prosim o kontrolu

Zpráva

asdasd · #1 Příspěvek od **asdasd** » 05 pro 2014 18:51

DDS: http://pastebin.com/mJrisKMF
RSIT: http://pastebin.com/fxhembWi
FRST: http://pastebin.com/UaCfijfb

dal jsem to na pastebin protoze to ma moc znaku..nemam problem to cele prekopirovat ve dvou prispevcich pokud je to potreba

#2 Příspěvek od **Roli** » 05 pro 2014 20:47

Zdravím, smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém

Přes Start >> Všechny programy >> Příslušenství >> Spustit >> napiš - services.msc >> Enter. Najdi službu :

ICQ Service
Nero BackItUp Scheduler 4.0

dvojklikem se otevře karta kde nejprve službu zastav tlačítkem Zastavit u položky Typ spouštění vyber Zakázáno a klik na OK.

Stáhni a ulož na plochu AdwCleaner,

ukonči všechny programy včetně prohlížeče a dvojklikem spusť,

objeví se okno kde vlevo nahoře klikni na Scan.

Po té proběhne sken a po jeho skončení klikni na Report a to co na Tebe vypadne mi sem zkopíruj.

asdasd · #3 Příspěvek od **asdasd** » 05 pro 2014 21:59

# AdwCleaner v4.104 - Report created 05/12/2014 at 21:21:39
# Updated 05/12/2014 by Xplode
# Database : 2014-12-03.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : u anticheat - PC-PC
# Running from : C:\Users\u anticheat\Desktop\adwcleaner_4.104.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : hsstrayservice
Service Deleted : hsswd
[#] Service Deleted : ICQ Service

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\hotspot shield
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\rvlkl
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\ytd video downloader
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Folder Deleted : C:\Program Files (x86)\FirstRowSportApp.com
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Program Files (x86)\hotspot shield
Folder Deleted : C:\Program Files (x86)\IObit Toolbar
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Windows\SysWOW64\hotspot shield
Folder Deleted : C:\Users\UANTIC~1\AppData\Local\Temp\hotspot shield
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\hotspot shield
Folder Deleted : C:\Users\PC\AppData\Local\CrashRpt
Folder Deleted : C:\Users\PC\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\u anticheat\AppData\Local\CrashRpt
Folder Deleted : C:\Users\u anticheat\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\u anticheat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FirstRowSportApp.com
Folder Deleted : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Folder Deleted : C:\Users\u anticheat\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\rvlkl.lnk
File Deleted : C:\Users\u anticheat\AppData\Roaming\Mozilla\Firefox\Profiles\58y5cekz.default\searchplugins\Babylon.xml

***** [ Scheduled Tasks ] *****

Task Deleted : BrowserProtect
Task Deleted : EPUpdater
Task Deleted : Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kkfggacklibaabdomphfdpcodjgihgon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{785E12BF-B2DF-4A41-93A6-D71184070EBE}
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKLM\SOFTWARE\Driver-Soft
Key Deleted : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Key Deleted : HKLM\SOFTWARE\hotspotshield
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshield
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17148

-\\ Mozilla Firefox v33.1 (x86 cs)

[58y5cekz.default\prefs.js] - Line Deleted : user_pref("extensions.brandthunder.websearchplus", false);

-\\ Google Chrome v

-\\ Opera v0.0.0.0

*************************

AdwCleaner[R0].txt - [61187 octets] - [09/09/2013 17:32:21]
AdwCleaner[R1].txt - [10870 octets] - [05/12/2014 21:18:57]
AdwCleaner[S0].txt - [60950 octets] - [09/09/2013 17:34:42]
AdwCleaner[S1].txt - [10685 octets] - [05/12/2014 21:21:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [10746 octets] ##########

#4 Příspěvek od **Roli** » 06 pro 2014 19:54

Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.

V případě nejasností je ZDE obrázkový návod.

