Prosím o kontrolu logu - preventivka

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Odpovědět
Uživatelský avatar
Exuctioner
Level 2.5
Level 2.5
Příspěvky: 326
Registrován: březen 14
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu - preventivka

Příspěvekod Exuctioner » 03 kvě 2015 18:26

aswMBR - za moment ComboFix

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2015-05-03 18:25:11
-----------------------------
18:25:11.111 OS Version: Windows x64 6.1.7601 Service Pack 1
18:25:11.111 Number of processors: 4 586 0x1707
18:25:11.113 ComputerName: PC-PC UserName: PC
18:25:12.076 Initialize success
18:25:12.149 VM: initialized successfully
18:25:12.150 VM: Intel CPU virtualization not supported
18:25:32.445 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-6
18:25:32.450 Disk 0 Vendor: WDC_WD6400AARS-00Y5B1 80.00A80 Size: 610479MB BusType: 3
18:25:32.570 Disk 0 MBR read successfully
18:25:32.573 Disk 0 MBR scan
18:25:32.576 Disk 0 Windows 7 default MBR code
18:25:32.579 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:25:32.583 Disk 0 Boot: NTFS code=2
18:25:32.595 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 124929 MB offset 206848
18:25:32.607 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 485448 MB offset 256061440
18:25:32.626 Disk 0 scanning C:\Windows\system32\drivers
18:25:38.767 Service scanning
18:25:50.004 Modules scanning
18:25:50.013 Disk 0 trace - called modules:
18:25:50.036 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
18:25:50.041 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80071a3060]
18:25:50.046 3 CLASSPNP.SYS[fffff8800185a43f] -> nt!IofCallDriver -> [0xfffffa800617b040]
18:25:50.051 5 ACPI.sys[fffff88000eba7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-6[0xfffffa8006a93680]
18:25:50.058 Disk 0 statistics 92507/0/0 @ 8,24 MB/s
18:25:50.063 Scan finished successfully
18:26:05.468 Disk 0 MBR has been saved successfully to "C:\Users\PC\Desktop\MBR.dat"
18:26:05.475 The log file has been saved successfully to "C:\Users\PC\Desktop\aswMBR.txt"

