Hacknutí flash hry - upozornění adminů na možnost keyloggerů

[Doobee]

Zdravím. Nevím, jestli se tady potýkáte s keyloggery, nebo ne, ale u jedné flashové hry nastaly docela nemilé komplikace a na její stránce se objevil nějaký pochybný Java script, který prý napadá main.dll a main64.dll.
Dostal jsem celkem strach, jelikož jsem si to vlákno přečetl až po navštívení stránky a tak raději přídávám logy z RSIT a FRST.



FRST jsem na svém 64bit systému rozjel jako správce a zde je log FRST.txt (našel jsem více logů pro stejný výpis, navíc dva addition.txt a taky do stejného .rar souboru přiložím RSIT log, kdyby byl třeba)

Kód: Vybrat vše

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-02-2014
Ran by Doobee (administrator) on DOOBEE-PC on 06-02-2014 23:01:40
Running from C:\Users\Doobee\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Doobee\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2010-02-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-12-31] (Microsoft Corporation)
HKU\S-1-5-21-1798693234-1912187638-68701465-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd)
HKU\S-1-5-21-1798693234-1912187638-68701465-1000\...\Run: [uTorrent] - C:\Users\Doobee\AppData\Roaming\uTorrent\utorrent.exe [393728 2013-12-12] (BitTorrent, Inc.)
HKU\S-1-5-21-1798693234-1912187638-68701465-1000\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2014-01-17] (Sandboxie Holdings, LLC)

==================== Internet (Whitelisted) ====================

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 62.129.50.20 85.135.32.100
Tcpip\..\Interfaces\{51152F92-0F46-4684-899F-4238DFCAA6A8}: [NameServer]62.129.50.20,85.135.32.100

Chrome: 
=======
CHR HomePage: https://www.google.cz/
CHR Extension: (Entanglement Web App) - C:\Users\Doobee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2013-12-20]
CHR Extension: (Reverse Youtube Playlist) - C:\Users\Doobee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajhonbaagcobjdmbocblbebcmbmmbfmi [2013-12-20]
CHR Extension: (Qbox - Wisdom of the Ages) - C:\Users\Doobee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikfnimbehfhlelledoaemompbeihbhfb [2013-12-20]
CHR Extension: (Karim Rashid) - C:\Users\Doobee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldjcbfljkplgifccngillicohclloidg [2013-12-20]
CHR Extension: (Peněženka Google) - C:\Users\Doobee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-05]
CHR Extension: (Canvas Rider) - C:\Users\Doobee\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2013-12-20]

==================== Services (Whitelisted) =================

R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)

