Napadený email

Zpráva

#16 Příspěvek od **Rudy** » 19 říj 2015 16:50

Ještě můžeme zkusit ComboFix, abychom provedli hloubkovou kontrolu. Keylogger se ale většinou neskrývá a je viditelný i ve FRST:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

shapematters · #17 Příspěvek od **shapematters** » 23 říj 2015 18:28

omlouvám se, přes týden jsem to nestíhal poslat, nevypadá to ale na nic neobvyklého:

ComboFix 15-10-23.01 - Vita 23.10.2015 19:08:51.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.16384.13655 [GMT 2:00]
Spuštěný z: c:\users\Vita\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 192 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Vita\AppData\Local\assembly\tmp
c:\users\Vita\AppData\Local\MSGBOX.EXE
c:\users\Vita\AppData\Local\Plus500
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\BigLoading.gif
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\but_AutoYScaleDown.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\but_AutoYScaleUp.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\but_Cancel.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\but_cashier.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\but_CrosshairDown.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\but_CrosshairUp.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\but_DemoMode.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\but_downarrow_red.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\but_Help.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\but_Help2.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\but_ChartSettings.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\but_MoveDown.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\but_MoveUp.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\but_OK.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\but_RateAlerts.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\but_RealMode.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\but_Search.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\but_SetupIndicators.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\but_SwitchToCandleStick.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\but_SwitchToFun.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\but_SwitchToLine.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\but_SwitchToReal.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\but_ZoomIn.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\but_ZoomOut.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\but_ZoomReset.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\challenge_loading.gif
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\img_ABNAMRO.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\img_AboutWallpaper.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\img_ArrowDown.bmp
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\img_ArrowUp.bmp
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\img_Barclays.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\img_BigBell.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\img_BigBellSelected.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\img_BigFavorite.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\img_BigFavoriteSelected.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\img_BuySellSeparator.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\img_BuySellWallpaper.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\img_CashierDepositWallpaper.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\img_CashierMainWallpaper.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\img_CashierMainWallpaper_OneMargin.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\img_CashierMainWallpaper1.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\img_CashierMainWallpaper1s.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\img_CashierMainWallpaper2.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\img_CashierMainWallpaper2s.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\img_CashierMainWallpaper3.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\img_CashierMainWallpaper3s.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\img_CashierUploadDocRegulation.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\img_CashierUploadDocRegulationNoBonus.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\img_CommonwealthBank.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\img_Error.PNG
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\img_GuaranteedStop.bmp
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\img_ChallengeStandings_Wallpaper.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\img_ChartToolbar.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\img_IBB.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\img_InstrumentScreenLeftWallpaper.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\img_InstrumentScreenRightWallpaper.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\img_LoginWallpaper.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyIconsImageList0.bmp
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyIconsImageList1.bmp
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyIconsImageList2.bmp
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyIconsImageList3.bmp
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyIconsImageList4.bmp
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyIconsImageList5.bmp
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyIconsImageList6.bmp
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyIconsImageList7.bmp
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyIconsImageList8.bmp
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyLeftWallpaper.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyRightWallpaper.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\img_RateUs.png
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\InvestSmallBtns.ssk
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\InvestSoft.ssk
c:\users\Vita\AppData\Local\Plus500\Languages\cs\Images\Loading.gif
c:\users\Vita\AppData\Local\Plus500\Main\configuration.xml
c:\users\Vita\AppData\Local\Plus500\Main\InstrumentsInfo.xml