ComboFix

ComboFix 15-04-28.01 - PC 03.05.2015 18:42:59.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.7167.4283 [GMT 2:00]
Spuštěný z: c:\users\PC\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-04-03 do 2015-05-03 )))))))))))))))))))))))))))))))
.
.
2015-05-03 09:47 . 2015-05-03 09:47 -------- d-----w- C:\RegBackup
2015-05-03 02:03 . 2015-05-03 02:03 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C51A070-1596-472E-93A1-57629B700EBB}\offreg.dll
2015-05-02 20:57 . 2015-05-03 16:40 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-02 20:57 . 2015-05-02 20:58 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-05-02 20:57 . 2015-04-14 07:37 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-05-02 20:57 . 2015-04-14 07:37 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-05-02 20:57 . 2015-04-14 07:37 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-05-02 20:49 . 2015-05-02 20:27 24064 ----a-w- c:\windows\zoek-delete.exe
2015-05-02 20:49 . 2015-05-03 16:48 -------- d-----w- c:\users\PC\AppData\Local\Temp
2015-05-02 20:27 . 2015-05-02 20:47 -------- d-----w- C:\zoek_backup
2015-05-02 20:20 . 2015-05-02 20:23 -------- d-----w- C:\AdwCleaner
2015-05-01 21:30 . 2015-05-01 21:30 -------- d-----w- c:\program files\JAM Software
2015-05-01 20:20 . 2015-04-04 06:25 12032440 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C51A070-1596-472E-93A1-57629B700EBB}\mpengine.dll
2015-04-27 14:24 . 2015-04-27 14:24 -------- d-----w- c:\users\PC\Tracing
2015-04-15 12:46 . 2015-04-15 12:46 -------- d-----w- c:\windows\system32\appraiser
2015-04-15 12:27 . 2015-03-17 05:22 5557696 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-04-15 12:25 . 2015-03-05 05:12 404480 ----a-w- c:\windows\system32\gdi32.dll
2015-04-15 12:25 . 2015-03-05 04:05 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-04-15 12:24 . 2015-03-04 04:55 367552 ----a-w- c:\windows\system32\clfs.sys
2015-04-15 12:24 . 2015-03-04 04:41 79360 ----a-w- c:\windows\system32\clfsw32.dll
2015-04-15 12:24 . 2015-03-04 04:10 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll
2015-04-14 16:06 . 2015-04-14 16:06 8704 ----a-w- c:\windows\system32\drivers\hidkmdf.sys
2015-04-14 16:06 . 2015-04-14 16:06 43616 ----a-w- c:\windows\system32\drivers\sshid.sys
2015-04-12 11:51 . 2015-04-12 11:52 -------- d-----w- c:\users\PC\AppData\Roaming\Gyazo
2015-04-12 11:50 . 2015-04-12 12:50 -------- d-----w- c:\program files (x86)\Gyazo
2015-04-12 05:40 . 2015-04-12 05:40 -------- d-----w- c:\users\PC\AppData\Local\PAYDAY
2015-04-12 05:17 . 2015-04-12 05:17 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2015-04-09 21:06 . 2015-04-09 21:06 -------- d-----w- c:\users\PC\AppData\Local\Blizzard Entertainment
2015-04-09 21:05 . 2015-04-10 15:16 -------- d-----w- c:\users\PC\AppData\Local\Battle.net
2015-04-09 21:05 . 2015-04-09 21:06 -------- d-----w- c:\users\PC\AppData\Roaming\Battle.net
2015-04-09 21:05 . 2015-04-10 11:49 -------- d-----w- c:\programdata\Blizzard Entertainment
2015-04-09 21:03 . 2015-04-09 21:03 -------- d-----w- c:\programdata\Battle.net
2015-04-04 11:26 . 2015-01-31 03:48 3179520 ----a-w- c:\windows\system32\rdpcorets.dll
2015-04-04 11:26 . 2015-01-31 03:48 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2015-04-04 11:26 . 2015-01-30 23:56 243200 ----a-w- c:\windows\system32\rdpudd.dll
2015-04-04 11:25 . 2014-12-11 17:47 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
2015-04-04 11:20 . 2015-05-02 23:36 -------- d-----w- c:\users\PC\AppData\Local\Purplizer
2015-04-04 09:27 . 2014-09-05 02:11 6584320 ----a-w- c:\windows\system32\mstscax.dll
2015-04-04 09:27 . 2014-09-05 01:52 5703168 ----a-w- c:\windows\SysWow64\mstscax.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-03 13:26 . 2014-11-22 18:14 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-05-02 20:49 . 2014-06-29 11:07 65536 ----a-w- c:\windows\system32\spu_storage.bin
2015-04-15 12:32 . 2014-09-20 14:16 128913832 ----a-w- c:\windows\system32\MRT.exe
2015-04-06 01:29 . 2014-06-07 09:27 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2015-04-06 01:29 . 2014-06-07 09:27 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2015-04-06 01:29 . 2014-06-07 09:27 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2015-04-06 01:29 . 2014-06-07 09:27 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2015-03-25 03:24 . 2015-04-02 19:28 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-02 19:28 37376 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-02 19:28 35328 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-02 19:28 3298816 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-02 19:28 2553856 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-02 19:28 191488 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-02 19:28 696320 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-02 19:28 60416 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-02 19:28 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-02 19:28 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-02 19:28 135168 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-02 19:28 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-02 19:28 566784 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-02 19:28 29696 ----a-w- c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-02 19:28 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-02 19:28 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-03-17 05:16 . 2015-04-15 12:27 341504 ----a-w- c:\windows\system32\schannel.dll
