Dobrý den, potřeboval bych kontrolu systému!

[vamvam]

Okey, když jsem tohle provedl, je nějaká možnost mi prosím naposledy doufám, zkontrolovat ještě jednou počítač?

[altrok]

Jasne, dejte novy log FRST.txt, prilozte i Addition.txt a kouknem na aktualni stav - http://forum.viry.cz/viewtopic.php?f=30&t=133101

[vamvam]

Rust mi stále nefunguje...

Ten Log dodám hned co bude trošku čas.

[vamvam]

No, tak rust jsem sprovoznil vymazáním nějakého chybného Luma Emu.

Každopádně asi na internet nepatřím nebo mám obrovskou smůlu. Poté co hraji jakou koli hru mi to jak třeba v Rustu, nebo jiné hře.. Třeba Call of Duty. (To jsem skoro nic kromě FRST a rustu zatím nestahoval) > Najednou vyskočí, aniž bych něco zmáčkl, spoustí se globální Chat a napíše to tam: "o ote" jako nevím jestli to má být myšleno jako to, kdybych tam doplnil 2x K, ale nemyslím si že to je v pohodě..

Stejně jako se mi nechcou uložit nikdy hesla jak na tomhle fórum tak jinde..

FRST.rar

(52.37 KiB) Staženo 70 x

Nechal jsem počítač projet antivirem a našlo a vyléčilo mi to asi 4 věci. Z toho 1 byla z Rustu nějakej Win32/Tool
Děkuji za obětovaný čas.

[altrok]

-> Na ESS jsem dostal k grafické kartě a zdroji z alzy dohromady na 2 měsíce ESS zadarmo. Takže nevím o tom, že bych si něco kupoval, jen mi poslali nějaké kódy a já je tam naťukal a mám zkušební verzi na 2 měsíce a vyprší mi za 14 dní..

jste napsal 16. prosince a 19.12. jste jej nanovo nainstaloval?

Jake polozky jste antivirem vylecil?


Postupujte naprosto presne dle navodu kolegy.

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane

  Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill iExplore.exe:
  http://download.bleepingcomputer.com/gr ... xplore.exe
  
  Rkill uSeRiNiT.exe:
  http://download.bleepingcomputer.com/gr ... eRiNiT.exe
  
  Rkill WiNlOgOn.exe:
  http://download.bleepingcomputer.com/gr ... NlOgOn.exe

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• Na plose vznikne log Rkill.txt ten mi sem vlozte
• Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[vamvam]

Takže v počítači mám nějaké zlé věci? (Léčbu provedu až na večer, nebo se o to aspoň pokusím.)

nn, mám ho prošlej ale jako u BMAM to šlo zkontrolovat.

Už nevím co jsem vyléčil.

[altrok]

OK

Proslej ESET = neaktualni virova databaze = poruseni licencnich podminek = poruseni pravidel fora

Vetsina utilit kdyz neco maze/presouva do karanteny si o tom vede zaznamy... kouknete po virove truhle, vysledcich minuleho skenu atd.

[vamvam]

Dobrý den, tak jsem si tedy ESET objednal, nevíte kdy by mi mohl dorazit kód? Čekám už 2 dny a nic.

Věci smazané Esetem:
C:\Users\Martin\Downloads\FFSetup295.zip » ZIP » FFSetup295.exe » NSIS » hao123inst.exe - varianta infiltrace Win32/Hao123.A potenciálně nechtěná aplikace - smazán - uložen do karantény
C:\Users\Martin\Downloads\FFSetup295.zip » ZIP » FFSetup295.exe » NSIS » v9fft.exe - varianta infiltrace Win32/ELEX potenciálně nechtěná aplikace - smazán - uložen do karantény
C:\Users\Martin\Downloads\minecraftforge universal 1.5.1 7.7.2.682.zip » ZIP » minecraftforge universal 1.5.1 7.7.2.682.zip.exe » NSIS » inst.7z » 7ZIP » inst.exe - MSIL/Solimba.M potenciálně nechtěná aplikace - smazán - uložen do karantény
C:\Users\Martin\Downloads\Rust-14.03-www.rusted.cz.rar » RAR » Rust 14.03 www.rusted.cz\Rust Launcher.exe - Win32/HackTool.Steam.E trojský kůň - smazán - uložen do karantény

