ComboFix 17-10-17.01 - Míša 21.10.2017 20:09:12.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4030.2396 [GMT 2:00] Spuštěný z: c:\users\Míša\Downloads\ComboFix.exe AV: ESET NOD32 Antivirus 10.0.390.0 *Disabled/Updated* {EC1D6F37-E411-475A-DF50-12FF7FE4AC70} SP: ESET NOD32 Antivirus 10.0.390.0 *Disabled/Updated* {577C8ED3-C22B-48D4-E5E0-298D0463E6CD} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Vytvořen nový Bod Obnovení . . ((((((((((((((((((((((((((((((((((((((( Ostatní výmazy ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\TrueKey\McAfeeTrueKeyPasswordFilter.dll c:\programdata\ntuser.pol c:\windows\SysWow64\DEBUG.log c:\windows\wininit.ini . . ((((((((((((((((((((((((( Soubory vytvořené od 2017-09-21 do 2017-10-21 ))))))))))))))))))))))))))))))) . . 2017-10-21 18:33 . 2017-10-21 18:33 -------- d-----w- c:\users\Public\AppData\Local\temp 2017-10-21 18:33 . 2017-10-21 18:33 -------- d-----w- c:\users\Default\AppData\Local\temp 2017-10-20 14:25 . 2017-10-20 14:25 -------- d-----w- c:\program files\NETGATE 2017-10-19 16:47 . 2017-10-20 16:35 -------- d-----w- c:\program files\CCleaner 2017-10-19 15:31 . 2017-10-19 15:31 -------- d-----w- c:\users\Míša\AppData\Local\ElevatedDiagnostics 2017-10-19 15:23 . 2017-10-20 17:49 -------- d-----w- c:\program files\ESET 2017-10-19 14:30 . 2017-10-19 14:30 -------- d-----w- c:\users\Míša\AppData\Roaming\AVAST Software 2017-10-10 12:27 . 2017-10-20 14:18 -------- d-----w- c:\programdata\Reimage Protector 2017-10-10 07:25 . 2017-10-10 07:25 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{44A525D7-5041-44E5-8324-6AB50304F03F}\offreg.2380.dll 2017-10-04 03:43 . 2017-10-04 03:43 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{44A525D7-5041-44E5-8324-6AB50304F03F}\offreg.2364.dll 2017-09-30 19:44 . 2017-10-20 16:35 -------- d-----w- c:\programdata\McAfee Security Scan 2017-09-27 01:59 . 2017-09-27 01:59 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{44A525D7-5041-44E5-8324-6AB50304F03F}\offreg.2376.dll 2017-09-27 01:56 . 2017-08-13 16:27 13482976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{44A525D7-5041-44E5-8324-6AB50304F03F}\mpengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M výpis )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2017-10-20 17:53 . 2016-08-08 08:19 70960 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys 2017-10-20 17:53 . 2016-08-08 08:19 180544 ----a-w- c:\windows\system32\drivers\ehdrv.sys 2017-10-20 17:53 . 2016-08-08 08:19 132272 ----a-w- c:\windows\system32\drivers\eamonm.sys 2017-10-17 01:20 . 2016-03-26 18:54 803328 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2017-10-17 01:20 . 2016-03-26 18:54 144896 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl . . (((((((((((((((((((((((((((((((((( Spouštěcí body v registru ))))))))))))))))))))))))))))))))))))))))))))) . . *Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BingSvc"="c:\users\Míša\AppData\Local\Microsoft\BingSvc\BingSvc.exe" [2016-04-12 144008] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2017-08-25 27832272] "DAEMON Tools Lite Automount"="c:\program files\DAEMON Tools Lite\DTAgent.exe" [2017-02-07 4701888] "cz.seznam.software.autoupdate"="c:\users\Míša\AppData\Roaming\Seznam.cz\szninstall.exe" [BU] "cz.seznam.software.szndesktop"="c:\users\Míša\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" [BU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-26 283160] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048] "seznam-listicka-distribuce"="c:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-03-20 595480] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.11.599\SSScheduler.exe [2017-9-5 545224] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" . R0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x] R3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.11.599\McCHSvc.exe;c:\program files\McAfee Security Scan\3.11.599\McCHSvc.exe [x] R3 TrueKeyServiceHelper;TrueKeyServiceHelper;c:\program files\TrueKey\McAfee.TrueKey.ServiceHelper.exe;c:\program files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x] S1 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x] S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 ReimageRealTimeProtector;Reimage Real Time Protector;c:\program files\Reimage\Reimage Protector\ReiGuard.exe;c:\program files\Reimage\Reimage Protector\ReiGuard.exe [x] S2 SpyEmrgHealth;Spy Emergency Health Check;c:\program files\NETGATE\Spy Emergency\SpyEmergencyHealth.exe;c:\program