2015-03-17 04:57 . 2015-04-15 12:27 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-03-17 04:56 . 2015-04-15 12:27 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-03-04 04:41 . 2015-05-01 20:19 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-03-04 04:41 . 2015-05-01 20:19 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-03-04 04:10 . 2015-05-01 20:19 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-03-04 04:10 . 2015-05-01 20:19 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-03-04 04:06 . 2015-05-01 20:19 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2015-03-01 17:32 . 2015-03-01 17:32 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-01 17:32 . 2015-03-01 17:32 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-26 03:25 . 2015-04-02 19:24 3204096 ----a-w- c:\windows\system32\win32k.sys
2015-02-24 02:17 . 2014-05-06 11:45 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-02-20 04:41 . 2015-04-02 19:24 41984 ----a-w- c:\windows\system32\lpk.dll
2015-02-20 04:40 . 2015-04-02 19:24 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-02-20 04:40 . 2015-04-02 19:24 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-02-20 04:40 . 2015-04-02 19:24 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-02-20 04:13 . 2015-04-02 19:24 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-02-20 04:13 . 2015-04-02 19:24 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-02-20 04:13 . 2015-04-02 19:24 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-02-20 04:12 . 2015-04-02 19:24 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-02-20 03:29 . 2015-04-02 19:24 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-02-20 03:09 . 2015-04-02 19:24 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-02-17 13:30 . 2015-02-17 13:30 1691808 ----a-w- c:\windows\system32\FM20.DLL
2015-02-13 05:26 . 2015-04-02 19:24 12875264 ----a-w- c:\windows\SysWow64\shell32.dll
2015-02-13 05:22 . 2015-04-02 19:24 14177280 ----a-w- c:\windows\system32\shell32.dll
2015-02-04 10:23 . 2015-02-04 10:23 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2015-02-04 10:13 . 2015-02-04 10:13 869536 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-02-04 03:16 . 2015-04-02 19:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-02-04 02:54 . 2015-04-02 19:16 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-02-03 03:34 . 2015-04-02 19:30 693176 ----a-w- c:\windows\system32\winload.efi
2015-02-03 03:34 . 2015-04-02 19:30 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-02-03 03:33 . 2015-04-02 19:30 616360 ----a-w- c:\windows\system32\winresume.efi
2015-02-03 03:31 . 2015-04-02 19:30 14632960 ----a-w- c:\windows\system32\wmp.dll
2015-02-03 03:31 . 2015-04-02 19:30 782848 ----a-w- c:\windows\system32\wmdrmsdk.dll
2015-02-03 03:31 . 2015-04-02 19:30 229376 ----a-w- c:\windows\system32\wintrust.dll
2015-02-03 03:31 . 2015-04-02 19:24 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-03 03:31 . 2015-04-02 19:24 215552 ----a-w- c:\windows\system32\ubpm.dll
2015-02-03 03:31 . 2015-04-02 19:30 5120 ----a-w- c:\windows\system32\msdxm.ocx
2015-02-03 03:31 . 2015-04-02 19:30 5120 ----a-w- c:\windows\system32\dxmasf.dll
2015-02-03 03:31 . 2015-04-02 19:30 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
2015-02-03 03:31 . 2015-04-02 19:30 1574400 ----a-w- c:\windows\system32\quartz.dll
2015-02-03 03:31 . 2015-04-02 19:30 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll
2015-02-03 03:31 . 2015-04-02 19:30 371712 ----a-w- c:\windows\system32\qdvd.dll
2015-02-03 03:31 . 2015-04-02 19:30 188416 ----a-w- c:\windows\system32\pcasvc.dll
2015-02-03 03:31 . 2015-04-02 19:30 37376 ----a-w- c:\windows\system32\pcadm.dll
2015-02-03 03:31 . 2015-04-02 19:30 9728 ----a-w- c:\windows\system32\spwmp.dll
2015-02-03 03:31 . 2015-04-02 19:30 641024 ----a-w- c:\windows\system32\msscp.dll
2015-02-03 03:31 . 2015-04-02 19:30 325632 ----a-w- c:\windows\system32\msnetobj.dll
2015-02-03 03:31 . 2015-04-02 19:30 11264 ----a-w- c:\windows\system32\msmmsp.dll
2015-02-03 03:31 . 2015-04-02 19:30 4121600 ----a-w- c:\windows\system32\mf.dll
2015-02-03 03:31 . 2015-04-02 19:30 432128 ----a-w- c:\windows\system32\mfplat.dll
2015-02-03 03:31 . 2015-04-02 19:30 206848 ----a-w- c:\windows\system32\mfps.dll
2015-02-03 03:30 . 2015-04-02 19:30 631808 ----a-w- c:\windows\system32\evr.dll
2015-02-03 03:30 . 2015-04-02 19:30 284672 ----a-w- c:\windows\system32\EncDump.dll
2015-02-03 03:30 . 2015-04-02 19:30 1202176 ----a-w- c:\windows\system32\drmv2clt.dll
2015-02-03 03:30 . 2015-04-02 19:30 497664 ----a-w- c:\windows\system32\drmmgrtn.dll