Rkill:
Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/18/2015 02:26:51 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\jmesoft\Service.exe (PID: 1808) [WD-HEUR]
* C:\Windows\SysWOW64\UMonit.exe (PID: 544) [WD-HEUR]
* C:\Windows\jmesoft\hotkey.exe (PID: 4960) [WD-HEUR]
* C:\Windows\jmesoft\JME_LOAD.exe (PID: 5016) [WD-HEUR]

4 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 01/18/2015 02:27:16 AM
Execution time: 0 hours(s), 0 minute(s), and 25 seconds(s)


ComboFix:
ComboFix 15-01-08.01 - Martin 18.01.2015 2:29.1.4 - x64
Spuštěný z: c:\users\Martin\Desktop\ComboFix.exe
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Martin\AppData\Local\TempCrossDotXfire.exe
c:\users\Martin\AppData\Roaming\technic-launcher.jar
c:\users\Martin\videos\LeagueofLegends.exe
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-12-18 do 2015-01-18 )))))))))))))))))))))))))))))))
.
.
2015-01-18 01:35 . 2015-01-18 01:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-01-15 15:19 . 2014-12-12 05:35 5553592 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-01-15 15:19 . 2014-12-12 05:11 3971512 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-01-15 15:19 . 2014-12-12 05:31 503808 ----a-w- c:\windows\system32\srcore.dll
2015-01-15 15:19 . 2014-12-12 05:31 50176 ----a-w- c:\windows\system32\srclient.dll
2015-01-15 15:19 . 2014-12-12 05:31 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-01-15 15:19 . 2014-12-12 05:11 3916728 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-01-15 15:19 . 2014-12-12 05:07 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-01-14 13:29 . 2014-12-11 17:47 52736 ----a-w- c:\windows\system32\TSWbPrxy.exe
2015-01-14 13:29 . 2014-12-19 03:06 210432 ----a-w- c:\windows\system32\profsvc.dll
2015-01-14 13:29 . 2014-12-06 04:17 303616 ----a-w- c:\windows\system32\nlasvc.dll
2015-01-14 13:29 . 2014-12-06 03:50 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2015-01-14 13:29 . 2014-12-06 03:50 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2015-01-14 13:29 . 2014-12-19 01:46 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2015-01-01 13:22 . 2015-01-17 13:53 -------- d-----w- c:\users\Martin\AppData\Local\LogMeIn Hamachi
2015-01-01 13:21 . 2015-01-01 13:21 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2014-12-31 20:23 . 2015-01-01 13:18 -------- d-----w- c:\users\Martin\AppData\Local\LogMeInIgnition
2014-12-26 13:49 . 2014-12-26 13:49 -------- d-----w- c:\users\Martin\AppData\Local\LumaEmu
2014-12-26 12:41 . 2014-12-26 12:41 -------- d-----w- c:\users\Martin\AppData\Local\Nová složka
2014-12-25 21:15 . 2015-01-17 13:21 -------- d-----w- c:\program files (x86)\SpeedFan
2014-12-25 16:47 . 2014-12-25 16:47 -------- d-----w- c:\users\Martin\AppData\Roaming\Publish Providers
2014-12-24 18:04 . 2014-12-24 18:04 -------- d-----w- c:\program files (x86)\MSI
2014-12-24 17:58 . 2014-12-24 17:58 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2014-12-24 17:58 . 2014-02-08 16:18 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-12-24 17:58 . 2013-11-28 13:38 31520 ----a-w- c:\windows\system32\nvhdap64.dll
2014-12-24 17:58 . 2013-11-28 13:38 197408 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2014-12-24 17:58 . 2013-11-22 08:36 1515296 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2014-12-24 17:56 . 2014-02-08 18:34 1885472 ----a-w- c:\windows\system32\nvdispco6433489.dll
2014-12-24 17:56 . 2014-02-08 18:34 1515296 ----a-w- c:\windows\system32\nvdispgenco6433489.dll
2014-12-24 17:54 . 2014-02-08 18:34 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-12-24 17:54 . 2014-02-08 18:34 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2014-12-24 17:54 . 2014-02-08 18:34 2713728 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-12-24 15:48 . 2014-12-24 15:48 -------- d-----w- c:\program files (x86)\Gaming Keyboard
2014-12-24 15:47 . 2014-12-24 15:47 -------- d-----w- c:\users\Martin\AppData\Roaming\InstallShield
2014-12-20 10:08 . 2012-03-15 17:21 1914000 ----a-w- c:\programdata\flashax10.exe
2014-12-19 09:47 . 2014-12-19 09:47 -------- d-----w- c:\program files\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-17 22:56 . 2014-12-16 19:56 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-14 21:18 . 2012-08-12 10:35 113365784 ----a-w- c:\windows\system32\MRT.exe
2015-01-14 18:23 . 2012-10-22 08:39 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-14 18:23 . 2012-10-22 08:39 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-24 20:14 . 2013-06-20 16:16 297088 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-12-24 20:14 . 2012-12-25 10:42 297088 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-12-24 20:10 . 2012-12-25 09:02 297088 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-12-13 05:09 . 2014-12-18 12:13 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2014-12-18 12:13 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-12-13 00:12 . 2014-11-07 15:35 1291464 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-12-13 00:12 . 2013-11-09 19:05 2210040 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-12-13 00:12 . 2014-11-07 15:35 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-12-13 00:12 . 2013-11-09 19:05 2824504 ----a-w- c:\windows\system32\nvspcap64.dll