asdasd · #5 Příspěvek od **asdasd** » 07 pro 2014 21:56

ComboFix 14-12-07.01 - u anticheat 07.12.2014 21:31:38.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8191.5177 [GMT 1:00]
Spuštěný z: c:\users\u anticheat\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\UltraVPN\bin\openvpn-gui.exe
c:\users\u anticheat\AppData\Local\MSGBOX.EXE
c:\users\u anticheat\AppData\Roaming\apachesrvin.vbs
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-11-07 do 2014-12-07 )))))))))))))))))))))))))))))))
.
.
2014-12-07 20:46 . 2014-12-07 20:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-12-07 20:33 . 2014-12-07 20:33 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B6FCA18F-3A68-4030-ADDA-E9825A2F3AA5}\offreg.dll
2014-12-05 15:48 . 2014-12-05 15:48 -------- dc----w- C:\rsit
2014-12-05 15:48 . 2014-12-05 15:48 -------- d-----w- c:\program files\trend micro
2014-12-05 15:38 . 2014-12-05 15:41 -------- dc----w- C:\FRST
2014-11-30 03:50 . 2014-11-30 03:50 -------- d-----w- c:\users\u anticheat\.idlerc
2014-11-30 03:44 . 2014-11-30 03:44 -------- dc----w- C:\dev
2014-11-30 03:40 . 2014-11-30 03:40 -------- dc----w- C:\Python27
2014-11-29 05:23 . 2014-11-29 05:23 -------- d-----w- c:\users\PC\AppData\Roaming\GameXN
2014-11-29 05:22 . 2014-11-29 05:22 -------- d-----w- c:\users\PC\AppData\Roaming\AVAST Software
2014-11-29 05:22 . 2014-11-29 05:23 -------- d-----w- c:\users\PC\AppData\Local\GameXN
2014-11-17 22:05 . 2014-11-17 22:05 -------- d-----w- c:\users\u anticheat\AppData\Roaming\NuGet
2014-11-17 20:36 . 2014-11-17 20:36 1121344 ----a-w- c:\programdata\Microsoft\WDExpress\12.0\1033\ResourceCache.dll
2014-11-17 20:29 . 2014-11-17 20:29 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 11.0
2014-11-17 20:20 . 2014-11-17 20:20 -------- d-----w- c:\programdata\NuGet
2014-11-17 20:20 . 2014-11-17 20:20 -------- d-----w- c:\program files (x86)\NuGet
2014-11-17 20:14 . 2014-11-17 20:14 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
2014-11-17 20:05 . 2014-11-17 20:06 -------- d-----w- c:\program files (x86)\Windows Kits
2014-11-17 20:05 . 2014-11-17 20:05 -------- d-----w- c:\program files (x86)\Common Files\Microsoft
2014-11-17 20:02 . 2014-11-17 20:02 -------- d-----w- c:\program files (x86)\Microsoft Help Viewer
2014-11-17 20:02 . 2014-11-17 20:24 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2014-11-17 20:01 . 2014-11-17 20:01 -------- d-----w- c:\windows\SysWow64\1033
2014-11-17 20:01 . 2014-11-17 20:01 -------- d-----w- c:\windows\system32\1033
2014-11-17 20:01 . 2014-11-17 20:33 -------- d-----w- c:\program files\Microsoft SQL Server
2014-11-17 20:01 . 2014-11-17 20:32 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2014-11-17 19:59 . 2014-11-17 19:59 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2014-11-17 19:57 . 2014-11-17 20:32 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 12.0
2014-11-17 19:49 . 2014-11-17 19:49 -------- d-----w- c:\windows\Migration
2014-11-17 19:39 . 2014-11-17 19:39 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2014-11-17 16:20 . 2014-11-17 16:20 -------- d-----w- C:\Tor Browser
2014-11-17 13:48 . 2013-02-17 00:40 28672 ----a-w- c:\windows\system32\IEUDINIT.EXE
2014-11-17 13:42 . 2014-11-17 13:42 68608 ----a-w- c:\windows\system32\taskhost.exe
2014-11-17 13:38 . 2014-11-17 13:38 1887232 ----a-w- c:\windows\system32\d3d11.dll
2014-11-17 13:38 . 2014-11-17 13:38 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-26 13:43 . 2012-05-05 13:17 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-26 13:43 . 2012-05-05 13:17 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-22 00:32 . 2012-05-26 12:46 1041168 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-10-24 18:00 . 2014-10-24 18:00 7068816 ----a-w- c:\windows\system32\dxcapturereplay.dll
2014-10-24 18:00 . 2014-10-24 18:00 286352 ----a-w- c:\windows\system32\perf_gputiming.dll
2014-10-24 18:00 . 2014-10-24 18:00 812688 ----a-w- c:\windows\system32\dxcap.exe
2014-10-24 18:00 . 2014-10-24 18:00 937104 ----a-w- c:\windows\system32\dxtoolsofflineanalysis.dll
2014-10-24 18:00 . 2014-10-24 18:00 555664 ----a-w- c:\windows\system32\d2d1debug2.dll
2014-10-24 18:00 . 2014-10-24 18:00 5357712 ----a-w- c:\windows\system32\vsgraphicsremoteengine.exe
2014-10-24 18:00 . 2014-10-24 18:00 99992 ----a-w- c:\windows\system32\vsgraphicsproxystub.dll
2014-10-24 18:00 . 2014-10-24 18:00 91800 ----a-w- c:\windows\system32\vsd3dwarpdebug.dll
2014-10-24 18:00 . 2014-10-24 18:00 79512 ----a-w- c:\windows\system32\VSD3DRefDebug.dll
2014-10-24 18:00 . 2014-10-24 18:00 213136 ----a-w- c:\windows\system32\vsgraphicscapture.dll
2014-10-24 18:00 . 2014-10-24 18:00 1181336 ----a-w- c:\windows\system32\vsgraphicsexperiment.dll
2014-10-24 18:00 . 2014-10-24 18:00 112272 ----a-w- c:\windows\system32\dxtoolsreportgenerator.dll
2014-10-24 18:00 . 2014-10-24 18:00 775824 ----a-w- c:\windows\system32\d3d11ref.dll
2014-10-24 18:00 . 2014-10-24 18:00 669328 ----a-w- c:\windows\system32\d3d10sdklayers.dll
2014-10-24 18:00 . 2014-10-24 18:00 505488 ----a-w- c:\windows\system32\d3dref9.dll
2014-10-24 18:00 . 2014-10-24 18:00 470160 ----a-w- c:\windows\system32\d3d10ref.dll
2014-10-24 18:00 . 2014-10-24 18:00 250000 ----a-w- c:\windows\system32\dxcpl.exe
2014-10-24 18:00 . 2014-10-24 18:00 179344 ----a-w- c:\windows\system32\dxtoolsmonitor.dll
2014-10-24 18:00 . 2014-10-24 18:00 162960 ----a-w- c:\windows\system32\dxtoolsreporting.dll
2014-10-24 18:00 . 2014-10-24 18:00 149648 ----a-w- c:\windows\system32\dxgidebug.dll
2014-10-24 18:00 . 2014-10-24 18:00 1258640 ----a-w- c:\windows\system32\d3d11_2sdklayers.dll
2014-10-24 17:21 . 2014-10-24 17:21 72336 ----a-w- c:\windows\SysWow64\vsd3dwarpdebug.dll
2014-10-24 17:21 . 2014-10-24 17:21 673944 ----a-w- c:\windows\SysWow64\dxtoolsofflineanalysis.dll
2014-10-24 17:21 . 2014-10-24 17:21 60048 ----a-w- c:\windows\SysWow64\VSD3DRefDebug.dll
2014-10-24 17:21 . 2014-10-24 17:21 3904656 ----a-w- c:\windows\SysWow64\vsgraphicsremoteengine.exe
2014-10-24 17:21 . 2014-10-24 17:21 900248 ----a-w- c:\windows\SysWow64\vsgraphicsexperiment.dll
2014-10-24 17:21 . 2014-10-24 17:21 5281944 ----a-w- c:\windows\SysWow64\dxcapturereplay.dll
2014-10-24 17:21 . 2014-10-24 17:21 217232 ----a-w- c:\windows\SysWow64\perf_gputiming.dll
2014-10-24 17:21 . 2014-10-24 17:21 141976 ----a-w- c:\windows\SysWow64\dxtoolsmonitor.dll
2014-10-24 17:21 . 2014-10-24 17:21 963728 ----a-w- c:\windows\SysWow64\d3d11_2sdklayers.dll
2014-10-24 17:21 . 2014-10-24 17:21 643224 ----a-w- c:\windows\SysWow64\d3d11ref.dll
2014-10-24 17:21 . 2014-10-24 17:21 603288 ----a-w- c:\windows\SysWow64\dxcap.exe
2014-10-24 17:21 . 2014-10-24 17:21 50328 ----a-w- c:\windows\SysWow64\vsgraphicsproxystub.dll
2014-10-24 17:21 . 2014-10-24 17:21 490136 ----a-w- c:\windows\SysWow64\d3d10sdklayers.dll