2015-02-03 03:30 . 2015-04-02 19:30 1480192 ----a-w- c:\windows\system32\crypt32.dll
2015-02-03 03:30 . 2015-04-02 19:30 140288 ----a-w- c:\windows\system32\cryptnet.dll
2015-02-03 03:30 . 2015-04-02 19:30 1069056 ----a-w- c:\windows\system32\cryptui.dll
2015-02-03 03:30 . 2015-04-02 19:30 187904 ----a-w- c:\windows\system32\cryptsvc.dll
2015-02-03 03:30 . 2015-04-02 19:30 82432 ----a-w- c:\windows\system32\cryptsp.dll
2015-02-03 03:30 . 2015-04-02 19:30 680960 ----a-w- c:\windows\system32\audiosrv.dll
2015-02-03 03:30 . 2015-04-02 19:30 842240 ----a-w- c:\windows\system32\blackbox.dll
2015-02-03 03:30 . 2015-04-02 19:30 440832 ----a-w- c:\windows\system32\AudioEng.dll
2015-02-03 03:30 . 2015-04-02 19:30 296448 ----a-w- c:\windows\system32\AudioSes.dll
2015-02-03 03:30 . 2015-04-02 19:30 58880 ----a-w- c:\windows\system32\appidapi.dll
2015-02-03 03:30 . 2015-04-02 19:30 32256 ----a-w- c:\windows\system32\appidsvc.dll
2015-02-03 03:30 . 2015-04-02 19:30 55808 ----a-w- c:\windows\system32\rrinstaller.exe
2015-02-03 03:30 . 2015-04-02 19:30 9728 ----a-w- c:\windows\system32\pcalua.exe
2015-02-03 03:30 . 2015-04-02 19:30 11264 ----a-w- c:\windows\system32\pcawrk.exe
2015-02-03 03:30 . 2015-04-02 19:30 24576 ----a-w- c:\windows\system32\mfpmp.exe
2015-02-03 03:30 . 2015-04-02 19:30 126464 ----a-w- c:\windows\system32\audiodg.exe
2015-02-03 03:30 . 2015-04-02 19:30 17920 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2015-02-03 03:30 . 2015-04-02 19:30 146944 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2015-02-03 03:30 . 2015-04-02 19:30 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2015-02-03 03:29 . 2015-04-02 19:30 8704 ----a-w- c:\windows\system32\pcaevts.dll
2015-02-03 03:28 . 2015-04-02 19:30 2048 ----a-w- c:\windows\system32\mferror.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-01-21 13:05 1729744 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-01-21 13:05 1729744 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-01-21 13:05 1729744 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_73B90D4D0D4A45E4E1249D0D8EDB5EB0"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2015-04-28 812872]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"Overwolf"="c:\program files (x86)\Overwolf\Overwolf.exe" [2015-04-05 40688]
"Gyazo"="c:\program files (x86)\Gyazo\GyStation.exe" [2014-10-27 3095840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-11-20 767176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SteelSeries Engine 3.lnk - c:\program files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe -dataPath="c:\programdata\SteelSeries\SteelSeries Engine 3" -dbEnv=production -auto=true [2015-4-16 18502920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
.
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R2 amdacpusrsvc;ACP User Service;c:\program files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe;c:\program files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 cpuz130;cpuz130;c:\users\PC\AppData\Local\Temp\cpuz130\cpuz_x64.sys;c:\users\PC\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [x]
R4 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 amdacpksd;ACP Kernel Service Driver;c:\windows\system32\drivers\amdacpksd.sys;c:\windows\SYSNATIVE\drivers\amdacpksd.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - aswMBR
*Deregistered* - aswVmm
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-28 18:52 988488 ----a-w- c:\program files (x86)\Google\Chrome\Application\42.0.2311.135\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-27 23:45]
.
2015-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-27 23:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-01-21 13:01 2334928 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-01-21 13:01 2334928 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-01-21 13:01 2334928 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CmPCIaudio"="c:\windows\Syswow64\CMICNFG3.dll" [2014-05-06 8151040]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SYSTEM32\blank.htm
mSearch Bar = www.google.com
IE: E&xport to Microsoft Excel - d:\micros~1\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - d:\micros~1\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{15134cb0-b767-4960-a911-f2d16ae54797} - c:\programdata\Package Cache\{15134cb0-b767-4960-a911-f2d16ae54797}\vcredist_x64.exe
AddRemove-{22154f09-719a-4619-bb71-5b3356999fbf} - c:\programdata\Package Cache\{22154f09-719a-4619-bb71-5b3356999fbf}\vcredist_x86.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - c:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
Celkový čas: 2015-05-03 18:50:19
ComboFix-quarantined-files.txt 2015-05-03 16:50
.
Před spuštěním: Volných bajtů: 57 511 243 776
Po spuštění: Volných bajtů: 57 433 964 544
.
- - End Of File - - 2F99FFBD97F570F51B9C546CE27F5170
A36C5E4F47E84449FF07ED3517B43A31
Intel Core i5-4460 + SilentiumPC Spartan LT HE922
MSI H97 Gaming 3
Kingston Savage 16GB DDR3 1600MHz
Asus STRIX R9 390 DC3OC 8GB
Intel SSD 535 Series - 240GB
Seagate Barracuda 7200.14 1TB
Seasonic SS-620GM2 Evo 620W
Zalman R1
Arctic Fan F12 - 4x

