Prosím o kontrolu logu kvůli keyloggeru Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Zamčeno
volvo1971
Level 3.5
Level 3.5
Příspěvky: 790
Registrován: prosinec 14
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu kvůli keyloggeru

Příspěvekod volvo1971 » 18 říj 2015 17:48

mbam mi nenašel nic, nemohl jsem dát ani clean ... tak tedy pokračuju dále podle pokynů.
Nahoru
Reklama
Top
volvo1971
Level 3.5
Level 3.5
Příspěvky: 790
Registrován: prosinec 14
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu kvůli keyloggeru

Příspěvekod volvo1971 » 18 říj 2015 18:14

Zoek.exe v5.0.0.1 Updated 17-October-2015
Tool run by doma on ne 18.10.2015 at 17:51:45,67.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\doma\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

18.10.2015 17:54:13 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Program Files\Common Files\AV deleted successfully
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\PROGRA~3\Ubisoft deleted successfully
C:\Users\doma\AppData\Roaming\Ubisoft deleted successfully
C:\Users\doma\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\doma\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\doma\AppData\Local\EmieSiteList deleted successfully
C:\Users\doma\AppData\Local\EmieUserList deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\doma\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\doma\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\doma\AppData\Roaming\Mozilla\Firefox\Profiles\rtaupigo.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.search.defaultenginename", "Seznam");

Added to C:\Users\doma\AppData\Roaming\Mozilla\Firefox\Profiles\rtaupigo.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\doma\AppData\Roaming\Mozilla\Firefox\Profiles\extensions

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_18.10.2015_1805_.backup

ProfilePath: C:\Users\doma\AppData\Roaming\Mozilla\Firefox\Profiles\rtaupigo.default

user.js not found
---- Lines PlusWinks removed from prefs.js ----
user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"private
---- FireFox user.js and prefs.js backups ----

prefs_18.10.2015_1805_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found
C:\Users\doma\AppData\Roaming\ProductData deleted
C:\Users\doma\AppData\LocalLow\Unity deleted
"C:\ProgramData\cm-lock" not deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\doma\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\doma\AppData\Roaming\Mozilla\Firefox\Profiles\rtaupigo.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"hideip@hide-ip-soft.com"="C:\Windows\vf_hip" [28.08.2012 07:57]

==== Firefox Extensions ======================

ExtDir: C:\Users\doma\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
- Undetermined - %ExtDir%\prefs.bck
- Undetermined - %ExtDir%\prefs.bck

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\doma\AppData\Roaming\Mozilla\Firefox\Profiles\rtaupigo.default
AB87C54CA19675880B0CAE65B8AF140C - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.70.11
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System


==== Chromium Look ======================

Google Chrome Version: 46.0.2490.71


BitTorrentControl_v12 - doma\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Complitly plugin for chrome - doma\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dlfienamagdnkekbbbocojppncdambda
uTorrentControl_v2 - doma\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Cool Smiley Bar for Facebook - doma\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mocblcnaofikinigmceddfghppkkjbog
BitTorrentControl_v12 - doma\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Complitly plugin for chrome - doma\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\dlfienamagdnkekbbbocojppncdambda
uTorrentControl_v2 - doma\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Cool Smiley Bar for Facebook - doma\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\mocblcnaofikinigmceddfghppkkjbog
BitTorrentControl_v12 - doma\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Complitly plugin for chrome - doma\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\dlfienamagdnkekbbbocojppncdambda
uTorrentControl_v2 - doma\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Cool Smiley Bar for Facebook - doma\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\mocblcnaofikinigmceddfghppkkjbog
SIH - doma\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl
AdBlock - doma\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Bookmark Manager - Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik

==== Chromium Fix ======================

C:\Users\doma\AppData\Local\Google\Chrome\User Data\Profile 7\Local Storage\http_www.azlyrics.com_0.localstorage-journal deleted successfully
C:\Users\doma\AppData\Local\Google\Chrome\User Data\Profile 7\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
C:\Users\doma\AppData\Local\Google\Chrome\User Data\Profile 7\Local Storage\http_media.mtvnservices.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Old Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Old Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{1F9B9392-7DD6-4B59-98B6-7CD5CB99CB6C} Seznam TV Program Url="http://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194"
{1} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}"

==== Reset Google Chrome ======================

C:\Users\doma\AppData\Local\Google\Chrome\User Data\Profile 7\Preferences was reset successfully
C:\Users\doma\AppData\Local\Google\Chrome\User Data\Profile 7\Secure Preferences was reset successfully
C:\Users\doma\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\doma\AppData\Local\Google\Chrome\User Data\Profile 7\Web Data was reset successfully
C:\Users\doma\AppData\Local\Google\Chrome\User Data\Profile 7\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VICTORY Gaming Keyboard deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\doma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\doma\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\doma\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
C:\Users\doma\AppData\Local\Google\Chrome\User Data\Profile 4\Cache emptied successfully
C:\Users\doma\AppData\Local\Google\Chrome\User Data\Profile 6\Cache emptied successfully
C:\Users\doma\AppData\Local\Google\Chrome\User Data\Profile 7\Cache emptied successfully
C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1002 folders=500 1129600593 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\doma\AppData\Local\Temp will be emptied at reboot
C:\Users\hedev\AppData\Local\temp emptied successfully
C:\Users\Jan\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\doma\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\ProgramData\cm-lock" not deleted

==== EOF on ne 18.10.2015 at 18:13:13,03 ======================
Nahoru
Uživatelský avatar
Orcus
člen Security týmu
Elite Level 10.5
Elite Level 10.5
Příspěvky: 10645
Registrován: duben 10
Bydliště: Okolo rostou 3 růže =o)
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu kvůli keyloggeru

Příspěvekod Orcus » 18 říj 2015 19:41

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

Pokud budou problémy , spusť v nouz. režimu.
Láska hřeje, ale uhlí je uhlí. :fire:


Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.

Pár rad k bezpečnosti PC.

Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix

Pokud budete spokojeni , můžete podpořit naše fórum.
Nahoru
volvo1971
Level 3.5
Level 3.5
Příspěvky: 790
Registrován: prosinec 14
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu kvůli keyloggeru

Příspěvekod volvo1971 » 19 říj 2015 14:53

na esetu jsem nevěděl, jak vypnout rezidentní štít .. tak mi to napsal program combofix dal jsem ok, tak snad to bude v pohodě.. ComboFix 15-10-15.01 - doma 19.10.2015 14:37:04.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4094.2551 [GMT 2:00]
Spuštěný z: c:\users\doma\Desktop\ComboFix.exe
AV: ESET Smart Security 9.0.318.22 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personální firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 9.0.318.22 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Nakažená kopie c:\windows\SysWow64\userinit.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\erdnt\cache86\userinit.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-09-19 do 2015-10-19 )))))))))))))))))))))))))))))))
.
.
2015-10-19 12:43 . 2015-10-19 12:43 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-10-19 12:43 . 2015-10-19 12:43 -------- d-----w- c:\users\Jan\AppData\Local\temp
2015-10-19 12:43 . 2015-10-19 12:43 -------- d-----w- c:\users\hedev\AppData\Local\temp
2015-10-19 12:43 . 2015-10-19 12:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-10-18 19:42 . 2015-10-18 19:42 -------- d-----w- c:\programdata\RzSurroundVAD_1.1.60.0
2015-10-18 16:13 . 2015-10-18 16:13 -------- d-----w- c:\users\doma\AppData\Roaming\ProductData
2015-10-18 16:09 . 2015-10-19 12:45 -------- d-----w- c:\users\doma\AppData\Local\Temp
2015-10-18 16:09 . 2015-10-18 15:51 24064 ----a-w- c:\windows\zoek-delete.exe
2015-10-18 15:51 . 2015-10-18 16:08 -------- d-----w- C:\zoek_backup
2015-10-18 08:45 . 2015-10-18 15:13 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-10-18 08:44 . 2015-10-18 15:12 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-10-18 08:44 . 2015-10-18 08:44 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-10-18 08:44 . 2015-10-05 07:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-10-18 08:44 . 2015-10-05 07:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-10-18 08:16 . 2015-10-18 13:06 -------- d-----w- C:\AdwCleaner
2015-10-18 07:52 . 2015-10-18 07:52 -------- d-----w- C:\AVG_Remover
2015-10-17 22:42 . 2015-10-17 22:42 -------- d-----w- c:\program files (x86)\ESET
2015-10-17 14:51 . 2015-10-17 14:51 -------- d-----w- c:\program files\ESET
2015-10-17 11:13 . 2015-10-17 11:13 -------- d-----w- C:\$Windows.~BT
2015-10-17 10:31 . 2015-10-17 10:31 -------- d-----w- C:\$SysReset
2015-10-16 19:59 . 2015-10-16 19:59 -------- d-----w- C:\Recovery
2015-10-16 19:34 . 2015-10-16 19:34 -------- d-----w- C:\AMD
2015-10-16 17:47 . 2015-10-17 11:13 -------- d-----w- c:\windows\Panther
2015-10-14 14:19 . 2015-09-25 18:07 3168768 ----a-w- c:\windows\system32\wucltux.dll
2015-10-14 14:18 . 2015-09-29 03:16 5569472 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-10-14 14:17 . 2015-10-01 18:04 616360 ----a-w- c:\windows\system32\winresume.efi
2015-10-14 14:17 . 2015-10-01 18:06 692672 ----a-w- c:\windows\system32\winload.efi
2015-10-14 14:17 . 2015-10-01 18:00 59392 ----a-w- c:\windows\system32\appidapi.dll
2015-10-14 14:17 . 2015-10-01 18:00 32768 ----a-w- c:\windows\system32\appidsvc.dll
2015-10-14 14:17 . 2015-10-01 18:00 147456 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2015-10-14 14:17 . 2015-10-01 17:50 50688 ----a-w- c:\windows\SysWow64\appidapi.dll
2015-10-14 14:17 . 2015-10-01 18:00 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
2015-10-14 14:17 . 2015-10-01 18:00 17920 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2015-10-14 14:17 . 2015-10-01 17:00 61440 ----a-w- c:\windows\system32\drivers\appid.sys
2015-10-07 04:16 . 2015-10-07 04:16 142976 ----a-w- c:\windows\system32\drivers\ekbdflt.sys
2015-09-23 07:30 . 2015-09-23 07:30 69840 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2015-09-23 07:30 . 2015-09-23 07:30 52872 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2015-09-23 07:30 . 2015-09-23 07:30 264040 ----a-w- c:\windows\system32\drivers\eamonm.sys
2015-09-23 07:30 . 2015-09-23 07:30 206312 ----a-w- c:\windows\system32\drivers\epfw.sys
2015-09-23 07:30 . 2015-09-23 07:30 186784 ----a-w- c:\windows\system32\drivers\ehdrv.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-18 15:30 . 2015-06-08 14:47 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-10-17 15:05 . 2013-02-10 16:39 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-10-17 15:05 . 2013-02-10 16:39 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-10-14 20:17 . 2013-06-06 12:29 143481208 ----a-w- c:\windows\system32\MRT.exe
2015-09-29 02:58 . 2015-10-14 14:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-09-15 18:11 . 2015-10-14 14:18 342016 ----a-w- c:\windows\system32\schannel.dll
2015-09-15 17:36 . 2015-10-14 14:18 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-09-02 03:04 . 2015-09-09 15:06 41984 ----a-w- c:\windows\system32\lpk.dll
2015-09-02 03:04 . 2015-09-09 15:06 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-09-02 03:04 . 2015-09-09 15:06 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-09-02 03:04 . 2015-09-09 15:06 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-09-02 02:48 . 2015-09-09 15:06 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-09-02 02:48 . 2015-09-09 15:06 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-09-02 02:48 . 2015-09-09 15:06 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-09-02 02:47 . 2015-09-09 15:06 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-09-02 01:51 . 2015-09-09 15:06 3209216 ----a-w- c:\windows\system32\win32k.sys
2015-09-02 01:47 . 2015-09-09 15:06 372736 ----a-w- c:\windows\system32\atmfd.dll
2015-09-02 01:33 . 2015-09-09 15:06 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-08-31 22:45 . 2015-10-17 12:06 11062400 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3CBD961C-824A-45E5-9790-4AEDF983630E}\mpengine.dll
2015-08-27 18:18 . 2015-09-09 15:07 2004480 ----a-w- c:\windows\system32\msxml6.dll
2015-08-27 18:18 . 2015-09-09 15:07 1887232 ----a-w- c:\windows\system32\msxml3.dll
2015-08-27 18:13 . 2015-09-09 15:07 2048 ----a-w- c:\windows\system32\msxml6r.dll
2015-08-27 18:13 . 2015-09-09 15:07 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-08-27 17:58 . 2015-09-09 15:07 1391104 ----a-w- c:\windows\SysWow64\msxml6.dll
2015-08-27 17:58 . 2015-09-09 15:07 1241088 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-08-27 17:51 . 2015-09-09 15:07 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll
2015-08-27 17:51 . 2015-09-09 15:07 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2015-08-07 14:54 . 2015-08-07 14:54 90112 ----a-w- c:\windows\SysWow64\rzdevinfo.dll
2015-08-05 17:56 . 2015-09-09 15:07 1110016 ----a-w- c:\windows\system32\schedsvc.dll
2015-08-05 17:56 . 2015-09-09 15:07 24576 ----a-w- c:\windows\system32\jnwmon.dll
2015-08-05 17:56 . 2015-09-09 15:07 275456 ----a-w- c:\windows\system32\InkEd.dll
2015-08-05 17:40 . 2015-09-09 15:07 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
2015-07-30 18:06 . 2015-08-12 08:31 1648128 ----a-w- c:\windows\system32\DWrite.dll
2015-07-30 18:06 . 2015-08-12 08:31 1180160 ----a-w- c:\windows\system32\FntCache.dll
2015-07-30 18:06 . 2015-08-12 08:31 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2015-07-30 17:57 . 2015-08-12 08:31 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-07-30 17:57 . 2015-08-12 08:31 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2015-07-30 13:13 . 2015-08-12 15:11 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-07-30 13:13 . 2015-08-12 15:11 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-29 01:09 . 2015-07-29 01:09 69632 ----a-w- c:\windows\system32\DriverInstallCA.dll