2014-10-24 17:21 . 2014-10-24 17:21 398488 ----a-w- c:\windows\SysWow64\d3dref9.dll
2014-10-24 17:21 . 2014-10-24 17:21 373400 ----a-w- c:\windows\SysWow64\d3d10ref.dll
2014-10-24 17:21 . 2014-10-24 17:21 237208 ----a-w- c:\windows\SysWow64\dxcpl.exe
2014-10-24 17:21 . 2014-10-24 17:21 167568 ----a-w- c:\windows\SysWow64\vsgraphicscapture.dll
2014-10-24 17:21 . 2014-10-24 17:21 120984 ----a-w- c:\windows\SysWow64\dxtoolsreporting.dll
2014-10-24 17:21 . 2014-10-24 17:21 117912 ----a-w- c:\windows\SysWow64\dxgidebug.dll
2014-10-24 17:21 . 2014-10-24 17:21 112280 ----a-w- c:\windows\SysWow64\dxtoolsreportgenerator.dll
2014-10-24 17:21 . 2014-10-24 17:21 383640 ----a-w- c:\windows\SysWow64\d2d1debug2.dll
2014-10-17 22:11 . 2014-09-28 17:16 120 ----a-w- c:\users\u anticheat\AppData\Roaming\die.bat
2014-10-03 12:38 . 2011-02-11 13:44 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-10-02 15:00 . 2014-10-02 15:01 92008 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-10-02 15:00 . 2014-10-02 15:01 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-10-02 15:00 . 2013-06-27 18:02 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-10-02 15:00 . 2013-06-27 18:02 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-10-02 15:00 . 2012-05-26 12:46 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-10-02 15:00 . 2011-02-11 13:44 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-10-02 15:00 . 2011-02-11 13:44 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-10-02 15:00 . 2014-10-02 15:00 43152 ----a-w- c:\windows\avastSS.scr
2014-09-27 12:38 . 2013-01-04 22:56 281872 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-09-27 12:38 . 2013-01-04 22:56 281872 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-09-27 12:38 . 2013-01-04 22:56 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C3947F4E-8894-4C04-98E0-DF182C706DDF}]
2010-12-09 16:02 86696 ----a-w- c:\program files (x86)\wbtooltb\wbtoolDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{C3947F4E-8894-4C04-98E0-DF182C706DDF}"= "c:\program files (x86)\wbtooltb\wbtoolDx.dll" [2010-12-09 86696]
.
[HKEY_CLASSES_ROOT\clsid\{c3947f4e-8894-4c04-98e0-df182c706ddf}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-12-21 1483264]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-11-21 7063832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2011-07-12 1764352]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-09-15 295512]
"vmware-tray.exe"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2014-06-12 112856]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2014-10-03 4085896]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-12-01 3835728]
.
c:\users\u anticheat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GamersFirst LIVE!.lnk - c:\users\u anticheat\AppData\Local\GamersFirst\LIVE!\Live.exe /silent [2013-6-25 2878504]
Xfire.lnk - c:\program files (x86)\Xfire\Xfire.exe [2013-3-21 3560832]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-9-11 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
R3 FairplayKD;FairplayKD;c:\programdata\MTA San Andreas All\Common\temp\FairplayKD.sys;c:\programdata\MTA San Andreas All\Common\temp\FairplayKD.sys [x]
R3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys;c:\windows\SYSNATIVE\Drivers\qd162x64.sys [x]
R3 ioatdma2;ioatdma2;c:\windows\System32\Drivers\qd252x64.sys;c:\windows\SYSNATIVE\Drivers\qd252x64.sys [x]
R3 NmPar;MosChip PCI Parallel Port;c:\windows\system32\DRIVERS\NmPar.sys;c:\windows\SYSNATIVE\DRIVERS\NmPar.sys [x]
R3 nmserial;MosChip PCI Serial Port;c:\windows\system32\DRIVERS\nmserial.sys;c:\windows\SYSNATIVE\DRIVERS\nmserial.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [x]
R3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 XFDriver64;XFDriver64;c:\program files (x86)\Xfire2\XFDriver64.sys;c:\program files (x86)\Xfire2\XFDriver64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 ioatdma;Intel(R) QuickData Technology device;c:\windows\System32\Drivers\ioatdma.sys;c:\windows\SYSNATIVE\Drivers\ioatdma.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 CGVPNCliService;CyberGhost 5 Client Service;c:\program files\CyberGhost 5\Service.exe;c:\program files\CyberGhost 5\Service.exe [x]
S2 EslWireHelper;ESL Wire Helper Service;c:\program files\EslWire\service\WireHelperSvc.exe;c:\program files\EslWire\service\WireHelperSvc.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 vstor2-mntapi20-shared;Vstor2 MntApi 2.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi20-shared.sys;SysWOW64\drivers\vstor2-mntapi20-shared.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2014-12-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-23 13:43]
.
2014-12-01 c:\windows\Tasks\Norton Security Scan for PC.job
- c:\progra~2\NORTON~2\Engine\300~1.103\Nss.exe [2011-04-01 22:47]
.
2014-11-29 c:\windows\Tasks\ReclaimerUpdateFiles_u anticheat.job
- c:\users\u anticheat\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-11-14 22:08]
.
2014-11-30 c:\windows\Tasks\ReclaimerUpdateXML_u anticheat.job
- c:\users\u anticheat\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-11-14 22:08]
.
2014-12-07 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_u anticheat.job
- c:\users\u anticheat\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-11-14 22:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-10-02 15:00 634872 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe
FF - ProfilePath - c:\users\u anticheat\AppData\Roaming\Mozilla\Firefox\Profiles\58y5cekz.default\
FF - prefs.js: network.proxy.http - 212.54.128.40
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-openvpn-gui - c:\program files (x86)\UltraVPN\bin\openvpn-gui.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-MixPad - c:\program files (x86)\NCH Software\MixPad\uninst.exe
AddRemove-PhotoStage - c:\program files (x86)\NCH Software\PhotoStage\uninst.exe
AddRemove-Prism - c:\program files (x86)\NCH Software\Prism\uninst.exe
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~2\UNWISE.EXE
AddRemove-VideoPad - c:\program files (x86)\NCH Software\VideoPad\uninst.exe
AddRemove-WavePad - c:\program files (x86)\NCH Software\WavePad\uninst.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-610051353-838362018-521060816-1009\Software\SecuROM\License information*]
"datasecu"=hex:42,70,4d,32,7a,f6,a4,6f,e2,04,69,ac,3d,e7,ef,fe,f0,1a,22,7f,f3,
43,f0,5f,27,2d,02,9e,7a,b6,88,b3,b0,09,49,72,af,93,b5,62,12,3c,76,b5,26,1d,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-12-07 21:52:21
ComboFix-quarantined-files.txt 2014-12-07 20:52
.
Před spuštěním: Volných bajtů: 201 295 450 112
Po spuštění: Volných bajtů: 213 588 996 096
.
- - End Of File - - 9EB45943D96EFBAA71FD9C77A075E35D
A36C5E4F47E84449FF07ED3517B43A31