2014-12-02 10:26 . 2014-12-16 13:10 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{22ED2961-4600-4BEC-A9F8-1CEC68DA09E9}\mpengine.dll
2014-11-28 11:26 . 2014-08-24 19:52 174112 ----a-w- c:\windows\SysWow64\EasyAntiCheat.exe
2014-11-27 01:43 . 2014-12-11 18:37 389296 ----a-w- c:\windows\system32\iedkcs32.dll
2014-11-24 13:04 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-11-22 10:46 . 2014-12-17 18:15 38032 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2014-11-22 10:46 . 2014-12-17 18:15 32400 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2014-11-22 10:46 . 2013-11-09 19:01 35472 ----a-w- c:\windows\system32\nvaudcap64v.dll
2014-11-22 03:13 . 2014-12-11 18:37 25059840 ----a-w- c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-11 18:37 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-11 18:37 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-11 18:37 66560 ----a-w- c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-11 18:37 580096 ----a-w- c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-11 18:37 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-11 18:37 2885120 ----a-w- c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-11 18:37 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-11 18:37 54784 ----a-w- c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-11 18:37 34304 ----a-w- c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-11 18:37 633856 ----a-w- c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-11 18:37 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-11 18:37 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-11 18:37 6039552 ----a-w- c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-11 18:37 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-11 18:37 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-11 18:37 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-11 18:37 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-11 18:37 199680 ----a-w- c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-11 18:37 92160 ----a-w- c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-11 18:37 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-11 18:37 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-11 18:37 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-11 18:37 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-11 18:37 316928 ----a-w- c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-11 18:37 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-11 18:37 718848 ----a-w- c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-11 18:37 800768 ----a-w- c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-11 18:37 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-11 18:37 2125312 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-11 18:37 14412800 ----a-w- c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-11 18:37 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-11 18:37 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-11 18:37 2358272 ----a-w- c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-11 18:37 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-11 18:37 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-11 18:37 1548288 ----a-w- c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-11 18:37 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-11 18:37 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
2014-11-21 05:14 . 2014-12-16 19:55 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-21 05:14 . 2014-12-16 19:55 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 05:14 . 2014-12-16 19:55 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-11 03:09 . 2014-12-11 18:33 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-19 13:07 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 13:07 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-11 18:33 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 13:07 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 13:07 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-11 18:33 119296 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-11 18:32 2048 ----a-w- c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-11 18:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-10-30 02:03 . 2014-12-11 18:33 165888 ----a-w- c:\windows\system32\charmap.exe
2014-10-30 01:45 . 2014-12-11 18:33 155136 ----a-w- c:\windows\SysWow64\charmap.exe
