86)\Seznam.cz
2014-02-05 14:28 . 2014-02-06 23:15 -------- dc----w- c:\users\Sipan\AppData\Roaming\Seznam.cz
2014-01-27 13:21 . 2013-12-18 20:09 96168 -c--a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-25 06:04 . 2014-01-25 06:04 -------- dc----w- c:\program files\Windows Journal
2014-01-25 04:14 . 2014-01-25 04:14 -------- dc----w- c:\users\Sipan\AppData\Roaming\Malwarebytes
2014-01-25 03:18 . 2014-01-25 04:00 -------- dc----w- c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-01-18 01:09 . 2014-01-18 01:20 -------- dc----w- c:\windows\SysWow64\Festina_ScreenSaver dir
2014-01-17 21:04 . 2014-01-17 21:04 -------- dc----w- c:\program files\AMD
2014-01-17 20:49 . 2014-01-17 20:49 871856 -c--a-w- c:\windows\system32\tossaeapo64.dll
2014-01-17 20:49 . 2014-01-17 20:49 582056 -c--a-w- c:\windows\system32\tosasfapo64.dll
2014-01-17 20:49 . 2014-01-17 20:49 2103040 -c--a-w- c:\windows\system32\WavesGUILib64.dll
2014-01-17 20:49 . 2014-01-17 20:49 162224 -c--a-w- c:\windows\system32\toseaeapo64.dll
2014-01-17 20:17 . 2014-01-17 21:15 -------- dc----w- c:\programdata\ProductData
2014-01-17 19:35 . 2013-11-27 01:41 53248 -c--a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-17 19:35 . 2013-11-27 01:41 343040 -c--a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-17 19:35 . 2013-11-27 01:41 99840 -c--a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-17 19:35 . 2013-11-27 01:41 325120 -c--a-w- c:\windows\system32\drivers\usbport.sys
2014-01-17 19:35 . 2013-11-27 01:41 25600 -c--a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-17 19:35 . 2013-11-27 01:41 30720 -c--a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-17 19:35 . 2013-11-27 01:41 7808 -c--a-w- c:\windows\system32\drivers\usbd.sys
2014-01-17 19:35 . 2014-01-17 19:50 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-01-17 19:35 . 2014-01-17 19:50 376768 ----a-w- c:\windows\system32\drivers\netio.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-05 11:02 . 2012-04-05 08:35 692616 -c--a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-05 11:02 . 2011-05-22 20:38 71048 -c--a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-18 01:09 . 2013-01-14 17:18 197120 -c--a-w- c:\windows\SysWow64\Festina_ScreenSaver.scr
2014-01-17 21:03 . 2012-07-28 02:10 588288 -c--a-w- c:\windows\system32\atieclxx.exe
2014-01-17 21:03 . 2012-07-28 02:09 239616 -c--a-w- c:\windows\system32\atiesrxx.exe
2014-01-17 21:03 . 2012-03-09 04:45 9753752 -c--a-w- c:\windows\system32\atidxx64.dll
2014-01-17 21:03 . 2012-03-09 04:35 8927704 -c--a-w- c:\windows\system32\atiumd6a.dll
2014-01-17 21:03 . 2012-03-09 04:11 7751920 -c--a-w- c:\windows\system32\atiumd64.dll
2014-01-17 21:03 . 2012-03-09 03:57 143304 -c--a-w- c:\windows\system32\atiuxp64.dll
2014-01-17 21:03 . 2012-03-09 03:56 115512 -c--a-w- c:\windows\system32\atiu9p64.dll
2014-01-17 21:03 . 2012-04-06 01:11 1144320 -c--a-w- c:\windows\system32\atiadlxx.dll
2014-01-17 21:03 . 2012-03-09 05:14 1318552 -c--a-w- c:\windows\system32\aticfx64.dll
2014-01-17 19:48 . 2010-02-16 20:09 86054176 -c--a-w- c:\windows\system32\MRT.exe
2013-12-18 05:13 . 2010-02-16 13:55 270496 -c----w- c:\windows\system32\MpSigStub.exe
2013-12-11 12:54 . 2013-12-11 12:54 62976 ----a-w- c:\windows\system32\TSWbPrxy.exe
2013-12-11 12:54 . 2013-12-11 12:54 46592 ----a-w- c:\windows\SysWow64\MsRdpWebAccess.dll
2013-12-11 12:54 . 2013-12-11 12:54 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2013-12-11 12:54 . 2013-12-11 12:54 16896 ----a-w- c:\windows\SysWow64\wksprtPS.dll
2013-12-11 12:54 . 2013-12-11 12:54 1123840 ----a-w- c:\windows\system32\mstsc.exe
2013-12-11 12:54 . 2013-12-11 12:54 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2013-12-11 12:54 . 2013-12-11 12:54 57856 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2013-12-11 12:54 . 2013-12-11 12:54 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2013-12-11 12:54 . 2013-12-11 12:54 3174912 ----a-w- c:\windows\system32\rdpcorets.dll