Snad jen dodam, ze oproti 10 minutam to trvalo vo neco dele, rekl bych tak 25.

#6 Příspěvek od **Roli** » 08 pro 2014 21:15

Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

RegLock:: 
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:

Obrázek

Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

asdasd · #7 Příspěvek od **asdasd** » 09 pro 2014 16:49

ComboFix 14-12-08.01 - u anticheat 09.12.2014 16:24:48.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8191.6112 [GMT 1:00]
Spuštěný z: c:\users\u anticheat\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\u anticheat\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-11-09 do 2014-12-09 )))))))))))))))))))))))))))))))
.
.
2014-12-09 15:39 . 2014-12-09 15:39 -------- d-----w- c:\users\PC\AppData\Local\temp
2014-12-09 15:39 . 2014-12-09 15:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-12-05 15:48 . 2014-12-05 15:48 -------- dc----w- C:\rsit
2014-12-05 15:48 . 2014-12-05 15:48 -------- d-----w- c:\program files\trend micro
2014-12-05 15:38 . 2014-12-05 15:41 -------- dc----w- C:\FRST
2014-11-30 03:50 . 2014-11-30 03:50 -------- d-----w- c:\users\u anticheat\.idlerc
2014-11-30 03:44 . 2014-11-30 03:44 -------- dc----w- C:\dev
2014-11-30 03:40 . 2014-11-30 03:40 -------- dc----w- C:\Python27
2014-11-29 05:23 . 2014-11-29 05:23 -------- d-----w- c:\users\PC\AppData\Roaming\GameXN
2014-11-29 05:22 . 2014-11-29 05:22 -------- d-----w- c:\users\PC\AppData\Roaming\AVAST Software
2014-11-29 05:22 . 2014-11-29 05:23 -------- d-----w- c:\users\PC\AppData\Local\GameXN
2014-11-17 22:05 . 2014-11-17 22:05 -------- d-----w- c:\users\u anticheat\AppData\Roaming\NuGet
2014-11-17 20:36 . 2014-11-17 20:36 1121344 ----a-w- c:\programdata\Microsoft\WDExpress\12.0\1033\ResourceCache.dll
2014-11-17 20:29 . 2014-11-17 20:29 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 11.0
2014-11-17 20:20 . 2014-11-17 20:20 -------- d-----w- c:\programdata\NuGet
2014-11-17 20:20 . 2014-11-17 20:20 -------- d-----w- c:\program files (x86)\NuGet
2014-11-17 20:14 . 2014-11-17 20:14 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
2014-11-17 20:05 . 2014-11-17 20:06 -------- d-----w- c:\program files (x86)\Windows Kits
2014-11-17 20:05 . 2014-11-17 20:05 -------- d-----w- c:\program files (x86)\Common Files\Microsoft
2014-11-17 20:02 . 2014-11-17 20:02 -------- d-----w- c:\program files (x86)\Microsoft Help Viewer
2014-11-17 20:02 . 2014-11-17 20:24 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2014-11-17 20:01 . 2014-11-17 20:01 -------- d-----w- c:\windows\SysWow64\1033
2014-11-17 20:01 . 2014-11-17 20:01 -------- d-----w- c:\windows\system32\1033
2014-11-17 20:01 . 2014-11-17 20:33 -------- d-----w- c:\program files\Microsoft SQL Server
2014-11-17 20:01 . 2014-11-17 20:32 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2014-11-17 19:59 . 2014-11-17 19:59 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2014-11-17 19:57 . 2014-11-17 20:32 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 12.0
2014-11-17 19:49 . 2014-11-17 19:49 -------- d-----w- c:\windows\Migration
2014-11-17 19:39 . 2014-11-17 19:39 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2014-11-17 16:20 . 2014-11-17 16:20 -------- d-----w- C:\Tor Browser
2014-11-17 13:48 . 2013-02-17 00:40 28672 ----a-w- c:\windows\system32\IEUDINIT.EXE
2014-11-17 13:42 . 2014-11-17 13:42 68608 ----a-w- c:\windows\system32\taskhost.exe
2014-11-17 13:38 . 2014-11-17 13:38 1887232 ----a-w- c:\windows\system32\d3d11.dll
2014-11-17 13:38 . 2014-11-17 13:38 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-26 13:43 . 2012-05-05 13:17 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-26 13:43 . 2012-05-05 13:17 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-22 00:32 . 2012-05-26 12:46 1041168 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-10-24 18:00 . 2014-10-24 18:00 7068816 ----a-w- c:\windows\system32\dxcapturereplay.dll
2014-10-24 18:00 . 2014-10-24 18:00 286352 ----a-w- c:\windows\system32\perf_gputiming.dll
2014-10-24 18:00 . 2014-10-24 18:00 812688 ----a-w- c:\windows\system32\dxcap.exe
2014-10-24 18:00 . 2014-10-24 18:00 937104 ----a-w- c:\windows\system32\dxtoolsofflineanalysis.dll
2014-10-24 18:00 . 2014-10-24 18:00 555664 ----a-w- c:\windows\system32\d2d1debug2.dll
2014-10-24 18:00 . 2014-10-24 18:00 5357712 ----a-w- c:\windows\system32\vsgraphicsremoteengine.exe
2014-10-24 18:00 . 2014-10-24 18:00 99992 ----a-w- c:\windows\system32\vsgraphicsproxystub.dll
2014-10-24 18:00 . 2014-10-24 18:00 91800 ----a-w- c:\windows\system32\vsd3dwarpdebug.dll
2014-10-24 18:00 . 2014-10-24 18:00 79512 ----a-w- c:\windows\system32\VSD3DRefDebug.dll
2014-10-24 18:00 . 2014-10-24 18:00 213136 ----a-w- c:\windows\system32\vsgraphicscapture.dll
2014-10-24 18:00 . 2014-10-24 18:00 1181336 ----a-w- c:\windows\system32\vsgraphicsexperiment.dll
2014-10-24 18:00 . 2014-10-24 18:00 112272 ----a-w- c:\windows\system32\dxtoolsreportgenerator.dll
2014-10-24 18:00 . 2014-10-24 18:00 775824 ----a-w- c:\windows\system32\d3d11ref.dll
2014-10-24 18:00 . 2014-10-24 18:00 669328 ----a-w- c:\windows\system32\d3d10sdklayers.dll
2014-10-24 18:00 . 2014-10-24 18:00 505488 ----a-w- c:\windows\system32\d3dref9.dll
2014-10-24 18:00 . 2014-10-24 18:00 470160 ----a-w- c:\windows\system32\d3d10ref.dll
2014-10-24 18:00 . 2014-10-24 18:00 250000 ----a-w- c:\windows\system32\dxcpl.exe
2014-10-24 18:00 . 2014-10-24 18:00 179344 ----a-w- c:\windows\system32\dxtoolsmonitor.dll
2014-10-24 18:00 . 2014-10-24 18:00 162960 ----a-w- c:\windows\system32\dxtoolsreporting.dll
2014-10-24 18:00 . 2014-10-24 18:00 149648 ----a-w- c:\windows\system32\dxgidebug.dll
2014-10-24 18:00 . 2014-10-24 18:00 1258640 ----a-w- c:\windows\system32\d3d11_2sdklayers.dll
2014-10-24 17:21 . 2014-10-24 17:21 72336 ----a-w- c:\windows\SysWow64\vsd3dwarpdebug.dll
2014-10-24 17:21 . 2014-10-24 17:21 673944 ----a-w- c:\windows\SysWow64\dxtoolsofflineanalysis.dll
2014-10-24 17:21 . 2014-10-24 17:21 60048 ----a-w- c:\windows\SysWow64\VSD3DRefDebug.dll
2014-10-24 17:21 . 2014-10-24 17:21 3904656 ----a-w- c:\windows\SysWow64\vsgraphicsremoteengine.exe
2014-10-24 17:21 . 2014-10-24 17:21 900248 ----a-w- c:\windows\SysWow64\vsgraphicsexperiment.dll
2014-10-24 17:21 . 2014-10-24 17:21 5281944 ----a-w- c:\windows\SysWow64\dxcapturereplay.dll
2014-10-24 17:21 . 2014-10-24 17:21 217232 ----a-w- c:\windows\SysWow64\perf_gputiming.dll
2014-10-24 17:21 . 2014-10-24 17:21 141976 ----a-w- c:\windows\SysWow64\dxtoolsmonitor.dll
2014-10-24 17:21 . 2014-10-24 17:21 963728 ----a-w- c:\windows\SysWow64\d3d11_2sdklayers.dll
2014-10-24 17:21 . 2014-10-24 17:21 643224 ----a-w- c:\windows\SysWow64\d3d11ref.dll
2014-10-24 17:21 . 2014-10-24 17:21 603288 ----a-w- c:\windows\SysWow64\dxcap.exe
2014-10-24 17:21 . 2014-10-24 17:21 50328 ----a-w- c:\windows\SysWow64\vsgraphicsproxystub.dll