2014-10-25 01:57 . 2014-11-13 15:06 77824 ----a-w- c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-13 15:06 67584 ----a-w- c:\windows\SysWow64\packager.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bloody2"="c:\program files (x86)\Bloody5\Bloody5\Bloody5.exe" [2014-01-03 14069760]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"jmekey"="c:\windows\jmesoft\hotkey.exe" [2011-06-08 118784]
"jmesoft"="c:\windows\jmesoft\ServiceLoader.exe" [2011-03-16 28672]
"Lenovo Eye Distance System"="c:\program files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe" [2010-09-09 265216]
"Lenovo Dynamic Brightness System"="c:\program files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe" [2010-10-08 285696]
"CLMLServer"="c:\program files (x86)\Lenovo\Power2Go\CLMLSvc.exe" [2009-12-04 103720]
"VICTORY Gaming Keyboard"="c:\program files (x86)\Gaming Keyboard\Monitor.exe" [2013-04-09 270336]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-12-13 3838800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 JME Keyboard;JME Keyboard Driver;c:\windows\jmesoft\Service.exe;c:\windows\jmesoft\Service.exe [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\system32\drivers\DDCDrv.sys;c:\windows\SYSNATIVE\drivers\DDCDrv.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 RzKLService;RzKLService;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 GeneStor;Genesys Logic Storage Driver;c:\windows\system32\DRIVERS\GeneStor.sys;c:\windows\SYSNATIVE\DRIVERS\GeneStor.sys [x]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv.sys [x]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys;c:\windows\SYSNATIVE\DRIVERS\vcsvad.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-01-16 12:53 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.99\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-01-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-22 18:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-26 11543656]
"UMonit"="c:\windows\SysWOW64\UMonit.exe" [2011-05-25 49152]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-12-13 2824504]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-12-13 2531472]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2014-10-01 5595336]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ankcv6uy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-ManyCam - c:\program files (x86)\ManyCam\ManyCam.exe
Wow6432Node-HKCU-Run-Clownfish - (no file)
Wow6432Node-HKLM-Run-WinampAgent - c:\program files (x86)\Winamp\winampa.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-Nvtmru - c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-Counter-Strike 1.6 Non-Steam 1.0 - c:\program files (x86)\Counter-Strike 1.6 Non-Steam\Uninstall.exe
AddRemove-ManyCam - c:\program files (x86)\ManyCam\uninstall.exe
AddRemove-MoodEditor - c:\program files (x86)\Pamela RichMood Editor\Uninst.exe
AddRemove-Open Broadcaster Software - c:\program files (x86)\OBS\uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-Rusted.cz Klient 1.8.1 - c:\users\Martin\Desktop\Rusted Klient 1.8.1\UninstallKlient.exe
AddRemove-Rusted.cz Klient 1.8.2 - c:\users\Martin\Desktop\Rusted Klient 1.8.2\UninstallKlient.exe
AddRemove-TeamViewer 9 - c:\program files (x86)\TeamViewer\Version9\uninstall.exe
AddRemove-WinZip Registry Optimizer_is1 - c:\program files (x86)\WinZip Registry Optimizer\unins000.exe
AddRemove-{01db25f3-1b76-4d97-88c8-1c90634d88fb} - c:\programdata\Package Cache\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\vcredist_x86.exe
AddRemove-{2af972c7-13b0-4978-92a8-fee26a4fb4e9} - c:\programdata\Package Cache\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\vcredist_x86.exe
AddRemove-{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC} - c:\program files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe
AddRemove-{615bc16d-60f5-482e-91b3-b51d8130963b} - c:\programdata\Package Cache\{615bc16d-60f5-482e-91b3-b51d8130963b}\vcredist_x86.exe
AddRemove-{6c95b50e-cb5a-4a1f-a7b4-8a6004f8dd6a} - c:\programdata\Package Cache\{6c95b50e-cb5a-4a1f-a7b4-8a6004f8dd6a}\vcredist_x86.exe
AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - c:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
AddRemove-{f0080ca2-80ae-4958-b6eb-e8fa916d744a} - c:\programdata\Package Cache\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}\vcredist_x86.exe
AddRemove-Akamai - c:\users\Martin\AppData\Local\Akamai\uninstall.exe
AddRemove-Counter-Strike 1.6_is1 - c:\counter-strike 1.6\unins000.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3624722470-2580364961-1715627244-1001\Software\SecuROM\License information*]
"datasecu"=hex:4b,7d,3b,87,ed,54,b3,d6,80,a2,c0,25,b8,b7,73,9f,28,da,1c,78,0d,
02,5b,37,62,43,5a,b1,cd,97,ec,4a,0e,1e,41,26,b5,82,90,96,8a,24,b8,9b,24,75,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-01-18 02:37:09
ComboFix-quarantined-files.txt 2015-01-18 01:37
.
Před spuštěním: Volných bajtů: 77 560 999 936
Po spuštění: Volných bajtů: 77 203 103 744
.
- - End Of File - - C888A4877DD52AE2B098A7DB12F7233A
A36C5E4F47E84449FF07ED3517B43A31