c:\users\Vita\AppData\Local\Plus500\Main\InvestSoft.log
c:\users\Vita\AppData\Local\Plus500\Main\InvestSoft.log.1
c:\users\Vita\AppData\Local\Plus500\Main\InvestSoft.log.2
c:\users\Vita\AppData\Local\Plus500\Main\InvestSoft.log.3
c:\users\Vita\AppData\Local\Plus500\Main\InvestSoft.log.4
c:\users\Vita\AppData\Local\Plus500\Main\InvestSoftProject.exe
c:\users\Vita\AppData\Local\Plus500\Main\InvestSoftProject.jdbg
c:\users\Vita\AppData\Local\Plus500\Main\log4delphi.log
c:\users\Vita\AppData\Local\Plus500\Main\SIL\AboutGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\AboutGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\AdjustmentGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\AdjustmentGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\AlertsGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\AlertsGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\AMLWarningGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\AMLWarningGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\BuySellGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\BuySellGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\CashierAddressVerificationGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\CashierAddressVerificationGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\CashierBonusAccountGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\CashierBonusAccountGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\CashierDepositGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\CashierDepositGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\CashierEmailVerificationGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\CashierEmailVerificationGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\CashierFullRegistration_ASIC_GUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\CashierFullRegistration_ASIC_GUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\CashierFullRegistration_FSA_GUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\CashierFullRegistration_FSA_GUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\CashierFullRegistrationGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\CashierFullRegistrationGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\CashierGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\CashierGUIbrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\CashierHistoryGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\CashierHistoryGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\CashierChangePasswordGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\CashierChangePasswordGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\CashierMainGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\CashierMainGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\CashierPhoneVerificationGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\CashierPhoneVerificationGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\CashierQuestionnaireFSA_NEW_GUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\CashierQuestionnaireFSA_NEW_GUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\CashierQuestionnaireGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\CashierQuestionnaireGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\CashierReportsGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\CashierReportsGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\CashierSnapshotGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\CashierSnapshotGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\CashierUploadDocsGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\CashierUploadDocsGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\CashierWithdrawGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\CashierWithdrawGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\ClosePositionGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\ClosePositionGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\Countries.xml
c:\users\Vita\AppData\Local\Plus500\Main\SIL\CreateUserGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\CreateUserGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\DontShowAgainGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\DontShowAgainGUIbrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\EquityWarningGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\EquityWarningGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\FavoritesSetupGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\FavoritesSetupGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\ForgotPasswordGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\ForgotPasswordGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\ChallengeCreateGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\ChallengeCreateGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\ChallengeHelpGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\ChallengeHelpGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\ChallengeInviteGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\ChallengeInviteGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\ChallengeStandingsGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\ChallengeStandingsGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\ChartGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\ChartGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\IndicatorsADXGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\IndicatorsADXGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\IndicatorsAligatorGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\IndicatorsAligatorGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\IndicatorsBollingerGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\IndicatorsBollingerGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\IndicatorsEnvelopesGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\IndicatorsEnvelopesGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\IndicatorsGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\IndicatorsGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\IndicatorsMACDOsMAGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\IndicatorsMACDOsMAGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\IndicatorsMovingAverageGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\IndicatorsMovingAverageGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\IndicatorsParabolicSARGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\IndicatorsParabolicSARGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\IndicatorsPeriodGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\IndicatorsPeriodGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\IndicatorsStochasticGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\IndicatorsStochasticGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\InstrumentScreenGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\InstrumentScreenGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\InvestSoft.