2015-07-29 01:09 . 2015-07-29 01:09 245760 ----a-w- c:\windows\system32\DriverInstallCACMD.exe
2015-07-29 01:09 . 2015-07-29 01:09 136704 ----a-w- c:\windows\SysWow64\RzVAD.dll
2015-07-28 20:09 . 2015-08-12 08:32 17344 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-07-28 20:05 . 2015-08-12 08:32 774656 ----a-w- c:\windows\system32\invagent.dll
2015-07-28 20:05 . 2015-08-12 08:32 743424 ----a-w- c:\windows\system32\generaltel.dll
2015-07-28 20:05 . 2015-08-12 08:32 437760 ----a-w- c:\windows\system32\devinv.dll
2015-07-28 20:05 . 2015-08-12 08:32 1116672 ----a-w- c:\windows\system32\appraiser.dll
2015-07-28 20:05 . 2015-08-12 08:32 69120 ----a-w- c:\windows\system32\acmigration.dll
2015-07-28 20:05 . 2015-08-12 08:32 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-07-28 19:55 . 2015-08-12 08:32 1148416 ----a-w- c:\windows\system32\aeinv.dll
2015-07-23 00:02 . 2015-09-09 15:07 1390592 ----a-w- c:\windows\system32\diagtrack.dll
2015-07-23 00:02 . 2015-09-09 15:07 879104 ----a-w- c:\windows\system32\tdh.dll
2015-07-23 00:02 . 2015-09-09 15:07 879104 ----a-w- c:\windows\system32\advapi32.dll
2015-07-22 17:53 . 2015-09-09 15:07 635392 ----a-w- c:\windows\SysWow64\tdh.dll
2015-07-22 17:53 . 2015-09-09 15:07 641536 ----a-w- c:\windows\SysWow64\advapi32.dll
2015-07-22 16:48 . 2015-09-09 15:07 41984 ----a-w- c:\windows\system32\UtcResources.dll
2013-12-05 19:27 . 2013-05-26 08:43 27136 ----a-w- c:\program files (x86)\updater.exe
2013-05-26 08:43 . 2013-05-26 08:43 9728 ----a-w- c:\program files (x86)\protokol.exe
2013-03-26 19:50 . 2013-03-24 16:30 46360 ----a-w- c:\program files (x86)\Stub.exe
2011-12-21 08:59 . 2013-01-20 09:58 385024 ----a-w- c:\program files (x86)\win-x86.lib
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-11-18 12:46 223432 ----a-w- c:\users\doma\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-11-18 12:46 223432 ----a-w- c:\users\doma\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-11-18 12:46 223432 ----a-w- c:\users\doma\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"GoogleChromeAutoLaunch_A7537B550D3FA365694F60CD3F931EF4"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2015-10-09 811848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VICTORY Gaming Keyboard"="D:\Monitor.exe" [2013-04-09 270336]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2015-08-31 593216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
R2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 aswTap;avast! SecureLine TAP Adapter v3;c:\windows\system32\DRIVERS\aswTap.sys;c:\windows\SYSNATIVE\DRIVERS\aswTap.sys [x]
R3 BthAudioHF;BthAudioHF Service;c:\windows\system32\DRIVERS\BthAudioHF.sys;c:\windows\SYSNATIVE\DRIVERS\BthAudioHF.sys [x]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys;c:\windows\SYSNATIVE\DRIVERS\BthAvrcp.sys [x]
R3 celavimushost;Celavimus Client Host;d:\csgo client beta\CelavimusClientHelper.exe;d:\csgo client beta\CelavimusClientHelper.exe [x]
R3 cpuz137;cpuz137;c:\users\doma\AppData\Local\Temp\cpuz137\cpuz137_x64.sys;c:\users\doma\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [x]
R3 csr_a2dp;Bluetooth AV Profile;c:\windows\system32\drivers\bthav.sys;c:\windows\SYSNATIVE\drivers\bthav.sys [x]
R3 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
R3 EasyAntiCheatSys;EasyAntiCheatSys;c:\windows\system32\EasyAntiCheat.sys;c:\windows\SYSNATIVE\EasyAntiCheat.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 netr7364;RT73 USB - ovladač karty pro bezdrátovou síť LAN pro systém Windows Vista;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]
R3 PBDOWNFORCE_SERVICE;PBDOWNFORCE_SERVICE;c:\users\doma\Desktop\PBDownforce.sys;c:\users\doma\Desktop\PBDownforce.sys [x]
R3 PBDOWNFORCE_TEST_SERVICE;PBDOWNFORCE_TEST_SERVICE;c:\users\doma\Desktop\Test.sys;c:\users\doma\Desktop\Test.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;c:\windows\system32\drivers\RzMaelstromVAD.sys;c:\windows\SYSNATIVE\drivers\RzMaelstromVAD.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys;c:\windows\SYSNATIVE\DRIVERS\VKbms.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va029;X6va029;c:\windows\SysWOW64\Drivers\X6va029;c:\windows\SysWOW64\Drivers\X6va029 [x]
S0 amdide64;amdide64;c:\windows\system32\DRIVERS\amdide64.sys;c:\windows\SYSNATIVE\DRIVERS\amdide64.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys;c:\windows\SYSNATIVE\drivers\ElRawDsk.sys [x]
S1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.3;AODDriver4.3;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\ekbdflt.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Razer Game Scanner Service;Razer Game Scanner;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [x]
S2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgrk.sys;c:\windows\SYSNATIVE\drivers\rzpmgrk.sys [x]
S2 rzpnk;rzpnk;c:\windows\system32\drivers\rzpnk.sys;c:\windows\SYSNATIVE\drivers\rzpnk.sys [x]
S2 RzSurroundVADStreamingService;Razer Surround Audio Service;c:\programdata\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe;c:\programdata\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [x]
S3 Abyssus;Razer Abyssus;c:\windows\system32\drivers\Abyssus.sys;c:\windows\SYSNATIVE\drivers\Abyssus.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-10-14 19:14 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\46.0.2490.71\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-10-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-10 15:05]
.
2015-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-13 13:42]
.
2015-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-13 13:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-11-18 12:46 262344 ----a-w- c:\users\doma\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-11-18 12:46 262344 ----a-w- c:\users\doma\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-11-18 12:46 262344 ----a-w- c:\users\doma\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SYSTEM32\blank.htm
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 213.46.172.37 213.46.172.36
FF - ProfilePath - c:\users\doma\AppData\Roaming\Mozilla\Firefox\Profiles\rtaupigo.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va029]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va029"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3317937424-2918749163-3385799364-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3317937424-2918749163-3385799364-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3317937424-2918749163-3385799364-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_226_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_226_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.19"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
D:\OSD.exe
c:\programdata\Razer\Synapse\RzStats\RzStats.Manager.exe
c:\program files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
c:\users\doma\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
.
**************************************************************************
.
Celkový čas: 2015-10-19 14:51:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-10-19 12:51
ComboFix2.txt 2015-07-09 12:01
ComboFix3.txt 2015-06-13 09:14
.
Před spuštěním: Volných bajtů: 40 580 820 992
Po spuštění: Volných bajtů: 40 366 759 936
.
- - End Of File - - 5FD1DA87B6F743F31A5ADBF086C6E582
A36C5E4F47E84449FF07ED3517B43A31
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu kvůli keyloggeru