[altrok]

Licence by po vikendu mela dorazit

Pokud jeste nemate, presunte ComboFix na plochu.

• Otevrete Poznamkovy blok (Start -> Spustit -> notepad)
• zkopirujte do nej skript nize a ulozte na plochu jako CFScript (Typ souboru: Textovy dokument)

  Kód: Vybrat vše

  KillAll::
  
  Registry::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "AdobeAAMUpdater-1.0"=-
  "NvBackend"=-
  
  File::
  c:\programdata\flashax10.exe
  
  RegNull::
  [HKEY_USERS\S-1-5-21-3624722470-2580364961-1715627244-1001\Software\SecuROM\License information*]
  
  RegLock::
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
  [HKEY_LOCAL_MACHINE\software\McAfee]
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
  
  ClearJavaCache::
  
  Reboot::

• Tento CFScript.txt chytte, doslova pretahnete nad ikonu ComboFixu a pustte.
  
• Po restartu na Vas vyskoci log, jehoz obsah mi vlozte do dalsi odpovedi.

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou Windows. V tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[vamvam]

ComboFix 15-02-02.01 - Martin 08.02.2015 0:28.2.4 - x64
Spuštěný z: c:\users\Martin\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Martin\Desktop\CFScript.txt
* Rezidentní štít AV je zapnutý
.
.
FILE ::
"c:\programdata\flashax10.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\flashax10.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-01-07 do 2015-02-07 )))))))))))))))))))))))))))))))
.
.
2015-02-07 23:39 . 2015-02-07 23:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-07 14:24 . 2015-02-07 14:25 -------- d-----w- c:\programdata\Package Cache
2015-02-06 15:02 . 2015-02-06 15:02 -------- d-----w- c:\users\Martin\AppData\Local\Steam
2015-02-05 08:23 . 2015-02-05 08:23 5070512 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-02-02 16:18 . 2015-02-02 16:18 -------- d-----w- c:\users\Martin\AppData\Local\Gameforge4d
2015-01-19 13:24 . 2015-01-19 13:24 -------- d-----w- c:\program files\ESET
2015-01-15 15:19 . 2014-12-12 05:35 5553592 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-01-15 15:19 . 2014-12-12 05:11 3971512 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-01-15 15:19 . 2014-12-12 05:31 503808 ----a-w- c:\windows\system32\srcore.dll
2015-01-15 15:19 . 2014-12-12 05:31 50176 ----a-w- c:\windows\system32\srclient.dll
2015-01-15 15:19 . 2014-12-12 05:31 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-01-15 15:19 . 2014-12-12 05:11 3916728 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-01-15 15:19 . 2014-12-12 05:07 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-01-14 13:29 . 2014-12-11 17:47 52736 ----a-w- c:\windows\system32\TSWbPrxy.exe
2015-01-14 13:29 . 2014-12-19 03:06 210432 ----a-w- c:\windows\system32\profsvc.dll
2015-01-14 13:29 . 2014-12-06 04:17 303616 ----a-w- c:\windows\system32\nlasvc.dll
2015-01-14 13:29 . 2014-12-06 03:50 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2015-01-14 13:29 . 2014-12-06 03:50 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2015-01-14 13:29 . 2014-12-19 01:46 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-07 22:56 . 2014-12-16 19:56 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-05 08:23 . 2012-10-22 08:39 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 08:23 . 2012-10-22 08:39 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-16 06:41 . 2014-11-07 15:35 1316184 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-01-16 06:41 . 2013-11-09 19:05 1278920 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-01-16 06:41 . 2014-11-07 15:35 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-01-16 06:41 . 2013-11-09 19:05 1514528 ----a-w- c:\windows\system32\nvspcap64.dll
2015-01-14 21:18 . 2012-08-12 10:35 113365784 ----a-w- c:\windows\system32\MRT.exe
2014-12-24 20:14 . 2013-06-20 16:16 297088 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-12-24 20:14 . 2012-12-25 10:42 297088 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-12-24 20:10 . 2012-12-25 09:02 297088 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-12-13 05:09 . 2014-12-18 12:13 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2014-12-18 12:13 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-12-02 10:26 . 2014-12-16 13:10 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{22ED2961-4600-4BEC-A9F8-1CEC68DA09E9}\mpengine.dll