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\InvestSoftBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\IsRealGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\IsRealGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\LinkMessageDlgGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\LinkMessageDlgGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\LiveChatGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\LiveChatGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\LoginGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\LoginGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\MainLobbyGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\MainLobbyGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\Nationalities.xml
c:\users\Vita\AppData\Local\Plus500\Main\SIL\ProcessingGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\ProcessingGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\ProcessingSmallGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\ProcessingSmallGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\RateAlertGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\RateAlertGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\RateAlertSetupGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\RateAlertSetupGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\RateUsGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\RateUsGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\SettingsGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\SettingsGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\UploadFileGUI.sil
c:\users\Vita\AppData\Local\Plus500\Main\SIL\UploadFileGUIBrand.sil
c:\users\Vita\AppData\Local\Plus500\Update\500w.exe
c:\users\Vita\AppData\Local\Plus500\Update\500z.exe
c:\users\Vita\AppData\Local\Plus500\Update\product.ico
c:\users\Vita\AppData\Local\Plus500\Update\ResourceChange.exe
c:\users\Vita\AppData\Local\Plus500\Update\uninstall.ico
c:\users\Vita\AppData\Roaming\CLDeviceCorrectionsLog.txt
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-09-23 do 2015-10-23 )))))))))))))))))))))))))))))))
.
.
2015-10-23 17:13 . 2015-10-23 17:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-10-23 17:03 . 2015-10-13 09:47 11140960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{16C52583-F9F1-429C-8CC2-E039006078D1}\mpengine.dll
2015-10-20 20:53 . 2015-10-21 16:43 -------- d-----w- c:\users\Vita\AppData\Local\Spotify
2015-10-20 20:51 . 2015-10-21 16:43 -------- d-----w- c:\users\Vita\AppData\Roaming\Spotify
2015-10-17 17:34 . 2015-10-23 17:13 -------- d-----w- c:\users\Vita\AppData\Local\Temp
2015-10-16 17:36 . 2015-10-17 17:26 -------- d-----w- C:\FRST
2015-10-13 18:23 . 2015-08-06 18:04 14176768 ----a-w- c:\windows\system32\shell32.dll
2015-10-13 18:23 . 2015-08-06 18:03 1866752 ----a-w- c:\windows\system32\ExplorerFrame.dll
2015-10-13 18:23 . 2015-08-06 17:44 1498624 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2015-10-13 18:23 . 2015-09-01 18:14 503296 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tiptsf.dll
2015-10-13 18:23 . 2015-09-01 18:14 1247232 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2015-10-13 18:23 . 2015-09-01 18:14 110592 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll
2015-10-13 18:23 . 2015-09-01 18:13 224768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TabTip.exe
2015-10-13 18:23 . 2015-09-01 18:12 544768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipRes.dll
2015-10-13 18:23 . 2015-09-01 17:52 348672 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\tiptsf.dll
2015-10-13 18:23 . 2015-09-01 17:52 10240 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe
2015-10-13 18:17 . 2015-10-01 18:06 692672 ----a-w- c:\windows\system32\winload.efi
2015-10-13 18:17 . 2015-10-01 18:04 616360 ----a-w- c:\windows\system32\winresume.efi
2015-10-13 18:17 . 2015-10-01 18:00 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
2015-10-13 18:17 . 2015-10-01 18:00 59392 ----a-w- c:\windows\system32\appidapi.dll
2015-10-13 18:17 . 2015-10-01 18:00 32768 ----a-w- c:\windows\system32\appidsvc.dll
2015-10-13 18:17 . 2015-10-01 18:00 17920 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2015-10-13 18:17 . 2015-10-01 18:00 147456 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2015-10-13 18:17 . 2015-10-01 17:50 50688 ----a-w- c:\windows\SysWow64\appidapi.dll
2015-10-13 18:17 . 2015-10-01 17:00 61440 ----a-w- c:\windows\system32\drivers\appid.sys
2015-10-01 18:33 . 2015-10-01 18:33 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-17 11:50 . 2013-12-27 22:15 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-10-17 11:50 . 2013-12-27 22:15 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-10-13 23:07 . 2014-01-22 23:04 143481208 ----a-w- c:\windows\system32\MRT.exe
2015-09-29 02:58 . 2015-10-13 18:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-09-22 22:17 . 2015-09-22 22:17 378880 ----a-w- c:\windows\system32\aswBoot.exe
2015-09-22 22:17 . 2014-11-29 13:28 90968 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-09-22 22:17 . 2014-11-29 13:28 65224 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-09-22 22:17 . 2014-11-29 13:28 448968 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-09-22 22:17 . 2014-11-29 13:28 28656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-09-22 22:17 . 2014-11-29 13:28 274808 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-09-22 22:17 . 2014-11-29 13:28 153744 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-09-22 22:17 . 2014-11-29 13:28 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-09-22 22:17 . 2015-09-22 22:17 43112 ----a-w- c:\windows\avastSS.scr