2014-10-24 17:21 . 2014-10-24 17:21 490136 ----a-w- c:\windows\SysWow64\d3d10sdklayers.dll
2014-10-24 17:21 . 2014-10-24 17:21 398488 ----a-w- c:\windows\SysWow64\d3dref9.dll
2014-10-24 17:21 . 2014-10-24 17:21 373400 ----a-w- c:\windows\SysWow64\d3d10ref.dll
2014-10-24 17:21 . 2014-10-24 17:21 237208 ----a-w- c:\windows\SysWow64\dxcpl.exe
2014-10-24 17:21 . 2014-10-24 17:21 167568 ----a-w- c:\windows\SysWow64\vsgraphicscapture.dll
2014-10-24 17:21 . 2014-10-24 17:21 120984 ----a-w- c:\windows\SysWow64\dxtoolsreporting.dll
2014-10-24 17:21 . 2014-10-24 17:21 117912 ----a-w- c:\windows\SysWow64\dxgidebug.dll
2014-10-24 17:21 . 2014-10-24 17:21 112280 ----a-w- c:\windows\SysWow64\dxtoolsreportgenerator.dll
2014-10-24 17:21 . 2014-10-24 17:21 383640 ----a-w- c:\windows\SysWow64\d2d1debug2.dll
2014-10-17 22:11 . 2014-09-28 17:16 120 ----a-w- c:\users\u anticheat\AppData\Roaming\die.bat
2014-10-03 12:38 . 2011-02-11 13:44 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-10-02 15:00 . 2014-10-02 15:01 92008 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-10-02 15:00 . 2014-10-02 15:01 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-10-02 15:00 . 2013-06-27 18:02 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-10-02 15:00 . 2013-06-27 18:02 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-10-02 15:00 . 2012-05-26 12:46 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-10-02 15:00 . 2011-02-11 13:44 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-10-02 15:00 . 2011-02-11 13:44 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-10-02 15:00 . 2014-10-02 15:00 43152 ----a-w- c:\windows\avastSS.scr
2014-09-27 12:38 . 2013-01-04 22:56 281872 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-09-27 12:38 . 2013-01-04 22:56 281872 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-09-27 12:38 . 2013-01-04 22:56 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C3947F4E-8894-4C04-98E0-DF182C706DDF}]
2010-12-09 16:02 86696 ----a-w- c:\program files (x86)\wbtooltb\wbtoolDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{C3947F4E-8894-4C04-98E0-DF182C706DDF}"= "c:\program files (x86)\wbtooltb\wbtoolDx.dll" [2010-12-09 86696]
.
[HKEY_CLASSES_ROOT\clsid\{c3947f4e-8894-4c04-98e0-df182c706ddf}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-12-21 1483264]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-11-21 7063832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2011-07-12 1764352]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-09-15 295512]
"vmware-tray.exe"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2014-06-12 112856]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2014-10-03 4085896]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-12-01 3835728]
.
c:\users\u anticheat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GamersFirst LIVE!.lnk - c:\users\u anticheat\AppData\Local\GamersFirst\LIVE!\Live.exe /silent [2013-6-25 2878504]
Xfire.lnk - c:\program files (x86)\Xfire\Xfire.exe [2013-3-21 3560832]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-9-11 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:349bd559b /wow /dir:C:\Program
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 CGVPNCliService;CyberGhost 5 Client Service;c:\program files\CyberGhost 5\Service.exe;c:\program files\CyberGhost 5\Service.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
R3 FairplayKD;FairplayKD;c:\programdata\MTA San Andreas All\Common\temp\FairplayKD.sys;c:\programdata\MTA San Andreas All\Common\temp\FairplayKD.sys [x]
R3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys;c:\windows\SYSNATIVE\Drivers\qd162x64.sys [x]
R3 ioatdma2;ioatdma2;c:\windows\System32\Drivers\qd252x64.sys;c:\windows\SYSNATIVE\Drivers\qd252x64.sys [x]
R3 NmPar;MosChip PCI Parallel Port;c:\windows\system32\DRIVERS\NmPar.sys;c:\windows\SYSNATIVE\DRIVERS\NmPar.sys [x]
R3 nmserial;MosChip PCI Serial Port;c:\windows\system32\DRIVERS\nmserial.sys;c:\windows\SYSNATIVE\DRIVERS\nmserial.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [x]
R3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 XFDriver64;XFDriver64;c:\program files (x86)\Xfire2\XFDriver64.sys;c:\program files (x86)\Xfire2\XFDriver64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 ioatdma;Intel(R) QuickData Technology device;c:\windows\System32\Drivers\ioatdma.sys;c:\windows\SYSNATIVE\Drivers\ioatdma.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 EslWireHelper;ESL Wire Helper Service;c:\program files\EslWire\service\WireHelperSvc.exe;c:\program files\EslWire\service\WireHelperSvc.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 vstor2-mntapi20-shared;Vstor2 MntApi 2.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi20-shared.sys;SysWOW64\drivers\vstor2-mntapi20-shared.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2014-12-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-23 13:43]
.
2014-12-01 c:\windows\Tasks\Norton Security Scan for PC.job
- c:\progra~2\NORTON~2\Engine\300~1.103\Nss.exe [2011-04-01 22:47]
.
2014-11-29 c:\windows\Tasks\ReclaimerUpdateFiles_u anticheat.job
- c:\users\u anticheat\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-11-14 22:08]
.
2014-11-30 c:\windows\Tasks\ReclaimerUpdateXML_u anticheat.job
- c:\users\u anticheat\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-11-14 22:08]
.
2014-12-09 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_u anticheat.job
- c:\users\u anticheat\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-11-14 22:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-10-02 15:00 634872 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe
FF - ProfilePath - c:\users\u anticheat\AppData\Roaming\Mozilla\Firefox\Profiles\58y5cekz.default\
FF - prefs.js: network.proxy.http - 212.54.128.40
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-MixPad - c:\program files (x86)\NCH Software\MixPad\uninst.exe
AddRemove-PhotoStage - c:\program files (x86)\NCH Software\PhotoStage\uninst.exe
AddRemove-Prism - c:\program files (x86)\NCH Software\Prism\uninst.exe
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~2\UNWISE.EXE
AddRemove-VideoPad - c:\program files (x86)\NCH Software\VideoPad\uninst.exe
AddRemove-WavePad - c:\program files (x86)\NCH Software\WavePad\uninst.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-610051353-838362018-521060816-1009\Software\SecuROM\License information*]
"datasecu"=hex:42,70,4d,32,7a,f6,a4,6f,e2,04,69,ac,3d,e7,ef,fe,f0,1a,22,7f,f3,
43,f0,5f,27,2d,02,9e,7a,b6,88,b3,b0,09,49,72,af,93,b5,62,12,3c,76,b5,26,1d,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-12-09 16:42:58
ComboFix-quarantined-files.txt 2014-12-09 15:42
ComboFix2.txt 2014-12-07 20:52
.
Před spuštěním: Volných bajtů: 212 735 991 808
Po spuštění: Volných bajtů: 212 831 989 760
.
- - End Of File - - 2F6A039920573C769A96148B9661D47F
A36C5E4F47E84449FF07ED3517B43A31