Příspěvekod jaro3 » 19 říj 2015 16:26

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
File::
c:\users\doma\AppData\Local\Temp\cpuz137\cpuz137_x64.sys
c:\windows\SysWOW64\Drivers\X6va029
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\program files (x86)\Google\Update

Driver::
cpuz137
X6va029

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va029]

RegLock::
[HKEY_USERS\S-1-5-21-3317937424-2918749163-3385799364-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3317937424-2918749163-3385799364-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3317937424-2918749163-3385799364-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_226_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_226_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.19"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\system32\drivers\ekbdflt.sys
c:\program files (x86)\updater.exe
c:\program files (x86)\protokol.exe
c:\program files (x86)\Stub.exe
c:\program files (x86)\win-x86.lib

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
volvo1971
Level 3.5
Level 3.5
Příspěvky: 790
Registrován: prosinec 14
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu kvůli keyloggeru

Příspěvekod volvo1971 » 19 říj 2015 17:23

ComboFix 15-10-15.01 - doma 19.10.2015 17:08:36.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4094.2655 [GMT 2:00]
Spuštěný z: c:\users\doma\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\doma\Desktop\CFScript.txt.txt
AV: ESET Smart Security 9.0.318.22 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personální firewall *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 9.0.318.22 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\doma\AppData\Local\Temp\cpuz137\cpuz137_x64.sys"
"c:\windows\SysWOW64\Drivers\X6va029"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Update
c:\program files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
c:\program files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
c:\program files (x86)\Google\Update\1.3.28.15\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.28.15\GoogleUpdateBroker.exe
c:\program files (x86)\Google\Update\1.3.28.15\GoogleUpdateComRegisterShell64.exe
c:\program files (x86)\Google\Update\1.3.28.15\GoogleUpdateHelper.msi
c:\program files (x86)\Google\Update\1.3.28.15\GoogleUpdateOnDemand.exe
c:\program files (x86)\Google\Update\1.3.28.15\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\1.3.28.15\GoogleUpdateWebPlugin.exe
c:\program files (x86)\Google\Update\1.3.28.15\goopdate.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_am.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_ar.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_bg.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_bn.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_ca.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_cs.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_da.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_de.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_el.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_en-GB.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_en.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_es-419.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_es.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_et.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_fa.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_fi.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_fil.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_fr.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_gu.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_hi.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_hr.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_hu.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_id.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_is.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_it.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_iw.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_ja.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_kn.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_ko.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_lt.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_lv.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_ml.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_mr.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_ms.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_nl.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_no.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_pl.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_pt-BR.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_pt-PT.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_ro.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_ru.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_sk.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_sl.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_sr.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_sv.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_sw.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_ta.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_te.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_th.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_tr.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_uk.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_ur.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_vi.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_zh-CN.dll
c:\program files (x86)\Google\Update\1.3.28.15\goopdateres_zh-TW.dll
c:\program files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll
c:\program files (x86)\Google\Update\1.3.28.15\psmachine.dll
c:\program files (x86)\Google\Update\1.3.28.15\psmachine_64.dll
c:\program files (x86)\Google\Update\1.3.28.15\psuser.dll
c:\program files (x86)\Google\Update\1.3.28.15\psuser_64.dll