2014-11-28 11:26 . 2014-08-24 19:52 174112 ----a-w- c:\windows\SysWow64\EasyAntiCheat.exe
2014-11-27 01:43 . 2014-12-11 18:37 389296 ----a-w- c:\windows\system32\iedkcs32.dll
2014-11-24 13:04 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-11-22 10:46 . 2014-12-17 18:15 38032 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2014-11-22 10:46 . 2014-12-17 18:15 32400 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2014-11-22 10:46 . 2013-11-09 19:01 35472 ----a-w- c:\windows\system32\nvaudcap64v.dll
2014-11-22 03:13 . 2014-12-11 18:37 25059840 ----a-w- c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-11 18:37 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-11 18:37 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-11 18:37 66560 ----a-w- c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-11 18:37 580096 ----a-w- c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-11 18:37 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-11 18:37 2885120 ----a-w- c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-11 18:37 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-11 18:37 54784 ----a-w- c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-11 18:37 34304 ----a-w- c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-11 18:37 633856 ----a-w- c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-11 18:37 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-11 18:37 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-11 18:37 6039552 ----a-w- c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-11 18:37 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-11 18:37 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-11 18:37 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-11 18:37 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-11 18:37 199680 ----a-w- c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-11 18:37 92160 ----a-w- c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-11 18:37 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-11 18:37 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-11 18:37 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-11 18:37 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-11 18:37 316928 ----a-w- c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-11 18:37 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-11 18:37 718848 ----a-w- c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-11 18:37 800768 ----a-w- c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-11 18:37 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-11 18:37 2125312 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-11 18:37 14412800 ----a-w- c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-11 18:37 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-11 18:37 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-11 18:37 2358272 ----a-w- c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-11 18:37 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-11 18:37 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-11 18:37 1548288 ----a-w- c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-11 18:37 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-11 18:37 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
2014-11-21 05:14 . 2014-12-16 19:55 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-21 05:14 . 2014-12-16 19:55 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 05:14 . 2014-12-16 19:55 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-11 03:09 . 2014-12-11 18:33 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-19 13:07 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 13:07 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-11 18:33 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 13:07 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 13:07 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-11 18:33 119296 ----a-w- c:\windows\system32\drivers\tdx.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bloody2"="c:\program files (x86)\Bloody5\Bloody5\Bloody5.exe" [2014-01-03 14069760]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"jmekey"="c:\windows\jmesoft\hotkey.exe" [2011-06-08 118784]