==================== Drivers (Whitelisted) ====================

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-12-21] (DT Soft Ltd)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2013-12-21] (Duplex Secure Ltd.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-06 23:01 - 2014-02-06 23:02 - 00006544 _____ () C:\Users\Doobee\Desktop\FRST.txt
2014-02-06 23:00 - 2014-02-06 23:01 - 00000000 ____D () C:\FRST
2014-02-06 22:59 - 2014-02-06 22:59 - 02079744 _____ (Farbar) C:\Users\Doobee\Desktop\FRST64.exe
2014-02-06 22:59 - 2014-02-06 22:59 - 00112640 _____ (forum.viry.cz) C:\Users\Doobee\Desktop\FRSTLauncher.exe
2014-02-06 22:13 - 2014-02-06 22:13 - 00000000 ____D () C:\Users\Doobee\Documents\NBGI
2014-02-06 22:12 - 2014-02-06 22:12 - 00000000 ____D () C:\Users\Doobee\AppData\Local\NBGI
2014-02-06 21:17 - 2014-02-06 21:17 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-02-06 21:17 - 2014-02-06 21:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-02-05 16:25 - 2014-02-05 16:25 - 00000000 ____D () C:\Users\Doobee\AppData\Roaming\TeamViewer
2014-02-05 16:23 - 2014-02-05 16:24 - 05859576 _____ (TeamViewer GmbH) C:\Users\Doobee\Desktop\TeamViewer_Setup_cs.exe
2014-02-05 13:44 - 2014-02-05 13:44 - 00000000 ____D () C:\Users\Doobee\AppData\Roaming\RotMG.Production
2014-02-03 15:59 - 2014-02-04 09:36 - 00000114 _____ () C:\Users\Doobee\Desktop\Nový textový dokument.txt
2014-02-01 22:18 - 2014-02-01 22:18 - 00000000 ___RD () C:\Sandbox
2014-02-01 22:14 - 2014-02-06 21:18 - 00001604 _____ () C:\Windows\Sandboxie.ini
2014-02-01 22:12 - 2014-02-01 22:12 - 00000000 ____D () C:\Program Files\Sandboxie
2014-01-28 23:07 - 2014-01-28 23:07 - 00000000 ____D () C:\Users\Doobee\AppData\Local\Ubisoft
2014-01-28 13:49 - 2014-01-28 13:51 - 00000000 ____D () C:\Users\Doobee\AppData\Roaming\AbiSuite
2014-01-28 13:47 - 2014-01-28 13:48 - 00000000 ____D () C:\Program Files (x86)\AbiWord
2014-01-26 20:53 - 2014-01-26 20:53 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-26 20:53 - 2014-01-26 20:53 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-26 20:53 - 2014-01-26 20:53 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-01-26 20:53 - 2014-01-26 20:53 - 00000000 ____D () C:\Windows\system32\Macromed
2014-01-26 20:53 - 2014-01-26 20:53 - 00000000 ____D () C:\Users\Doobee\AppData\Roaming\Macromedia
2014-01-26 20:53 - 2014-01-26 20:53 - 00000000 ____D () C:\Users\Doobee\AppData\Local\Adobe
2014-01-25 13:31 - 2014-02-01 11:30 - 00001130 _____ () C:\Windows\PFRO.log
2014-01-25 01:54 - 2014-01-25 01:54 - 00000915 _____ () C:\Users\Doobee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo.lnk
2014-01-25 01:54 - 2014-01-25 01:54 - 00000000 ____D () C:\Program Files\MediaInfo