#8 Příspěvek od **Roli** » 09 pro 2014 18:43

Něco je špatně, zkontroluj zda máš skript správně zkopírovaný - bez mezery na začátku, přesuň ComboFix i skript na Místní disk (C:) a pak zkus tu akci ještě jednou.

asdasd · #9 Příspěvek od **asdasd** » 09 pro 2014 19:58

ComboFix 14-12-08.01 - u anticheat 09.12.2014 19:41:04.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8191.5670 [GMT 1:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-11-09 do 2014-12-09 )))))))))))))))))))))))))))))))
.
.
2014-12-09 18:53 . 2014-12-09 18:53 -------- d-----w- c:\users\u anticheat\AppData\Local\temp
2014-12-09 18:53 . 2014-12-09 18:53 -------- d-----w- c:\users\PC\AppData\Local\temp
2014-12-09 18:53 . 2014-12-09 18:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-12-07 20:33 . 2014-12-09 18:53 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B6FCA18F-3A68-4030-ADDA-E9825A2F3AA5}\offreg.dll
2014-12-05 15:48 . 2014-12-05 15:48 -------- dc----w- C:\rsit
2014-12-05 15:48 . 2014-12-05 15:48 -------- d-----w- c:\program files\trend micro
2014-12-05 15:38 . 2014-12-05 15:41 -------- dc----w- C:\FRST
2014-11-30 03:50 . 2014-11-30 03:50 -------- d-----w- c:\users\u anticheat\.idlerc
2014-11-30 03:44 . 2014-11-30 03:44 -------- dc----w- C:\dev
2014-11-30 03:40 . 2014-11-30 03:40 -------- dc----w- C:\Python27
2014-11-29 05:23 . 2014-11-29 05:23 -------- d-----w- c:\users\PC\AppData\Roaming\GameXN
2014-11-29 05:22 . 2014-11-29 05:22 -------- d-----w- c:\users\PC\AppData\Roaming\AVAST Software
2014-11-29 05:22 . 2014-11-29 05:23 -------- d-----w- c:\users\PC\AppData\Local\GameXN
2014-11-17 22:05 . 2014-11-17 22:05 -------- d-----w- c:\users\u anticheat\AppData\Roaming\NuGet
2014-11-17 20:36 . 2014-11-17 20:36 1121344 ----a-w- c:\programdata\Microsoft\WDExpress\12.0\1033\ResourceCache.dll
2014-11-17 20:29 . 2014-11-17 20:29 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 11.0
2014-11-17 20:20 . 2014-11-17 20:20 -------- d-----w- c:\programdata\NuGet
2014-11-17 20:20 . 2014-11-17 20:20 -------- d-----w- c:\program files (x86)\NuGet
2014-11-17 20:14 . 2014-11-17 20:14 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
2014-11-17 20:05 . 2014-11-17 20:06 -------- d-----w- c:\program files (x86)\Windows Kits
2014-11-17 20:05 . 2014-11-17 20:05 -------- d-----w- c:\program files (x86)\Common Files\Microsoft
2014-11-17 20:02 . 2014-11-17 20:02 -------- d-----w- c:\program files (x86)\Microsoft Help Viewer
2014-11-17 20:02 . 2014-11-17 20:24 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2014-11-17 20:01 . 2014-11-17 20:01 -------- d-----w- c:\windows\SysWow64\1033
2014-11-17 20:01 . 2014-11-17 20:01 -------- d-----w- c:\windows\system32\1033
2014-11-17 20:01 . 2014-11-17 20:33 -------- d-----w- c:\program files\Microsoft SQL Server
2014-11-17 20:01 . 2014-11-17 20:32 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2014-11-17 19:59 . 2014-11-17 19:59 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2014-11-17 19:57 . 2014-11-17 20:32 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 12.0
2014-11-17 19:49 . 2014-11-17 19:49 -------- d-----w- c:\windows\Migration
2014-11-17 19:39 . 2014-11-17 19:39 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2014-11-17 16:20 . 2014-11-17 16:20 -------- d-----w- C:\Tor Browser
2014-11-17 13:48 . 2013-02-17 00:40 28672 ----a-w- c:\windows\system32\IEUDINIT.EXE
2014-11-17 13:42 . 2014-11-17 13:42 68608 ----a-w- c:\windows\system32\taskhost.exe
2014-11-17 13:38 . 2014-11-17 13:38 1887232 ----a-w- c:\windows\system32\d3d11.dll
2014-11-17 13:38 . 2014-11-17 13:38 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-09 18:43 . 2012-05-05 13:17 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-09 18:43 . 2012-05-05 13:17 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-22 00:32 . 2012-05-26 12:46 1041168 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-10-24 18:00 . 2014-10-24 18:00 7068816 ----a-w- c:\windows\system32\dxcapturereplay.dll
2014-10-24 18:00 . 2014-10-24 18:00 286352 ----a-w- c:\windows\system32\perf_gputiming.dll
2014-10-24 18:00 . 2014-10-24 18:00 812688 ----a-w- c:\windows\system32\dxcap.exe
2014-10-24 18:00 . 2014-10-24 18:00 937104 ----a-w- c:\windows\system32\dxtoolsofflineanalysis.dll
2014-10-24 18:00 . 2014-10-24 18:00 555664 ----a-w- c:\windows\system32\d2d1debug2.dll
2014-10-24 18:00 . 2014-10-24 18:00 5357712 ----a-w- c:\windows\system32\vsgraphicsremoteengine.exe
2014-10-24 18:00 . 2014-10-24 18:00 99992 ----a-w- c:\windows\system32\vsgraphicsproxystub.dll
2014-10-24 18:00 . 2014-10-24 18:00 91800 ----a-w- c:\windows\system32\vsd3dwarpdebug.dll
2014-10-24 18:00 . 2014-10-24 18:00 79512 ----a-w- c:\windows\system32\VSD3DRefDebug.dll
2014-10-24 18:00 . 2014-10-24 18:00 213136 ----a-w- c:\windows\system32\vsgraphicscapture.dll
2014-10-24 18:00 . 2014-10-24 18:00 1181336 ----a-w- c:\windows\system32\vsgraphicsexperiment.dll