2015-09-22 22:17 . 2014-11-29 13:28 28144 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2015-09-22 22:17 . 2014-11-29 13:28 1049880 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-09-22 22:17 . 2015-09-08 06:27 132656 ----a-w- c:\windows\system32\drivers\ngvss.sys
2015-09-22 22:17 . 2015-09-22 22:17 454528 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2015-09-15 18:11 . 2015-10-13 18:18 342016 ----a-w- c:\windows\system32\schannel.dll
2015-09-15 17:36 . 2015-10-13 18:18 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-09-02 03:04 . 2015-09-09 15:12 41984 ----a-w- c:\windows\system32\lpk.dll
2015-09-02 03:04 . 2015-09-09 15:12 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-09-02 03:04 . 2015-09-09 15:12 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-09-02 03:04 . 2015-09-09 15:12 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-09-02 02:48 . 2015-09-09 15:12 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-09-02 02:48 . 2015-09-09 15:12 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-09-02 02:48 . 2015-09-09 15:12 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-09-02 02:47 . 2015-09-09 15:12 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-09-02 01:51 . 2015-09-09 15:12 3209216 ----a-w- c:\windows\system32\win32k.sys
2015-09-02 01:47 . 2015-09-09 15:12 372736 ----a-w- c:\windows\system32\atmfd.dll
2015-09-02 01:33 . 2015-09-09 15:12 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-08-05 17:56 . 2015-09-09 15:14 1110016 ----a-w- c:\windows\system32\schedsvc.dll
2015-08-05 17:56 . 2015-09-09 15:14 24576 ----a-w- c:\windows\system32\jnwmon.dll
2015-08-05 17:56 . 2015-09-09 15:14 275456 ----a-w- c:\windows\system32\InkEd.dll
2015-08-05 17:40 . 2015-09-09 15:14 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
2015-07-30 18:06 . 2015-08-11 18:51 1180160 ----a-w- c:\windows\system32\FntCache.dll
2015-07-30 18:06 . 2015-08-11 18:51 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2015-07-30 18:06 . 2015-08-11 18:51 1648128 ----a-w- c:\windows\system32\DWrite.dll
2015-07-30 17:57 . 2015-08-11 18:51 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2015-07-30 17:57 . 2015-08-11 18:51 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-07-30 13:13 . 2015-08-11 22:32 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-07-30 13:13 . 2015-08-11 22:32 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-29 284440]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2015-09-24 41360]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2015-09-24 840592]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-09-22 6134544]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2014-10-31 443640]
"RIM PeerManager"="c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe" [2014-11-28 4857592]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2015-03-31 767176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Průvodce NETGEAR WNA1100 Smart Wizard.lnk - f:\programs\Netgear\WNA1100.exe [2013-12-31 4562944]
SpectraView Profiler5 VideoLUT Loader.lnk - c:\program files\SpectraView Software\SpectraView Profiler 5\LUTLoader.exe [2013-12-30 851968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 blackberryncm;BlackBerryNCM Service;c:\windows\system32\DRIVERS\blackberryncm6_AMD64.sys;c:\windows\SYSNATIVE\DRIVERS\blackberryncm6_AMD64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;f:\programs\Netgear\jswpsapi.exe;f:\programs\Netgear\jswpsapi.exe [x]
R3 NDSPCIIO;NDSPCIIO;c:\windows\system32\DRIVERS\NDSPCIIO64.SYS;c:\windows\SYSNATIVE\DRIVERS\NDSPCIIO64.SYS [x]
R3 Origin Client Service;Origin Client Service;f:\programs\Origin\OriginClientService.exe;f:\programs\Origin\OriginClientService.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 usbrndis6;Adaptér USB RNDIS6;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 ngvss;ngvss; [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys;c:\windows\SYSNATIVE\DRIVERS\scmndisp.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys;c:\windows\SYSNATIVE\DRIVERS\jswpslwfx.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;Avast Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe;c:\asus.sys\config\DVMExportService.exe [x]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]
S2 RIM MDNS;RIM MDNS;c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe;c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [x]
S2 RIM Tunnel Service;BlackBerry Link Communication Manager;c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe service;c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe service [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S2 WSWNA1100;WSWNA1100;f:\programs\Netgear\WifiSvc.exe;f:\programs\Netgear\WifiSvc.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 BlackBerry Device Manager;BlackBerry Device Manager;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 rimvndis;BlackBerry Virtual Private Network;c:\windows\system32\Drivers\rimvndis6_AMD64.sys;c:\windows\SYSNATIVE\Drivers\rimvndis6_AMD64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2015-10-17 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_19_0_0_226_pepper.exe [2015-10-17 11:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-09-22 22:17 780616 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Akamai - c:\users\Vita\AppData\Local\Akamai\uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3394885342-2986023214-3047139206-1000\Software\SecuROM\License information*]
"datasecu"=hex:70,2d,44,0d,ea,3d,98,63,b1,9f,53,02,9e,b1,00,d0,4e,0e,bd,61,12,
88,ac,51,bc,d8,1a,2f,83,81,16,0b,f7,70,61,c2,1a,44,89,c6,b9,7e,3c,24,10,6f,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-10-23 19:16:56
ComboFix-quarantined-files.txt 2015-10-23 17:16
.
Před spuštěním: Volných bajtů: 118 582 394 880
Po spuštění: Volných bajtů: 118 001 975 296
.
- - End Of File - - 4E691D6B8BB864D8A2C1C0FC7670CE95