2014-01-24 21:01 - 2014-01-24 21:01 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-24 21:01 - 2014-01-24 21:01 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-24 21:01 - 2014-01-24 21:01 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-24 21:01 - 2014-01-24 21:01 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-24 21:01 - 2014-01-24 21:01 - 00000000 ____D () C:\Windows\Sun
2014-01-24 21:01 - 2014-01-24 21:01 - 00000000 ____D () C:\ProgramData\Sun
2014-01-24 21:01 - 2014-01-24 21:01 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-24 13:30 - 2014-01-24 13:30 - 00000850 _____ () C:\Users\Doobee\Desktop\FOnline.exe – zástupce.lnk
2014-01-22 04:31 - 2014-01-22 04:31 - 00028160 _____ () C:\Users\Doobee\Desktop\FalloutCE.exe
2014-01-20 01:16 - 2014-01-22 04:25 - 00000000 __SHD () C:\Users\Public\DRM
2014-01-20 01:16 - 2014-01-20 01:16 - 00000000 ____D () C:\Users\Doobee\AppData\Local\HHD Software
2014-01-19 18:34 - 2014-01-19 18:34 - 00000753 _____ () C:\Users\Public\Desktop\Fallout 1.5 - Resurrection.lnk
2014-01-19 18:28 - 2014-01-19 18:28 - 00052736 _____ (Interplay Productions) C:\Windows\ipuninst.exe
2014-01-19 18:28 - 2014-01-19 18:28 - 00000000 ____D () C:\Users\Doobee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Black Isle
2014-01-19 18:27 - 2014-01-20 01:13 - 00000000 ____D () C:\Fallout 2
2014-01-16 14:57 - 2014-02-01 22:49 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-01-16 14:57 - 2014-01-16 15:28 - 00000000 ____D () C:\Users\Doobee\AppData\Local\Plex Media Server
2014-01-16 14:57 - 2014-01-16 14:57 - 00000000 ____D () C:\Users\Doobee\AppData\Roaming\Apple Computer
2014-01-16 14:57 - 2014-01-16 14:57 - 00000000 ____D () C:\Users\Doobee\AppData\Local\Apple Computer
2014-01-16 14:56 - 2014-01-16 14:56 - 00000000 ____D () C:\Program Files (x86)\Plex
2014-01-16 14:55 - 2014-01-16 14:55 - 00000000 ____D () C:\ProgramData\Apple
2014-01-16 14:55 - 2014-01-16 14:55 - 00000000 ____D () C:\Program Files\Bonjour
2014-01-16 14:55 - 2014-01-16 14:55 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-01-16 14:45 - 2014-01-16 14:45 - 00000000 ____D () C:\Users\Doobee\AppData\Roaming\ATI
2014-01-16 14:45 - 2014-01-16 14:45 - 00000000 ____D () C:\Users\Doobee\AppData\Local\ATI
2014-01-16 14:45 - 2014-01-16 14:45 - 00000000 ____D () C:\ProgramData\ATI
2014-01-16 14:42 - 2014-01-16 14:42 - 00000000 ____D () C:\Program Files\ATI
2014-01-16 14:42 - 2014-01-16 14:42 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-01-16 14:41 - 2014-01-16 14:44 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-01-16 14:41 - 2014-01-16 14:41 - 00000000 ____D () C:\ATI
2014-01-15 13:29 - 2014-01-15 13:29 - 00058408 _____ () C:\Users\Doobee\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-15 13:24 - 2014-01-15 13:24 - 00000000 _____ () C:\Windows\ativpsrm.bin
2014-01-12 14:16 - 2014-01-12 14:16 - 00031259 _____ () C:\Users\Doobee\AppData\Local\recently-used.xbel
2014-01-11 14:00 - 2014-02-06 21:15 - 00035102 _____ () C:\Windows\DirectX.log