2014-10-24 18:00 . 2014-10-24 18:00 112272 ----a-w- c:\windows\system32\dxtoolsreportgenerator.dll
2014-10-24 18:00 . 2014-10-24 18:00 775824 ----a-w- c:\windows\system32\d3d11ref.dll
2014-10-24 18:00 . 2014-10-24 18:00 669328 ----a-w- c:\windows\system32\d3d10sdklayers.dll
2014-10-24 18:00 . 2014-10-24 18:00 505488 ----a-w- c:\windows\system32\d3dref9.dll
2014-10-24 18:00 . 2014-10-24 18:00 470160 ----a-w- c:\windows\system32\d3d10ref.dll
2014-10-24 18:00 . 2014-10-24 18:00 250000 ----a-w- c:\windows\system32\dxcpl.exe
2014-10-24 18:00 . 2014-10-24 18:00 179344 ----a-w- c:\windows\system32\dxtoolsmonitor.dll
2014-10-24 18:00 . 2014-10-24 18:00 162960 ----a-w- c:\windows\system32\dxtoolsreporting.dll
2014-10-24 18:00 . 2014-10-24 18:00 149648 ----a-w- c:\windows\system32\dxgidebug.dll
2014-10-24 18:00 . 2014-10-24 18:00 1258640 ----a-w- c:\windows\system32\d3d11_2sdklayers.dll
2014-10-24 17:21 . 2014-10-24 17:21 72336 ----a-w- c:\windows\SysWow64\vsd3dwarpdebug.dll
2014-10-24 17:21 . 2014-10-24 17:21 673944 ----a-w- c:\windows\SysWow64\dxtoolsofflineanalysis.dll
2014-10-24 17:21 . 2014-10-24 17:21 60048 ----a-w- c:\windows\SysWow64\VSD3DRefDebug.dll
2014-10-24 17:21 . 2014-10-24 17:21 3904656 ----a-w- c:\windows\SysWow64\vsgraphicsremoteengine.exe
2014-10-24 17:21 . 2014-10-24 17:21 900248 ----a-w- c:\windows\SysWow64\vsgraphicsexperiment.dll
2014-10-24 17:21 . 2014-10-24 17:21 5281944 ----a-w- c:\windows\SysWow64\dxcapturereplay.dll
2014-10-24 17:21 . 2014-10-24 17:21 217232 ----a-w- c:\windows\SysWow64\perf_gputiming.dll
2014-10-24 17:21 . 2014-10-24 17:21 141976 ----a-w- c:\windows\SysWow64\dxtoolsmonitor.dll
2014-10-24 17:21 . 2014-10-24 17:21 963728 ----a-w- c:\windows\SysWow64\d3d11_2sdklayers.dll
2014-10-24 17:21 . 2014-10-24 17:21 643224 ----a-w- c:\windows\SysWow64\d3d11ref.dll
2014-10-24 17:21 . 2014-10-24 17:21 603288 ----a-w- c:\windows\SysWow64\dxcap.exe
2014-10-24 17:21 . 2014-10-24 17:21 50328 ----a-w- c:\windows\SysWow64\vsgraphicsproxystub.dll
2014-10-24 17:21 . 2014-10-24 17:21 490136 ----a-w- c:\windows\SysWow64\d3d10sdklayers.dll
2014-10-24 17:21 . 2014-10-24 17:21 398488 ----a-w- c:\windows\SysWow64\d3dref9.dll
2014-10-24 17:21 . 2014-10-24 17:21 373400 ----a-w- c:\windows\SysWow64\d3d10ref.dll
2014-10-24 17:21 . 2014-10-24 17:21 237208 ----a-w- c:\windows\SysWow64\dxcpl.exe
2014-10-24 17:21 . 2014-10-24 17:21 167568 ----a-w- c:\windows\SysWow64\vsgraphicscapture.dll
2014-10-24 17:21 . 2014-10-24 17:21 120984 ----a-w- c:\windows\SysWow64\dxtoolsreporting.dll
2014-10-24 17:21 . 2014-10-24 17:21 117912 ----a-w- c:\windows\SysWow64\dxgidebug.dll
2014-10-24 17:21 . 2014-10-24 17:21 112280 ----a-w- c:\windows\SysWow64\dxtoolsreportgenerator.dll
2014-10-24 17:21 . 2014-10-24 17:21 383640 ----a-w- c:\windows\SysWow64\d2d1debug2.dll
2014-10-17 22:11 . 2014-09-28 17:16 120 ----a-w- c:\users\u anticheat\AppData\Roaming\die.bat
2014-10-03 12:38 . 2011-02-11 13:44 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-10-02 15:00 . 2014-10-02 15:01 92008 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-10-02 15:00 . 2014-10-02 15:01 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-10-02 15:00 . 2013-06-27 18:02 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-10-02 15:00 . 2013-06-27 18:02 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-10-02 15:00 . 2012-05-26 12:46 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-10-02 15:00 . 2011-02-11 13:44 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-10-02 15:00 . 2011-02-11 13:44 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-10-02 15:00 . 2014-10-02 15:00 43152 ----a-w- c:\windows\avastSS.scr
2014-09-27 12:38 . 2013-01-04 22:56 281872 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-09-27 12:38 . 2013-01-04 22:56 281872 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-09-27 12:38 . 2013-01-04 22:56 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C3947F4E-8894-4C04-98E0-DF182C706DDF}]
2010-12-09 16:02 86696 ----a-w- c:\program files (x86)\wbtooltb\wbtoolDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{C3947F4E-8894-4C04-98E0-DF182C706DDF}"= "c:\program files (x86)\wbtooltb\wbtoolDx.dll" [2010-12-09 86696]
.
[HKEY_CLASSES_ROOT\clsid\{c3947f4e-8894-4c04-98e0-df182c706ddf}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-12-21 1483264]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-11-21 7063832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2011-07-12 1764352]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-09-15 295512]
"vmware-tray.exe"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2014-06-12 112856]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2014-10-03 4085896]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-12-01 3835728]
.
c:\users\u anticheat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GamersFirst LIVE!.lnk - c:\users\u anticheat\AppData\Local\GamersFirst\LIVE!\Live.exe /silent [2013-6-25 2878504]