2013-12-11 12:54 . 2013-12-11 12:54 243200 ----a-w- c:\windows\system32\rdpudd.dll
2013-12-11 12:54 . 2013-12-11 12:54 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-12-11 12:54 . 2013-12-11 12:54 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-12-11 12:54 . 2013-12-11 12:54 54272 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2013-12-11 12:54 . 2013-12-11 12:54 4916224 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-12-11 12:54 . 2013-12-11 12:54 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-12-11 12:54 . 2013-12-11 12:54 43520 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2013-12-11 12:54 . 2013-12-11 12:54 37376 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-12-11 12:54 . 2013-12-11 12:54 322560 ----a-w- c:\windows\system32\aaclient.dll
2013-12-11 12:54 . 2013-12-11 12:54 269312 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-12-11 12:54 . 2013-12-11 12:54 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2013-12-11 12:54 . 2013-12-11 12:54 18432 ----a-w- c:\windows\system32\wksprtPS.dll
2013-12-11 12:54 . 2013-12-11 12:54 1048064 ----a-w- c:\windows\SysWow64\mstsc.exe
2013-12-11 12:54 . 2013-12-11 12:54 5773824 ----a-w- c:\windows\system32\mstscax.dll
2013-12-11 12:54 . 2013-12-11 12:54 384000 ----a-w- c:\windows\system32\wksprt.exe
2013-12-11 11:01 . 2013-12-11 11:01 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2013-12-11 11:01 . 2013-12-11 11:01 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-11 11:01 . 2013-12-11 11:01 14631424 ----a-w- c:\windows\system32\wmp.dll
2013-12-11 11:01 . 2013-12-11 10:56 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-12-11 11:01 . 2013-12-11 10:56 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-12-11 11:00 . 2013-12-11 10:56 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-11 11:00 . 2013-12-11 10:56 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-12-11 11:00 . 2013-12-11 10:56 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-11 11:00 . 2013-12-11 10:56 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-12-11 11:00 . 2013-12-11 11:00 574976 ----a-w- c:\windows\system32\ieui.dll
2013-12-11 11:00 . 2013-12-11 11:00 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-12-11 11:00 . 2013-12-11 11:00 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2013-12-11 11:00 . 2013-12-11 10:59 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2013-12-11 11:00 . 2013-12-11 10:59 2334208 ----a-w- c:\windows\system32\wininet.dll
2013-12-11 11:00 . 2013-12-11 10:59 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-12-11 11:00 . 2013-12-11 10:59 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-12-11 11:00 . 2013-12-11 11:00 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-12-11 11:00 . 2013-12-11 10:59 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-12-11 11:00 . 2013-12-11 10:59 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-12-11 11:00 . 2013-12-11 10:59 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
2013-12-11 11:00 . 2013-12-11 10:59 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-12-11 11:00 . 2013-12-11 11:00 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-12-11 11:00 . 2013-12-11 10:59 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2013-12-11 11:00 . 2013-12-11 10:59 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-12-11 11:00 . 2013-12-11 11:00 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-12-11 11:00 . 2013-12-11 10:59 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-12-11 11:00 . 2013-12-11 10:59 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-12-11 11:00 . 2013-12-11 10:59 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2013-12-11 11:00 . 2013-12-11 10:59 1395200 ----a-w- c:\windows\system32\urlmon.dll
2013-12-11 11:00 . 2013-12-11 10:59 66048 ----a-w- c:\windows\system32\iesetup.dll
2013-12-11 11:00 . 2013-12-11 10:59 33792 ----a-w- c:\windows\system32\iernonce.dll