c:\program files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.28.15\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\46.0.2490.71\46.0.2490.71_45.0.2454.101_chrome_updater.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Google\Update\Install\{0578D295-D254-4D31-B8A9-B3E0FDDDFFBC}\41.0.2272.89_40.0.2214.115_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{0A8175F3-F20D-4DC6-91B4-16E9134EA525}\43.0.2357.81_43.0.2357.65_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{226A627B-9D32-4FE9-B203-9DF6F3441C02}\44.0.2403.157_44.0.2403.155_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{2D2F1981-EF33-426F-9E1D-B9A72506442B}\45.0.2454.99_45.0.2454.93_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{46CE5BBE-0FBE-47E5-8E7A-A8193ECF50AA}\43.0.2357.132_43.0.2357.130_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{472AD1DE-EF01-49F1-BAD4-F2663A21BA6E}\40.0.2214.115_40.0.2214.111_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{50C1620D-53AD-412F-BCCD-EA02C39D9057}\43.0.2357.134_43.0.2357.132_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{6A8C0A17-1685-4A2A-8861-F234DFBAD805}\43.0.2357.65_42.0.2311.152_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{6AB63A30-0A94-4E85-87C7-81FC4C4B6EA8}\45.0.2454.85_44.0.2403.157_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{6B2E77AE-B07F-4EDD-8D17-4F534E2FA701}\45.0.2454.101_45.0.2454.99_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{6BAFD421-5273-42B4-A813-99B70567FD5D}\44.0.2403.125_44.0.2403.107_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{6C816198-85AA-42C0-B819-C6B546874FCF}\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Install\{6D51BD33-21CA-4818-917E-6EC3C2679849}\44.0.2403.130_44.0.2403.125_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{71445374-19E0-42A0-9CB7-565555BF289E}\42.0.2311.135_42.0.2311.90_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{78685D8C-A41B-4195-B75E-3367F6F538B5}\43.0.2357.124_43.0.2357.81_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{936D41E5-87B9-4AF4-9B9E-A36DEE9FA798}\44.0.2403.107_43.0.2357.134_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{A354DDA2-64D5-4446-ADA7-8B475685BEBC}\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Install\{A35B8BF8-AC09-41A7-9BBF-EFB711B6B119}\44.0.2403.155_44.0.2403.130_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{A4D6595C-5D36-4061-A434-E1D02CA4069C}\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Install\{AB6A9C4F-DCB5-41DB-87BD-E1122E1FC96C}\41.0.2272.118_41.0.2272.101_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{C3A08F08-6F0B-4C92-B970-2C220B6A661C}\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Install\{C50194CB-3BDE-4B06-BD18-12890AD69DA7}\46.0.2490.71_45.0.2454.101_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{C67E7C78-9AA7-41B8-8E7F-6D6AAFF89B11}\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Install\{C9A8F169-9CE9-4524-8065-76A208FE249A}\40.0.2214.111_40.0.2214.94_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{CC84D851-F085-4140-B71A-DF72F2093AB7}\43.0.2357.130_43.0.2357.124_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{D9076232-05EE-4B15-B39C-FE566FFE7EB3}\45.0.2454.93_45.0.2454.85_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{E2CE3DC4-AC48-41ED-B7A0-3870697BC01D}\42.0.2311.152_42.0.2311.135_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{EDF6EF45-532E-4A21-BDB3-A324BDFDFC4B}\41.0.2272.101_41.0.2272.89_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{EEBF5B68-D73B-4648-A92E-A3A4C1D8F90B}\42.0.2311.90_41.0.2272.118_chrome_updater.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
Nakažená kopie c:\windows\SysWow64\userinit.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\erdnt\cache86\userinit.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_CPUZ137
-------\Legacy_X6VA029
-------\Service_cpuz137
-------\Service_X6va029
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-09-19 do 2015-10-19 )))))))))))))))))))))))))))))))
.
.
2015-10-19 15:17 . 2015-06-23 23:22 12221144 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C0AC9E77-C5C8-4147-B720-80C6DF53BC8B}\mpengine.dll
2015-10-19 15:15 . 2015-10-19 15:15 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-10-19 15:15 . 2015-10-19 15:15 -------- d-----w- c:\users\Jan\AppData\Local\temp
2015-10-19 15:15 . 2015-10-19 15:15 -------- d-----w- c:\users\hedev\AppData\Local\temp
2015-10-19 15:15 . 2015-10-19 15:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-10-18 19:42 . 2015-10-18 19:42 -------- d-----w- c:\programdata\RzSurroundVAD_1.1.60.0
2015-10-18 16:13 . 2015-10-18 16:13 -------- d-----w- c:\users\doma\AppData\Roaming\ProductData
2015-10-18 16:09 . 2015-10-19 15:17 -------- d-----w- c:\users\doma\AppData\Local\Temp
2015-10-18 16:09 . 2015-10-18 15:51 24064 ----a-w- c:\windows\zoek-delete.exe
2015-10-18 15:51 . 2015-10-18 16:08 -------- d-----w- C:\zoek_backup
2015-10-18 08:45 . 2015-10-18 15:13 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-10-18 08:44 . 2015-10-18 15:12 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-10-18 08:44 . 2015-10-18 08:44 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-10-18 08:44 . 2015-10-05 07:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-10-18 08:44 . 2015-10-05 07:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-10-18 08:16 . 2015-10-18 13:06 -------- d-----w- C:\AdwCleaner
2015-10-18 07:52 . 2015-10-18 07:52 -------- d-----w- C:\AVG_Remover
2015-10-17 22:42 . 2015-10-17 22:42 -------- d-----w- c:\program files (x86)\ESET
2015-10-17 14:51 . 2015-10-17 14:51 -------- d-----w- c:\program files\ESET
2015-10-17 12:06 . 2015-08-31 22:45 11062400 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3CBD961C-824A-45E5-9790-4AEDF983630E}\mpengine.dll
2015-10-17 11:13 . 2015-10-17 11:13 -------- d-----w- C:\$Windows.~BT
2015-10-17 10:31 . 2015-10-17 10:31 -------- d-----w- C:\$SysReset
2015-10-16 19:59 . 2015-10-16 19:59 -------- d-----w- C:\Recovery
2015-10-16 19:34 . 2015-10-16 19:34 -------- d-----w- C:\AMD
2015-10-16 17:47 . 2015-10-17 11:13 -------- d-----w- c:\windows\Panther
2015-10-14 14:19 . 2015-09-25 18:07 3168768 ----a-w- c:\windows\system32\wucltux.dll
2015-10-14 14:18 . 2015-09-29 03:16 5569472 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-10-14 14:17 . 2015-10-01 18:04 616360 ----a-w- c:\windows\system32\winresume.efi
2015-10-14 14:17 . 2015-10-01 18:06 692672 ----a-w- c:\windows\system32\winload.efi
2015-10-14 14:17 . 2015-10-01 18:00 59392 ----a-w- c:\windows\system32\appidapi.dll