files\NETGATE\Spy Emergency\SpyEmergencyHealth.exe [x] S2 TrueKey;Intel Security True Key;c:\program files\TrueKey\McAfee.TrueKey.Service.exe;c:\program files\TrueKey\McAfee.TrueKey.Service.exe [x] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x] S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [x] S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x] S3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\DRIVERS\dtliteusbbus.sys;c:\windows\SYSNATIVE\DRIVERS\dtliteusbbus.sys [x] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [x] S4 SpyEmrg;Spy Emergency Driver;c:\windows\system32\Drivers\spyemrg.sys;c:\windows\SYSNATIVE\Drivers\spyemrg.sys [x] S4 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\Drivers\spyemrg_guard.sys;c:\windows\SYSNATIVE\Drivers\spyemrg_guard.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] LocalServices REG_MULTI_SZ MSLN [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] c:\program files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe [BU] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}] 2017-07-31 22:31 324080 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-09-20 1664000] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2016-03-15 173672] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2016-03-15 401512] "Persistence"="c:\windows\system32\igfxpers.exe" [2016-03-15 444008] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . ------- Doplňkový sken ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: E&xportovat do Microsoft Excelu - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000 Trusted Zone: eset.com\help TCP: DhcpNameServer = 213.46.172.37 213.46.172.36 FF - ProfilePath - c:\users\Míša\AppData\Roaming\Mozilla\Firefox\Profiles\fcivdc8k.default\ FF - prefs.js: browser.search.selectedEngine - nice FF - prefs.js: browser.startup.homepage - hxxp://www.nicesearches.com?type=hp&ts=1473060851&from=4a200902&uid=wdcxwd5000lpcx-00vhat0_wd-wxn1e65c2wkac2wka&z=9aa4c6f8bae4458b01c9f1fg9z8mfc6e1qfefb6w4o FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q= # Mozilla User Preferences /* Do not edit this file. * * If you make changes to this file while the application is running, * the changes will be overwritten when the application exits. * * To make a manual change to preferences, you can visit the URL about:config */ FF - user.js: browser.newtab.url - hxxp://www.nicesearches.com?type=hp&ts=1473060851&from=4a200902&uid=wdcxwd5000lpcx-00vhat0_wd-wxn1e65c2wkac2wka&z=9aa4c6f8bae4458b01c9f1fg9z8mfc6e1qfefb6w4o FF - user.js: browser.search.defaultenginename - nice FF - user.js: browser.search.order.1 - nice FF - user.js: browser.search.searchengine.alias - FF - user.js: browser.search.searchengine.iconURL - hxxp://www.nicesearches.com/favicon.ico?t=1 FF - user.js: browser.search.searchengine.name - nice FF - user.js: browser.search.searchengine.ref - FF - user.js: browser.search.searchengine.ts - 1467180446 FF - user.js: browser.search.searchengine.type - FF - user.js: browser.search.searchengine.uid - wdcxwd5000lpcx-00vhat0_wd-wxn1e65c2wkac2wka FF - user.js: browser.search.searchengine.url - hxxp://www.nicesearches.com/search.php?type=ds&ts=1467180446&from=84040629&uid=wdcxwd5000lpcx-00vhat0_wd-wxn1e65c2wkac2wka&z=5c37ef0aef63a175a81e7fdg1z0qemeg4bfefz0z8b&q={searchTerms} FF - user.js: browser.search.selectedEngine - nice FF - user.js: browser.search.useDBForOrder - true FF - user.js: browser.sessionstore.max_tabs_undo - 0 FF - user.js: browser.sessionstore.max_windows_undo - 0 FF - user.js: browser.sessionstore.resume_from_crash - false FF - user.js: browser.sessionstore.resume_session_once - false FF - user.js: browser.startup.homepage - hxxp://www.nicesearches.com?type=hp&ts=1473060851&from=4a200902&uid=wdcxwd5000lpcx-00vhat0_wd-wxn1e65c2wkac2wka&z=9aa4c6f8bae4458b01c9f1fg9z8mfc6e1qfefb6w4o . - - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - - . Wow6432Node-HKCU-Run-SpyEmergency - c:\program files\NETGATE\Spy Emergency\SpyEmergency.exe ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file) ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file) . . . --------------------- ZAMKNUTÉ KLÍČE V REGISTRU --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Celkový čas: 2017-10-21 20:37:50 ComboFix-quarantined-files.txt 2017-10-21 18:37 ComboFix2.txt 2017-10-19 15:10 ComboFix3.txt 2017-04-03 22:55 . Před spuštěním: Volných bajtů: 108 693 106 688 Po spuštění: Volných bajtů: 108 401 238 016 . - - End Of File - - 638FF83B84ECD0536BB1C496D09FD9F0