#18 Příspěvek od **Rudy** » 23 říj 2015 19:24

Ještě odemkneme zamčené klíče. Otevřte poznámkový blok a zkopírujte do něj:

Regnull::
[HKEY_USERS\S-1-5-21-3394885342-2986023214-3047139206-1000\Software\SecuROM\License information*]

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

shapematters · #19 Příspěvek od **shapematters** » 23 říj 2015 20:04

ComboFix 15-10-23.01 - Vita 23.10.2015 20:42:59.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.16384.14253 [GMT 2:00]
Spuštěný z: c:\users\Vita\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Vita\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 192 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\out.txt . . . . nemohl být smazán
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-09-23 do 2015-10-23 )))))))))))))))))))))))))))))))
.
.
2015-10-23 18:49 . 2015-10-23 18:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-10-23 17:03 . 2015-10-13 09:47 11140960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{16C52583-F9F1-429C-8CC2-E039006078D1}\mpengine.dll
2015-10-20 20:53 . 2015-10-21 16:43 -------- d-----w- c:\users\Vita\AppData\Local\Spotify
2015-10-20 20:51 . 2015-10-21 16:43 -------- d-----w- c:\users\Vita\AppData\Roaming\Spotify
2015-10-17 17:34 . 2015-10-23 18:53 -------- d-----w- c:\users\Vita\AppData\Local\Temp
2015-10-16 17:36 . 2015-10-17 17:26 -------- d-----w- C:\FRST
2015-10-13 18:23 . 2015-08-06 18:04 14176768 ----a-w- c:\windows\system32\shell32.dll
2015-10-13 18:23 . 2015-08-06 18:03 1866752 ----a-w- c:\windows\system32\ExplorerFrame.dll
2015-10-13 18:23 . 2015-08-06 17:44 1498624 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2015-10-13 18:23 . 2015-09-01 18:14 503296 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tiptsf.dll
2015-10-13 18:23 . 2015-09-01 18:14 1247232 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2015-10-13 18:23 . 2015-09-01 18:14 110592 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll
2015-10-13 18:23 . 2015-09-01 18:13 224768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TabTip.exe
2015-10-13 18:23 . 2015-09-01 18:12 544768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipRes.dll
2015-10-13 18:23 . 2015-09-01 17:52 348672 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\tiptsf.dll
2015-10-13 18:23 . 2015-09-01 17:52 10240 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe
2015-10-13 18:17 . 2015-10-01 18:06 692672 ----a-w- c:\windows\system32\winload.efi
2015-10-13 18:17 . 2015-10-01 18:04 616360 ----a-w- c:\windows\system32\winresume.efi
2015-10-13 18:17 . 2015-10-01 18:00 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
2015-10-13 18:17 . 2015-10-01 18:00 59392 ----a-w- c:\windows\system32\appidapi.dll
2015-10-13 18:17 . 2015-10-01 18:00 32768 ----a-w- c:\windows\system32\appidsvc.dll
2015-10-13 18:17 . 2015-10-01 18:00 17920 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2015-10-13 18:17 . 2015-10-01 18:00 147456 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2015-10-13 18:17 . 2015-10-01 17:50 50688 ----a-w- c:\windows\SysWow64\appidapi.dll
2015-10-13 18:17 . 2015-10-01 17:00 61440 ----a-w- c:\windows\system32\drivers\appid.sys
2015-10-01 18:33 . 2015-10-01 18:33 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-17 11:50 . 2013-12-27 22:15 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-10-17 11:50 . 2013-12-27 22:15 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-10-13 23:07 . 2014-01-22 23:04 143481208 ----a-w- c:\windows\system32\MRT.exe
2015-09-29 02:58 . 2015-10-13 18:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-09-22 22:17 . 2015-09-22 22:17 378880 ----a-w- c:\windows\system32\aswBoot.exe