Xfire.lnk - c:\program files (x86)\Xfire\Xfire.exe [2013-3-21 3560832]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-9-11 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:349bd559b /wow /dir:C:\Program
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 CGVPNCliService;CyberGhost 5 Client Service;c:\program files\CyberGhost 5\Service.exe;c:\program files\CyberGhost 5\Service.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
R3 FairplayKD;FairplayKD;c:\programdata\MTA San Andreas All\Common\temp\FairplayKD.sys;c:\programdata\MTA San Andreas All\Common\temp\FairplayKD.sys [x]
R3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys;c:\windows\SYSNATIVE\Drivers\qd162x64.sys [x]
R3 ioatdma2;ioatdma2;c:\windows\System32\Drivers\qd252x64.sys;c:\windows\SYSNATIVE\Drivers\qd252x64.sys [x]
R3 NmPar;MosChip PCI Parallel Port;c:\windows\system32\DRIVERS\NmPar.sys;c:\windows\SYSNATIVE\DRIVERS\NmPar.sys [x]
R3 nmserial;MosChip PCI Serial Port;c:\windows\system32\DRIVERS\nmserial.sys;c:\windows\SYSNATIVE\DRIVERS\nmserial.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [x]
R3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 XFDriver64;XFDriver64;c:\program files (x86)\Xfire2\XFDriver64.sys;c:\program files (x86)\Xfire2\XFDriver64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 ioatdma;Intel(R) QuickData Technology device;c:\windows\System32\Drivers\ioatdma.sys;c:\windows\SYSNATIVE\Drivers\ioatdma.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 EslWireHelper;ESL Wire Helper Service;c:\program files\EslWire\service\WireHelperSvc.exe;c:\program files\EslWire\service\WireHelperSvc.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 vstor2-mntapi20-shared;Vstor2 MntApi 2.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi20-shared.sys;SysWOW64\drivers\vstor2-mntapi20-shared.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2014-12-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-23 18:43]
.
2014-12-01 c:\windows\Tasks\Norton Security Scan for PC.job
- c:\progra~2\NORTON~2\Engine\300~1.103\Nss.exe [2011-04-01 22:47]
.
2014-11-29 c:\windows\Tasks\ReclaimerUpdateFiles_u anticheat.job
- c:\users\u anticheat\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-11-14 22:08]
.
2014-11-30 c:\windows\Tasks\ReclaimerUpdateXML_u anticheat.job
- c:\users\u anticheat\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-11-14 22:08]
.
2014-12-09 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_u anticheat.job
- c:\users\u anticheat\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-11-14 22:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-10-02 15:00 634872 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe
FF - ProfilePath - c:\users\u anticheat\AppData\Roaming\Mozilla\Firefox\Profiles\58y5cekz.default\
FF - prefs.js: network.proxy.http - 212.54.128.40
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-MixPad - c:\program files (x86)\NCH Software\MixPad\uninst.exe
AddRemove-PhotoStage - c:\program files (x86)\NCH Software\PhotoStage\uninst.exe
AddRemove-Prism - c:\program files (x86)\NCH Software\Prism\uninst.exe
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~2\UNWISE.EXE
AddRemove-VideoPad - c:\program files (x86)\NCH Software\VideoPad\uninst.exe
AddRemove-WavePad - c:\program files (x86)\NCH Software\WavePad\uninst.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-610051353-838362018-521060816-1009\Software\SecuROM\License information*]
"datasecu"=hex:42,70,4d,32,7a,f6,a4,6f,e2,04,69,ac,3d,e7,ef,fe,f0,1a,22,7f,f3,
43,f0,5f,27,2d,02,9e,7a,b6,88,b3,b0,09,49,72,af,93,b5,62,12,3c,76,b5,26,1d,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
Celkový čas: 2014-12-09 19:57:27
ComboFix-quarantined-files.txt 2014-12-09 18:57
ComboFix2.txt 2014-12-09 15:42
ComboFix3.txt 2014-12-07 20:52
.
Před spuštěním: Volných bajtů: 212 172 292 096
Po spuštění: Volných bajtů: 212 148 486 144
.
- - End Of File - - 1E90FDB91F6578D033051A1B2EB5EEE6
A36C5E4F47E84449FF07ED3517B43A31

#10 Příspěvek od **Roli** » 10 pro 2014 18:17

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.

Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak

Pak dej vědět jaký je stav PC.

asdasd · #11 Příspěvek od **asdasd** » 13 pro 2014 00:45

Sorry, nemel jsem ted moc cas odpovedet
Combofix odinstalovan, T-Cleaner docistil, vse se zda byt v poradku.
Ten pc byl celou dobu dobry, ja chtel procistit pc od viru nebot na tomto pc byl otevren "podezrely" soubor, po jeho otevreni tak 30 sekund podivne lagovala mys, pak zas vsechno dobre.
Kazdopadne diky za poskytnutou pomoc, vazim si ji.

#12 Příspěvek od **Roli** » 14 pro 2014 19:02

Není zač a

VIRY.CZ

prosim o kontrolu

prosim o kontrolu

Re: prosim o kontrolu

Re: prosim o kontrolu

Re: prosim o kontrolu

Re: prosim o kontrolu

Re: prosim o kontrolu

Re: prosim o kontrolu

Re: prosim o kontrolu

Re: prosim o kontrolu

Re: prosim o kontrolu

Re: prosim o kontrolu

Re: prosim o kontrolu