==================== One Month Modified Files and Folders =======

2014-02-06 23:02 - 2014-02-06 23:01 - 00006544 _____ () C:\Users\Doobee\Desktop\FRST.txt
2014-02-06 23:01 - 2014-02-06 23:00 - 00000000 ____D () C:\FRST
2014-02-06 23:00 - 2014-01-05 16:03 - 00000000 ____D () C:\Users\Doobee\AppData\Roaming\Skype
2014-02-06 22:59 - 2014-02-06 22:59 - 02079744 _____ (Farbar) C:\Users\Doobee\Desktop\FRST64.exe
2014-02-06 22:59 - 2014-02-06 22:59 - 00112640 _____ (forum.viry.cz) C:\Users\Doobee\Desktop\FRSTLauncher.exe
2014-02-06 22:31 - 2013-12-20 21:21 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-06 22:13 - 2014-02-06 22:13 - 00000000 ____D () C:\Users\Doobee\Documents\NBGI
2014-02-06 22:13 - 2013-12-20 23:54 - 00000000 ____D () C:\Users\Doobee\AppData\Roaming\uTorrent
2014-02-06 22:12 - 2014-02-06 22:12 - 00000000 ____D () C:\Users\Doobee\AppData\Local\NBGI
2014-02-06 21:31 - 2013-12-20 21:21 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-06 21:18 - 2014-02-01 22:14 - 00001604 _____ () C:\Windows\Sandboxie.ini
2014-02-06 21:17 - 2014-02-06 21:17 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-02-06 21:17 - 2014-02-06 21:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-02-06 21:17 - 2013-12-20 20:54 - 01674423 _____ () C:\Windows\WindowsUpdate.log
2014-02-06 21:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-02-06 21:15 - 2014-01-11 14:00 - 00035102 _____ () C:\Windows\DirectX.log
2014-02-06 20:09 - 2009-07-14 05:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-06 20:09 - 2009-07-14 05:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-06 20:06 - 2009-07-14 16:18 - 00631054 _____ () C:\Windows\system32\perfh005.dat
2014-02-06 20:06 - 2009-07-14 16:18 - 00121708 _____ () C:\Windows\system32\perfc005.dat
2014-02-06 20:06 - 2009-07-14 06:13 - 01470062 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-06 20:02 - 2014-01-06 09:51 - 00003295 _____ () C:\Windows\setupact.log
2014-02-06 20:02 - 2013-12-20 21:36 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-06 20:02 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-06 18:34 - 2013-12-20 21:25 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-06 15:50 - 2013-12-22 15:01 - 00000000 ____D () C:\Users\Doobee\AppData\Roaming\TS3Client
2014-02-05 16:25 - 2014-02-05 16:25 - 00000000 ____D () C:\Users\Doobee\AppData\Roaming\TeamViewer
2014-02-05 16:24 - 2014-02-05 16:23 - 05859576 _____ (TeamViewer GmbH) C:\Users\Doobee\Desktop\TeamViewer_Setup_cs.exe
2014-02-05 13:44 - 2014-02-05 13:44 - 00000000 ____D () C:\Users\Doobee\AppData\Roaming\RotMG.Production
2014-02-04 19:10 - 2014-01-01 00:45 - 00000000 ____D () C:\Users\Doobee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-02-04 17:31 - 2013-12-21 16:31 - 00000000 ____D () C:\Users\Doobee\AppData\Roaming\mctitanpokemine2
2014-02-04 09:36 - 2014-02-03 15:59 - 00000114 _____ () C:\Users\Doobee\Desktop\Nový textový dokument.txt
2014-02-02 20:33 - 2013-12-26 23:51 - 00000000 ____D () C:\Users\Doobee\Desktop\hovna
2014-02-01 22:49 - 2014-01-16 14:57 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-02-01 22:18 - 2014-02-01 22:18 - 00000000 ___RD () C:\Sandbox
2014-02-01 22:12 - 2014-02-01 22:12 - 00000000 ____D () C:\Program Files\Sandboxie
2014-02-01 11:30 - 2014-01-25 13:31 - 00001130 _____ () C:\Windows\PFRO.log
2014-01-28 23:07 - 2014-01-28 23:07 - 00000000 ____D () C:\Users\Doobee\AppData\Local\Ubisoft
2014-01-28 13:51 - 2014-01-28 13:49 - 00000000 ____D () C:\Users\Doobee\AppData\Roaming\AbiSuite
2014-01-28 13:48 - 2014-01-28 13:47 - 00000000 ____D () C:\Program Files (x86)\AbiWord
2014-01-26 20:53 - 2014-01-26 20:53 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-26 20:53 - 2014-01-26 20:53 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-26 20:53 - 2014-01-26 20:53 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-01-26 20:53 - 2014-01-26 20:53 - 00000000 ____D () C:\Windows\system32\Macromed
2014-01-26 20:53 - 2014-01-26 20:53 - 00000000 ____D () C:\Users\Doobee\AppData\Roaming\Macromedia
2014-01-26 20:53 - 2014-01-26 20:53 - 00000000 ____D () C:\Users\Doobee\AppData\Local\Adobe
2014-01-25 01:54 - 2014-01-25 01:54 - 00000915 _____ () C:\Users\Doobee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo.lnk
2014-01-25 01:54 - 2014-01-25 01:54 - 00000000 ____D () C:\Program Files\MediaInfo
2014-01-24 21:01 - 2014-01-24 21:01 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-24 21:01 - 2014-01-24 21:01 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-24 21:01 - 2014-01-24 21:01 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-24 21:01 - 2014-01-24 21:01 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-24 21:01 - 2014-01-24 21:01 - 00000000 ____D () C:\Windows\Sun