2015-09-22 22:17 . 2014-11-29 13:28 90968 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-09-22 22:17 . 2014-11-29 13:28 65224 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-09-22 22:17 . 2014-11-29 13:28 448968 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-09-22 22:17 . 2014-11-29 13:28 28656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-09-22 22:17 . 2014-11-29 13:28 274808 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-09-22 22:17 . 2014-11-29 13:28 153744 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-09-22 22:17 . 2014-11-29 13:28 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-09-22 22:17 . 2015-09-22 22:17 43112 ----a-w- c:\windows\avastSS.scr
2015-09-22 22:17 . 2014-11-29 13:28 28144 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2015-09-22 22:17 . 2014-11-29 13:28 1049880 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-09-22 22:17 . 2015-09-08 06:27 132656 ----a-w- c:\windows\system32\drivers\ngvss.sys
2015-09-22 22:17 . 2015-09-22 22:17 454528 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2015-09-15 18:11 . 2015-10-13 18:18 342016 ----a-w- c:\windows\system32\schannel.dll
2015-09-15 17:36 . 2015-10-13 18:18 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-09-02 03:04 . 2015-09-09 15:12 41984 ----a-w- c:\windows\system32\lpk.dll
2015-09-02 03:04 . 2015-09-09 15:12 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-09-02 03:04 . 2015-09-09 15:12 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-09-02 03:04 . 2015-09-09 15:12 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-09-02 02:48 . 2015-09-09 15:12 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-09-02 02:48 . 2015-09-09 15:12 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-09-02 02:48 . 2015-09-09 15:12 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-09-02 02:47 . 2015-09-09 15:12 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-09-02 01:51 . 2015-09-09 15:12 3209216 ----a-w- c:\windows\system32\win32k.sys
2015-09-02 01:47 . 2015-09-09 15:12 372736 ----a-w- c:\windows\system32\atmfd.dll
2015-09-02 01:33 . 2015-09-09 15:12 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-08-05 17:56 . 2015-09-09 15:14 1110016 ----a-w- c:\windows\system32\schedsvc.dll
2015-08-05 17:56 . 2015-09-09 15:14 24576 ----a-w- c:\windows\system32\jnwmon.dll
2015-08-05 17:56 . 2015-09-09 15:14 275456 ----a-w- c:\windows\system32\InkEd.dll
2015-08-05 17:40 . 2015-09-09 15:14 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
2015-07-30 18:06 . 2015-08-11 18:51 1180160 ----a-w- c:\windows\system32\FntCache.dll
2015-07-30 18:06 . 2015-08-11 18:51 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2015-07-30 18:06 . 2015-08-11 18:51 1648128 ----a-w- c:\windows\system32\DWrite.dll
2015-07-30 17:57 . 2015-08-11 18:51 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2015-07-30 17:57 . 2015-08-11 18:51 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-07-30 13:13 . 2015-08-11 22:32 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-07-30 13:13 . 2015-08-11 22:32 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-29 284440]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2015-09-24 41360]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2015-09-24 840592]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-09-22 6134544]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2014-10-31 443640]