"jmesoft"="c:\windows\jmesoft\ServiceLoader.exe" [2011-03-16 28672]
"Lenovo Eye Distance System"="c:\program files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe" [2010-09-09 265216]
"Lenovo Dynamic Brightness System"="c:\program files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe" [2010-10-08 285696]
"CLMLServer"="c:\program files (x86)\Lenovo\Power2Go\CLMLSvc.exe" [2009-12-04 103720]
"VICTORY Gaming Keyboard"="c:\program files (x86)\Gaming Keyboard\Monitor.exe" [2013-04-09 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\system32\drivers\DDCDrv.sys;c:\windows\SYSNATIVE\drivers\DDCDrv.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
S2 JME Keyboard;JME Keyboard Driver;c:\windows\jmesoft\Service.exe;c:\windows\jmesoft\Service.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 RzKLService;RzKLService;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 GeneStor;Genesys Logic Storage Driver;c:\windows\system32\DRIVERS\GeneStor.sys;c:\windows\SYSNATIVE\DRIVERS\GeneStor.sys [x]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv.sys [x]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys;c:\windows\SYSNATIVE\DRIVERS\vcsvad.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-05 21:00 1086280 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-02-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-22 08:23]
.
2015-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28 13:50]
.
2015-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28 13:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-26 11543656]
"UMonit"="c:\windows\SysWOW64\UMonit.exe" [2011-05-25 49152]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [BU]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-01-16 1514528]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2014-10-01 5595336]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 192.168.1.1 217.112.162.34 10.0.0.2
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ankcv6uy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-Counter-Strike 1.6 Non-Steam 1.0 - c:\program files (x86)\Counter-Strike 1.6 Non-Steam\Uninstall.exe
AddRemove-ManyCam - c:\program files (x86)\ManyCam\uninstall.exe
AddRemove-MoodEditor - c:\program files (x86)\Pamela RichMood Editor\Uninst.exe
AddRemove-Open Broadcaster Software - c:\program files (x86)\OBS\uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-Rusted.cz Klient 1.8.1 - c:\users\Martin\Desktop\Rusted Klient 1.8.1\UninstallKlient.exe
AddRemove-Rusted.cz Klient 1.8.2 - c:\users\Martin\Desktop\Rusted Klient 1.8.2\UninstallKlient.exe
AddRemove-TeamViewer 9 - c:\program files (x86)\TeamViewer\Version9\uninstall.exe
AddRemove-WinZip Registry Optimizer_is1 - c:\program files (x86)\WinZip Registry Optimizer\unins000.exe
AddRemove-{01db25f3-1b76-4d97-88c8-1c90634d88fb} - c:\programdata\Package Cache\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\vcredist_x86.exe
AddRemove-{2af972c7-13b0-4978-92a8-fee26a4fb4e9} - c:\programdata\Package Cache\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\vcredist_x86.exe
AddRemove-{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC} - c:\program files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe
AddRemove-{615bc16d-60f5-482e-91b3-b51d8130963b} - c:\programdata\Package Cache\{615bc16d-60f5-482e-91b3-b51d8130963b}\vcredist_x86.exe
AddRemove-{6c95b50e-cb5a-4a1f-a7b4-8a6004f8dd6a} - c:\programdata\Package Cache\{6c95b50e-cb5a-4a1f-a7b4-8a6004f8dd6a}\vcredist_x86.exe
AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - c:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
AddRemove-{f0080ca2-80ae-4958-b6eb-e8fa916d744a} - c:\programdata\Package Cache\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}\vcredist_x86.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
c:\windows\jmesoft\JME_LOAD.exe
c:\program files (x86)\Gaming Keyboard\OSD.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2015-02-08 00:47:42 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-02-07 23:47
ComboFix2.txt 2015-01-18 01:37
.
Před spuštěním: Volných bajtů: 51 854 376 960
Po spuštění: Volných bajtů: 51 837 214 720
.
- - End Of File - - 77EC22752A6471323EADB0988AD37396
A36C5E4F47E84449FF07ED3517B43A31