Apple iPhone 6 128GB Space Gray
Nahoru
Reklama
Top
Uživatelský avatar
Exuctioner
Level 2.5
Level 2.5
Příspěvky: 326
Registrován: březen 14
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu - preventivka

Příspěvekod Exuctioner » 03 kvě 2015 21:09

UP >_<
Intel Core i5-4460 + SilentiumPC Spartan LT HE922
MSI H97 Gaming 3
Kingston Savage 16GB DDR3 1600MHz
Asus STRIX R9 390 DC3OC 8GB
Intel SSD 535 Series - 240GB
Seagate Barracuda 7200.14 1TB
Seasonic SS-620GM2 Evo 620W
Zalman R1
Arctic Fan F12 - 4x

Apple iPhone 6 128GB Space Gray
Nahoru
mople71
Level 3.5
Level 3.5
Příspěvky: 662
Registrován: listopad 14
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu - preventivka

Příspěvekod mople71 » 03 kvě 2015 22:00

Po 4 hodinách dáváš UP jo? :roll:


Radši si tyto soubory otestuj na VirusTotal a dej mi sem odkazy na jejich test (pokud již byl soubor analyzován, klikni na Reanalyse): https://www.virustotal.com/

Kód: Vybrat vše

c:\windows\system32\spu_storage.bin


A zapni si UAC. ;)
Nahoru
Uživatelský avatar
Exuctioner
Level 2.5
Level 2.5
Příspěvky: 326
Registrován: březen 14
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu - preventivka

Příspěvekod Exuctioner » 03 kvě 2015 22:37

VirusTotal - ovšem soubor lze otestovat až po tom, co ho někam zkopíruji (např. na plochu). Přímo přes Choose File > C/Windows.... prostě soubor není ukázaný

UAC zapnut.
Intel Core i5-4460 + SilentiumPC Spartan LT HE922
MSI H97 Gaming 3
Kingston Savage 16GB DDR3 1600MHz
Asus STRIX R9 390 DC3OC 8GB
Intel SSD 535 Series - 240GB
Seagate Barracuda 7200.14 1TB
Seasonic SS-620GM2 Evo 620W
Zalman R1
Arctic Fan F12 - 4x

Apple iPhone 6 128GB Space Gray
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu - preventivka

Příspěvekod jaro3 » 05 kvě 2015 09:58

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\program files (x86)\Google\Update

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]

RegNull::
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
Odpovědět

Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 105 hostů