"RIM PeerManager"="c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe" [2014-11-28 4857592]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2015-03-31 767176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Průvodce NETGEAR WNA1100 Smart Wizard.lnk - f:\programs\Netgear\WNA1100.exe [2013-12-31 4562944]
SpectraView Profiler5 VideoLUT Loader.lnk - c:\program files\SpectraView Software\SpectraView Profiler 5\LUTLoader.exe [2013-12-30 851968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 blackberryncm;BlackBerryNCM Service;c:\windows\system32\DRIVERS\blackberryncm6_AMD64.sys;c:\windows\SYSNATIVE\DRIVERS\blackberryncm6_AMD64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;f:\programs\Netgear\jswpsapi.exe;f:\programs\Netgear\jswpsapi.exe [x]
R3 NDSPCIIO;NDSPCIIO;c:\windows\system32\DRIVERS\NDSPCIIO64.SYS;c:\windows\SYSNATIVE\DRIVERS\NDSPCIIO64.SYS [x]
R3 Origin Client Service;Origin Client Service;f:\programs\Origin\OriginClientService.exe;f:\programs\Origin\OriginClientService.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 usbrndis6;Adaptér USB RNDIS6;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 ngvss;ngvss; [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys;c:\windows\SYSNATIVE\DRIVERS\scmndisp.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys;c:\windows\SYSNATIVE\DRIVERS\jswpslwfx.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 avast! Firewall;Avast Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe;c:\asus.sys\config\DVMExportService.exe [x]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]
S2 RIM MDNS;RIM MDNS;c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe;c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [x]
S2 RIM Tunnel Service;BlackBerry Link Communication Manager;c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe service;c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe service [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S2 WSWNA1100;WSWNA1100;f:\programs\Netgear\WifiSvc.exe;f:\programs\Netgear\WifiSvc.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 BlackBerry Device Manager;BlackBerry Device Manager;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 rimvndis;BlackBerry Virtual Private Network;c:\windows\system32\Drivers\rimvndis6_AMD64.sys;c:\windows\SYSNATIVE\Drivers\rimvndis6_AMD64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2015-10-17 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_19_0_0_226_pepper.exe [2015-10-17 11:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-09-22 22:17 780616 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
TCP: DhcpNameServer = 10.0.0.138
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
c:\program files\ASUS\TurboV EVO\TurboVHELP.exe
.
**************************************************************************
.
Celkový čas: 2015-10-23 21:02:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-10-23 19:02
ComboFix2.txt 2015-10-23 17:16
.
Před spuštěním: Volných bajtů: 118 151 000 064
Po spuštění: Volných bajtů: 118 105 280 512
.
- - End Of File - - 406E0948097191912CFC1CE80984F751

#20 Příspěvek od **Rudy** » 23 říj 2015 20:26

Klíče odemčeny. PC by teď měl být opravdu čistý. Keylogger tam není a nebyl.

shapematters · #21 Příspěvek od **shapematters** » 23 říj 2015 22:49

Moc díky za pomoc!
Nejspíš to tedy vypadá, že mail je napadený zvenčí přes poskytovatele nebo nějakou třetí cestou.

#22 Příspěvek od **Rudy** » 24 říj 2015 10:42

Nemáte zač! Stejně ale není od věci si mail preventivně přeheslovat.

VIRY.CZ

Napadený email

Re: Napadený email

Re: Napadený email

Re: Napadený email

Re: Napadený email

Re: Napadený email

Re: Napadený email

Re: Napadený email