2013-12-11 11:00 . 2013-12-11 10:59 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2013-12-11 11:00 . 2013-12-11 10:59 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-12-11 10:59 . 2013-12-11 10:56 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-12-11 10:59 . 2013-12-11 10:56 2048 ----a-w- c:\windows\system32\tzres.dll
2013-12-11 10:57 . 2013-12-11 10:55 202752 ----a-w- c:\windows\system32\scrrun.dll
2013-12-11 10:57 . 2013-12-11 10:55 163840 ----a-w- c:\windows\SysWow64\scrrun.dll
2013-12-11 10:57 . 2013-12-11 10:55 141824 ----a-w- c:\windows\SysWow64\wscript.exe
2013-12-11 10:57 . 2013-12-11 10:55 126976 ----a-w- c:\windows\SysWow64\cscript.exe
2013-12-11 10:57 . 2013-12-11 10:55 121856 ----a-w- c:\windows\SysWow64\wshom.ocx
2013-12-11 10:57 . 2013-12-11 10:55 168960 ----a-w- c:\windows\system32\wscript.exe
2013-12-11 10:57 . 2013-12-11 10:55 156160 ----a-w- c:\windows\system32\cscript.exe
2013-12-11 10:57 . 2013-12-11 10:55 150016 ----a-w- c:\windows\system32\wshom.ocx
2013-11-20 11:41 . 2013-11-20 11:41 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-20 11:41 . 2013-11-20 11:41 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-11-20 11:41 . 2013-11-20 11:41 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-11-20 11:41 . 2013-11-20 11:41 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-11-20 11:41 . 2013-11-20 11:41 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-11-20 11:41 . 2013-11-20 11:41 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-11-20 11:41 . 2013-11-20 11:41 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-20 11:41 . 2013-11-20 11:41 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-11-20 11:41 . 2013-11-20 11:41 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-11-20 11:41 . 2013-11-20 11:41 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-11-20 11:41 . 2013-11-20 11:41 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-11-20 11:41 . 2013-11-20 11:41 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-11-20 11:41 . 2013-11-20 11:41 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-11-20 11:41 . 2013-11-20 11:41 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-11-20 11:41 . 2013-11-20 11:41 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-11-20 11:41 . 2013-11-20 11:41 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-11-20 11:41 . 2013-11-20 11:41 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-11-20 11:41 . 2013-11-20 11:41 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-11-20 11:41 . 2013-11-20 11:41 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{3ba34663-845a-4931-a6f3-1e033ec342a7}"= "c:\program files (x86)\Thoosje\tbThoo.dll" [2009-11-09 2331672]
.
[HKEY_CLASSES_ROOT\clsid\{3ba34663-845a-4931-a6f3-1e033ec342a7}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{3ba34663-845a-4931-a6f3-1e033ec342a7}"= "c:\program files (x86)\Thoosje\tbThoo.dll" [2009-11-09 2331672]
.
[HKEY_CLASSES_ROOT\clsid\{3ba34663-845a-4931-a6f3-1e033ec342a7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ConMet"="c:\program files (x86)\ConMet\ConMet.exe" [2014-02-11 4879360]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2011-02-25 1475584]
"EACBCFD0F46DF5666E46FD6B80E43805B32C59E0._service_run"="c:\users\Sipan\AppData\Local\Google\Chrome\Application\chrome.exe" [2014-02-01 866632]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-18 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"RUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe" [2012-04-23 115048]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2009-09-03 60928]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [x]
R3 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R3 AVerRemote;AVerRemote;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [x]
R3 AVerScheduleService;AVerScheduleService;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [x]