[altrok]

• Prejmenujte ComboFix na Uninstall a spustte jako spravce
• ComboFix se odinstaluje.

Dejte log FRST.txt, prilozte i Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101

[vamvam]

No, mám zde zádrhel u ComboFixu, jakmile jsem to přejmenoval na Uninstall(ten combofix) tak se mi spustil sken jako nedávno a jelikož jsem zazmatkoval tak jsem to u nějaké 4. fáze vypl... Také mi u skenování(cca u 2. Fáze) Eset vyhlásil nějaký :"Av-test.txt" (důvod: Eicar testovací soubor[Netuším co to znamená]) a zablokoval ho do karantény. Poté co jsem ve zmatkování combofix přejmenovaný na Uninstall vypl, mi nešel spustit prohlížeč jako kdybych nebyl připojený k internetu, ale skype apd. mi šlo normálně a na nooteboku mi šel prohlížeč též normálně (po restartu počítače už šel), je to normální?

Prej to mělo moc znaků, tak jsem vám to zabalil do Raru.

FRST + Addition.rar

(51.17 KiB) Staženo 74 x

Smím se ještě zeptat pro moji zvědavost?

- Vir je pouze softvérová záležitost, tudíž nemůže/může přeskočit přes wifi/internetový kabel třeba s noobteboku do počítače, jen když ho mám připojený na stejné síti?

- Klíč registru jako je třeba toto:"{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" to využívá key logger k zjištění hesel apd.?

Děkuju

[altrok]

Normalni chovani pri nenormalnim ukonceni tak agresivniho nastroje jako je ComboFix nemuzete cekat... Pokud je po restartu vse v poradku, neni co resit.


Smazte soubor C:\ProgramData\hash.dat, vycistete tempy i registry pomoci CCleaneru.

- Vir je pouze softvérová záležitost, tudíž nemůže/může přeskočit přes wifi/internetový kabel třeba s noobteboku do počítače, jen když ho mám připojený na stejné síti?

Ano, vir je softwarova zalezitost, ale kazdou vterinou vzniknou 3 nove viry. Nektere napadaji router a siri se vyhradne jen v napadene (domaci) siti. K tomuto napadeni vetsinou dojde na urcitem typu routeru ("IT clanky" na novinkach nemuzu vystat, ale mam pocit, ze se i tam objevilo toto varovani), ktery ma ponechane defaultni (vyrobni) nastaveni hesla, ktere se da zjistit. Vy timto malwarem napadeny nejste.

- Klíč registru jako je třeba toto:"{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" to využívá key logger k zjištění hesel apd.?

Keyloggeru je takove mnozstvi, ze na to neumim odpovedet. Volani GUID (unikatnich identifikacnich cisel) je zpusob, ktery Windows bezne vyuziva, takze konkretne zde se o keylogger nejedna.

[vamvam]

Takže tedy, nemám v počítači žádný vir, který bych mohl chytit z nooteboku jestli jsem to pochopil správně.

Takže, ještě projistotu jednou. Combofix přejmenuji na "Uninstall" a poté ho nechám makat na svojem a svoje ruce strčím do kapes, ano? (Když to po mě chce vypnout antivir, mám ho vypnout či ne?)

A key logger se třeba též množí do domácích sítí?
Děkuji za objasnění.

[altrok]

Nemuzu Vam to 100% garantovat, ale v lozich zadnou havet nevidim.

ComboFix: Pred spustenim odinstalace a pocas jejiho trvani mejte vypnutou ochranu ESETu v realnem case. Po dokonceni procesu ji znovu zapnete.

Na tak dumyslny keylogger jsem jeste nenarazil. Nemuzu to 100% vyloucit, ale je velice nepravdepodobne, aby se keylogger siril z notebooku dal v ramci domaci site. Vy s keyloggery nejak experimentujete, ze se zajimate jen o ne?