2015-10-14 14:17 . 2015-10-01 18:00 32768 ----a-w- c:\windows\system32\appidsvc.dll
2015-10-14 14:17 . 2015-10-01 18:00 147456 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2015-10-14 14:17 . 2015-10-01 17:50 50688 ----a-w- c:\windows\SysWow64\appidapi.dll
2015-10-14 14:17 . 2015-10-01 18:00 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
2015-10-14 14:17 . 2015-10-01 18:00 17920 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2015-10-14 14:17 . 2015-10-01 17:00 61440 ----a-w- c:\windows\system32\drivers\appid.sys
2015-10-07 04:16 . 2015-10-07 04:16 142976 ----a-w- c:\windows\system32\drivers\ekbdflt.sys
2015-09-23 07:30 . 2015-09-23 07:30 69840 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2015-09-23 07:30 . 2015-09-23 07:30 52872 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2015-09-23 07:30 . 2015-09-23 07:30 264040 ----a-w- c:\windows\system32\drivers\eamonm.sys
2015-09-23 07:30 . 2015-09-23 07:30 206312 ----a-w- c:\windows\system32\drivers\epfw.sys
2015-09-23 07:30 . 2015-09-23 07:30 186784 ----a-w- c:\windows\system32\drivers\ehdrv.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-18 15:30 . 2015-06-08 14:47 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-10-17 15:05 . 2013-02-10 16:39 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-10-17 15:05 . 2013-02-10 16:39 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-10-14 20:17 . 2013-06-06 12:29 143481208 ----a-w- c:\windows\system32\MRT.exe
2015-09-29 02:58 . 2015-10-14 14:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-09-15 18:11 . 2015-10-14 14:18 342016 ----a-w- c:\windows\system32\schannel.dll
2015-09-15 17:36 . 2015-10-14 14:18 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-09-02 03:04 . 2015-09-09 15:06 41984 ----a-w- c:\windows\system32\lpk.dll
2015-09-02 03:04 . 2015-09-09 15:06 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-09-02 03:04 . 2015-09-09 15:06 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-09-02 03:04 . 2015-09-09 15:06 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-09-02 02:48 . 2015-09-09 15:06 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-09-02 02:48 . 2015-09-09 15:06 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-09-02 02:48 . 2015-09-09 15:06 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-09-02 02:47 . 2015-09-09 15:06 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-09-02 01:51 . 2015-09-09 15:06 3209216 ----a-w- c:\windows\system32\win32k.sys
2015-09-02 01:47 . 2015-09-09 15:06 372736 ----a-w- c:\windows\system32\atmfd.dll
2015-09-02 01:33 . 2015-09-09 15:06 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-08-27 18:18 . 2015-09-09 15:07 2004480 ----a-w- c:\windows\system32\msxml6.dll
2015-08-27 18:18 . 2015-09-09 15:07 1887232 ----a-w- c:\windows\system32\msxml3.dll
2015-08-27 18:13 . 2015-09-09 15:07 2048 ----a-w- c:\windows\system32\msxml6r.dll
2015-08-27 18:13 . 2015-09-09 15:07 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-08-27 17:58 . 2015-09-09 15:07 1391104 ----a-w- c:\windows\SysWow64\msxml6.dll
2015-08-27 17:58 . 2015-09-09 15:07 1241088 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-08-27 17:51 . 2015-09-09 15:07 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll
2015-08-27 17:51 . 2015-09-09 15:07 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2015-08-07 14:54 . 2015-08-07 14:54 90112 ----a-w- c:\windows\SysWow64\rzdevinfo.dll
2015-08-05 17:56 . 2015-09-09 15:07 1110016 ----a-w- c:\windows\system32\schedsvc.dll
2015-08-05 17:56 . 2015-09-09 15:07 24576 ----a-w- c:\windows\system32\jnwmon.dll
2015-08-05 17:56 . 2015-09-09 15:07 275456 ----a-w- c:\windows\system32\InkEd.dll
2015-08-05 17:40 . 2015-09-09 15:07 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
2015-07-30 18:06 . 2015-08-12 08:31 1648128 ----a-w- c:\windows\system32\DWrite.dll
2015-07-30 18:06 . 2015-08-12 08:31 1180160 ----a-w- c:\windows\system32\FntCache.dll
2015-07-30 18:06 . 2015-08-12 08:31 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2015-07-30 17:57 . 2015-08-12 08:31 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-07-30 17:57 . 2015-08-12 08:31 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2015-07-30 13:13 . 2015-08-12 15:11 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-07-30 13:13 . 2015-08-12 15:11 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-29 01:09 . 2015-07-29 01:09 69632 ----a-w- c:\windows\system32\DriverInstallCA.dll
2015-07-29 01:09 . 2015-07-29 01:09 245760 ----a-w- c:\windows\system32\DriverInstallCACMD.exe
2015-07-29 01:09 . 2015-07-29 01:09 136704 ----a-w- c:\windows\SysWow64\RzVAD.dll
2015-07-28 20:09 . 2015-08-12 08:32 17344 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-07-28 20:05 . 2015-08-12 08:32 774656 ----a-w- c:\windows\system32\invagent.dll
2015-07-28 20:05 . 2015-08-12 08:32 743424 ----a-w- c:\windows\system32\generaltel.dll
2015-07-28 20:05 . 2015-08-12 08:32 437760 ----a-w- c:\windows\system32\devinv.dll
2015-07-28 20:05 . 2015-08-12 08:32 1116672 ----a-w- c:\windows\system32\appraiser.dll
2015-07-28 20:05 . 2015-08-12 08:32 69120 ----a-w- c:\windows\system32\acmigration.dll
2015-07-28 20:05 . 2015-08-12 08:32 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-07-28 19:55 . 2015-08-12 08:32 1148416 ----a-w- c:\windows\system32\aeinv.dll
2015-07-23 00:02 . 2015-09-09 15:07 1390592 ----a-w- c:\windows\system32\diagtrack.dll
2015-07-23 00:02 . 2015-09-09 15:07 879104 ----a-w- c:\windows\system32\tdh.dll
2015-07-23 00:02 . 2015-09-09 15:07 879104 ----a-w- c:\windows\system32\advapi32.dll
2015-07-22 17:53 . 2015-09-09 15:07 635392 ----a-w- c:\windows\SysWow64\tdh.dll
2015-07-22 17:53 . 2015-09-09 15:07 641536 ----a-w- c:\windows\SysWow64\advapi32.dll
2015-07-22 16:48 . 2015-09-09 15:07 41984 ----a-w- c:\windows\system32\UtcResources.dll
2013-12-05 19:27 . 2013-05-26 08:43 27136 ----a-w- c:\program files (x86)\updater.exe
2013-05-26 08:43 . 2013-05-26 08:43 9728 ----a-w- c:\program files (x86)\protokol.exe
2013-03-26 19:50 . 2013-03-24 16:30 46360 ----a-w- c:\program files (x86)\Stub.exe
2011-12-21 08:59 . 2013-01-20 09:58 385024 ----a-w- c:\program files (x86)\win-x86.lib
Nahoru
volvo1971
Level 3.5
Level 3.5
Příspěvky: 790
Registrován: prosinec 14
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu kvůli keyloggeru