R3 cpuz134;cpuz134;c:\users\Sipan\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\Sipan\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV64.sys;c:\windows\SYSNATIVE\DRIVERS\HtcVComV64.sys [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/02/27 03:01];c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\000.fcl [x]
S2 CMService;Connection Meter Service;c:\program files (x86)\ConMet\CMService.exe;c:\program files (x86)\ConMet\CMService.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 AVerAF35;AVerMedia A835 USB DVB-T;c:\windows\system32\Drivers\AVerAF35.sys;c:\windows\SYSNATIVE\Drivers\AVerAF35.sys [x]
S3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\DRIVERS\gMouPS2.sys;c:\windows\SYSNATIVE\DRIVERS\gMouPS2.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys;c:\windows\SYSNATIVE\DRIVERS\lv302a64.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
S3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\rusb3hub.sys [x]
S3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\rusb3xhc.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Obsah adresáře 'Naplánované úlohy'
.
2014-02-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 11:03]
.
2014-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce800e1178f2a.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-18 15:52]
.
2014-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA1ceeb572d7cb918.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-18 15:52]
.
2014-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2917469893-3124766191-615469299-1000Core1cef65ff94f5d09.job
- c:\users\Sipan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-06 13:31]
.
2014-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2917469893-3124766191-615469299-1000UA1ce801461566690.job
- c:\users\Sipan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-06 13:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-12-06 14:47 778704 -c--a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 14:47 778704 -c--a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-12-06 14:47 778704 -c--a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-12-06 14:47 778704 -c--a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-12-06 14:47 778704 -c--a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-01-17 13662936]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-09-12 5618456]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.netbox.cz
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
Trusted Zone: centrum.cz\mail
TCP: DhcpNameServer = 83.240.0.214 83.240.0.136
DPF: {DB28CF23-0083-40B5-BF63-69925D672385} - hxxp://www.nero.com/doc/NeroVersionChecker.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Festina_ScreenSaver - c:\windows\system32\Festina_ScreenSaver.scr
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-02-11 14:13:56
ComboFix-quarantined-files.txt 2014-02-11 13:13
ComboFix2.txt 2014-02-11 13:02
ComboFix3.txt 2014-02-11 12:48
.
Před spuštěním: Volných bajtů: 113 637 994 496
Po spuštění: Volných bajtů: 113 634 881 536
.
- - End Of File - - 3A32E2C8C6ED6451ACE60A5D4E83306D
413FC2A0C716421B3158746D63736515

[vyosek]

Zdravim

:arrow:Co se tyce ComboFixu, ktery jste pouzil, tak na zaklade licence a pravidel fora ptam, umite s nim pracovat (spusteni, rozlusteni logu, napsani skriptu)?

Licencni podminky ComboFixu hovori jasne "Nikdy by nemel byt pouzit v prostredi bez dozoru zkusene osoby"


Nebezpeci CFka

• Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
• Maze stopy po haveti, takze v logu z RSIT neni nic videt
• Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
• CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
• CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

[Alexandros]

Ano...pokora nadevše. Přečtu si to. Víte, jak je to s časem. Za rohem na Vás čeká ještě kupa přečtení. Jenom skromný dotaz...Proč mám teda v PC antivira?

[vyosek]

Zadny antivir neochrani na 100% a nejdulezitejsi pri bezpecnosti je rozum a premyslet co delam

Jen se jeste zeptam pouzivate legalni operacni system, nejvyssi licence Ultimate zrovna neni bezna domaci verze