2014-01-24 21:01 - 2014-01-24 21:01 - 00000000 ____D () C:\ProgramData\Sun
2014-01-24 21:01 - 2014-01-24 21:01 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-24 21:01 - 2013-12-22 12:16 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-24 13:30 - 2014-01-24 13:30 - 00000850 _____ () C:\Users\Doobee\Desktop\FOnline.exe – zástupce.lnk
2014-01-23 15:57 - 2014-01-05 19:36 - 00000000 ____D () C:\Users\Doobee\AppData\Roaming\IrfanView
2014-01-23 02:37 - 2013-12-21 14:08 - 00000000 ____D () C:\Users\Doobee\AppData\Roaming\.minecraft
2014-01-22 04:31 - 2014-01-22 04:31 - 00028160 _____ () C:\Users\Doobee\Desktop\FalloutCE.exe
2014-01-22 04:25 - 2014-01-20 01:16 - 00000000 __SHD () C:\Users\Public\DRM
2014-01-20 01:16 - 2014-01-20 01:16 - 00000000 ____D () C:\Users\Doobee\AppData\Local\HHD Software
2014-01-20 01:13 - 2014-01-19 18:27 - 00000000 ____D () C:\Fallout 2
2014-01-19 18:34 - 2014-01-19 18:34 - 00000753 _____ () C:\Users\Public\Desktop\Fallout 1.5 - Resurrection.lnk
2014-01-19 18:28 - 2014-01-19 18:28 - 00052736 _____ (Interplay Productions) C:\Windows\ipuninst.exe
2014-01-19 18:28 - 2014-01-19 18:28 - 00000000 ____D () C:\Users\Doobee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Black Isle
2014-01-19 18:25 - 2013-12-31 01:57 - 00000000 ____D () C:\Users\Doobee\AppData\Roaming\DAEMON Tools Lite
2014-01-19 00:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-01-16 15:28 - 2014-01-16 14:57 - 00000000 ____D () C:\Users\Doobee\AppData\Local\Plex Media Server
2014-01-16 14:57 - 2014-01-16 14:57 - 00000000 ____D () C:\Users\Doobee\AppData\Roaming\Apple Computer
2014-01-16 14:57 - 2014-01-16 14:57 - 00000000 ____D () C:\Users\Doobee\AppData\Local\Apple Computer
2014-01-16 14:56 - 2014-01-16 14:56 - 00000000 ____D () C:\Program Files (x86)\Plex
2014-01-16 14:55 - 2014-01-16 14:55 - 00000000 ____D () C:\ProgramData\Apple
2014-01-16 14:55 - 2014-01-16 14:55 - 00000000 ____D () C:\Program Files\Bonjour
2014-01-16 14:55 - 2014-01-16 14:55 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-01-16 14:45 - 2014-01-16 14:45 - 00000000 ____D () C:\Users\Doobee\AppData\Roaming\ATI
2014-01-16 14:45 - 2014-01-16 14:45 - 00000000 ____D () C:\Users\Doobee\AppData\Local\ATI
2014-01-16 14:45 - 2014-01-16 14:45 - 00000000 ____D () C:\ProgramData\ATI
2014-01-16 14:44 - 2014-01-16 14:41 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-01-16 14:42 - 2014-01-16 14:42 - 00000000 ____D () C:\Program Files\ATI
2014-01-16 14:42 - 2014-01-16 14:42 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-01-16 14:41 - 2014-01-16 14:41 - 00000000 ____D () C:\ATI
2014-01-15 13:29 - 2014-01-15 13:29 - 00058408 _____ () C:\Users\Doobee\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-15 13:24 - 2014-01-15 13:24 - 00000000 _____ () C:\Windows\ativpsrm.bin
2014-01-12 14:17 - 2013-12-21 15:52 - 00000000 ____D () C:\Users\Doobee\.gimp-2.8
2014-01-12 14:16 - 2014-01-12 14:16 - 00031259 _____ () C:\Users\Doobee\AppData\Local\recently-used.xbel
2014-01-12 14:16 - 2013-12-21 15:55 - 00000000 ____D () C:\Users\Doobee\AppData\Local\gtk-2.0
2014-01-09 20:51 - 2014-01-01 00:45 - 00000000 ____D () C:\Users\Doobee\AppData\Local\NFS Underground 2
2014-01-09 20:49 - 2013-12-20 20:58 - 00000000 ____D () C:\Users\Doobee

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-02 12:34




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:79.9 GB) (Free:22.05 GB) NTFS
Drive d: (Data) (Fixed) (Total:152.88 GB) (Free:46.22 GB) NTFS

Available physical RAM: 2630.3 MB
Total physical RAM: 4095.18 MB
Percentage of memory in use: 35%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 1FA41FA4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=80 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=153 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Users\Public\DRM:??????????

==================== Security Center ==================

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

  
***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Doobee\Desktop" je 531 MB.
 
 
***** Startup Programs *****
 
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Plex Media Server
"C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe" 

 
***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    DisableNotifications    REG_DWORD    0x0
    EnableFirewall    REG_DWORD    0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    DisableNotifications    REG_DWORD    0x0
    EnableFirewall    REG_DWORD    0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
 
***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

 
==================== End Of Log ==============================

[vyosek]

Zdravim

Jen se zeptam pouzivate legalni operacni system, nejvyssi licence Ultimate zrovna neni bezna domaci verze