Příspěvekod volvo1971 » 19 říj 2015 17:24

.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-11-18 12:46 223432 ----a-w- c:\users\doma\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-11-18 12:46 223432 ----a-w- c:\users\doma\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-11-18 12:46 223432 ----a-w- c:\users\doma\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"GoogleChromeAutoLaunch_A7537B550D3FA365694F60CD3F931EF4"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2015-10-09 811848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VICTORY Gaming Keyboard"="D:\Monitor.exe" [2013-04-09 270336]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2015-08-31 593216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
R2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 aswTap;avast! SecureLine TAP Adapter v3;c:\windows\system32\DRIVERS\aswTap.sys;c:\windows\SYSNATIVE\DRIVERS\aswTap.sys [x]
R3 BthAudioHF;BthAudioHF Service;c:\windows\system32\DRIVERS\BthAudioHF.sys;c:\windows\SYSNATIVE\DRIVERS\BthAudioHF.sys [x]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys;c:\windows\SYSNATIVE\DRIVERS\BthAvrcp.sys [x]
R3 celavimushost;Celavimus Client Host;d:\csgo client beta\CelavimusClientHelper.exe;d:\csgo client beta\CelavimusClientHelper.exe [x]
R3 csr_a2dp;Bluetooth AV Profile;c:\windows\system32\drivers\bthav.sys;c:\windows\SYSNATIVE\drivers\bthav.sys [x]
R3 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
R3 EasyAntiCheatSys;EasyAntiCheatSys;c:\windows\system32\EasyAntiCheat.sys;c:\windows\SYSNATIVE\EasyAntiCheat.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 netr7364;RT73 USB - ovladač karty pro bezdrátovou síť LAN pro systém Windows Vista;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]
R3 PBDOWNFORCE_SERVICE;PBDOWNFORCE_SERVICE;c:\users\doma\Desktop\PBDownforce.sys;c:\users\doma\Desktop\PBDownforce.sys [x]
R3 PBDOWNFORCE_TEST_SERVICE;PBDOWNFORCE_TEST_SERVICE;c:\users\doma\Desktop\Test.sys;c:\users\doma\Desktop\Test.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;c:\windows\system32\drivers\RzMaelstromVAD.sys;c:\windows\SYSNATIVE\drivers\RzMaelstromVAD.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys;c:\windows\SYSNATIVE\DRIVERS\VKbms.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 amdide64;amdide64;c:\windows\system32\DRIVERS\amdide64.sys;c:\windows\SYSNATIVE\DRIVERS\amdide64.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys;c:\windows\SYSNATIVE\drivers\ElRawDsk.sys [x]
S1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.3;AODDriver4.3;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\ekbdflt.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Razer Game Scanner Service;Razer Game Scanner;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [x]
S2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgrk.sys;c:\windows\SYSNATIVE\drivers\rzpmgrk.sys [x]
S2 rzpnk;rzpnk;c:\windows\system32\drivers\rzpnk.sys;c:\windows\SYSNATIVE\drivers\rzpnk.sys [x]
S2 RzSurroundVADStreamingService;Razer Surround Audio Service;c:\programdata\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe;c:\programdata\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [x]
S3 Abyssus;Razer Abyssus;c:\windows\system32\drivers\Abyssus.sys;c:\windows\SYSNATIVE\drivers\Abyssus.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-10-14 19:14 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\46.0.2490.71\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-10-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-10 15:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-11-18 12:46 262344 ----a-w- c:\users\doma\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-11-18 12:46 262344 ----a-w- c:\users\doma\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-11-18 12:46 262344 ----a-w- c:\users\doma\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SYSTEM32\blank.htm
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 213.46.172.37 213.46.172.36
FF - ProfilePath - c:\users\doma\AppData\Roaming\Mozilla\Firefox\Profiles\rtaupigo.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3317937424-2918749163-3385799364-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_226_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_226_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
D:\OSD.exe
c:\programdata\Razer\Synapse\RzStats\RzStats.Manager.exe
c:\program files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
c:\users\doma\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
.
**************************************************************************
.
Celkový čas: 2015-10-19 17:21:55 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-10-19 15:21
ComboFix2.txt 2015-10-19 12:51
ComboFix3.txt 2015-07-09 12:01
ComboFix4.txt 2015-06-13 09:14
.
Před spuštěním: Volných bajtů: 40 117 755 904
Po spuštění: Volných bajtů: 39 723 454 464
.
- - End Of File - - 4A093BB9DE5CBEC822A39756D62CA9A8
A36C5E4F47E84449FF07ED3517B43A31
Nahoru
volvo1971
Level 3.5
Level 3.5
Příspěvky: 790
Registrován: prosinec 14
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu kvůli keyloggeru

Příspěvekod volvo1971 » 19 říj 2015 17:25

je to na 2 části, at se lépe vyznáte ...
Nahoru
volvo1971
Level 3.5
Level 3.5
Příspěvky: 790
Registrován: prosinec 14
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu kvůli keyloggeru

Příspěvekod volvo1971 » 19 říj 2015 17:31

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2015-10-19 17:26:16
-----------------------------
17:26:16.893 OS Version: Windows x64 6.1.7601 Service Pack 1
17:26:16.893 Number of processors: 4 586 0x403
17:26:16.894 ComputerName: DOMA-PC UserName: doma
17:26:17.276 Initialize success
17:26:17.309 VM: initialized successfully
17:26:17.310 VM: Amd CPU BiosDisabled
17:26:38.525 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-4
17:26:38.532 Disk 0 Vendor: WDC_WD5000AAKX-603CA0 18.01H18 Size: 476940MB BusType: 3
17:26:38.623 Disk 0 MBR read successfully
17:26:38.626 Disk 0 MBR scan
17:26:38.630 Disk 0 Windows 7 default MBR code
17:26:38.634 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:26:38.640 Disk 0 Boot: NTFS code=1
17:26:38.645 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 100000 MB offset 206848
17:26:38.665 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 376838 MB offset 205006848
17:26:38.687 Disk 0 scanning C:\Windows\system32\drivers
17:26:43.893 Service scanning
17:26:56.937 Modules scanning
17:26:56.953 Disk 0 trace - called modules:
17:26:56.979 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS amdide64.sys PCIIDEX.SYS hal.dll atapi.sys
17:26:56.986 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a9f060]
17:26:56.992 3 CLASSPNP.SYS[fffff880011d043f] -> nt!IofCallDriver -> [0xfffffa80049769b0]
17:26:56.999 5 ACPI.sys[fffff88000e477a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T1L0-4[0xfffffa8004a3a060]
17:26:57.005 Disk 0 statistics 101554/0/0 @ 10,16 MB/s
17:26:57.010 Scan finished successfully
17:27:20.360 Disk 0 MBR has been saved successfully to "C:\Users\doma\Desktop\MBR.dat"
17:27:20.362 The log file has been saved successfully to "C:\Users\doma\Desktop\aswMBR.txt"


aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2015-10-19 17:29:28
-----------------------------
17:29:28.163 OS Version: Windows x64 6.1.7601 Service Pack 1
17:29:28.163 Number of processors: 4 586 0x403
17:29:28.164 ComputerName: DOMA-PC UserName: doma
17:29:28.634 Initialize success
17:29:28.640 VM: initialized successfully
17:29:28.642 VM: Amd CPU BiosDisabled
17:29:33.361 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-4
17:29:33.367 Disk 0 Vendor: WDC_WD5000AAKX-603CA0 18.01H18 Size: 476940MB BusType: 3
17:29:33.440 Disk 0 MBR read successfully
17:29:33.444 Disk 0 MBR scan
17:29:33.448 Disk 0 Windows 7 default MBR code
17:29:33.452 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:29:33.458 Disk 0 Boot: NTFS code=1
17:29:33.463 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 100000 MB offset 206848
17:29:33.483 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 376838 MB offset 205006848
17:29:33.494 Disk 0 scanning C:\Windows\system32\drivers
17:29:38.483 Service scanning
17:29:50.030 Modules scanning
17:29:50.043 Disk 0 trace - called modules:
17:29:50.055 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS amdide64.sys PCIIDEX.SYS hal.dll atapi.sys
17:29:50.058 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a9f060]
17:29:50.061 3 CLASSPNP.SYS[fffff880011d043f] -> nt!IofCallDriver -> [0xfffffa80049769b0]
17:29:50.065 5 ACPI.sys[fffff88000e477a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T1L0-4[0xfffffa8004a3a060]
17:29:50.068 Disk 0 statistics 101554/0/0 @ 10,68 MB/s
17:29:50.071 Scan finished successfully
17:29:57.026 Disk 0 MBR has been saved successfully to "C:\Users\doma\Desktop\MBR.dat"
17:29:57.028 The log file has been saved successfully to "C:\Users\doma\Desktop\aswMBR.txt"
Nahoru
volvo1971
Level 3.5
Level 3.5
Příspěvky: 790
Registrován: prosinec 14
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu kvůli keyloggeru

Příspěvekod volvo1971 » 19 říj 2015 17:57

ten první soubour mi nešel anjít ve složce system 32, tak jsem ho šupl na plochu a udělal scen. Můžu už vše vrátit zpět? Ty ochranné soboury apod ?
ekbdflt.sys : https://www.virustotal.com/cs/file/7aa8 ... 445270168/
jinak uploader . exe : https://www.virustotal.com/cs/file/d85a ... 445269649/
protokol.exe : https://www.virustotal.com/cs/file/6e6a ... 445269756/
Stub.exe mi našel 1 něco.. : https://www.virustotal.com/cs/file/4ad9 ... 445269856/
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu kvůli keyloggeru

Příspěvekod jaro3 » 19 říj 2015 22:45

Ještě tento:
c:\program files (x86)\win-x86.lib
pokud je to soubor..
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
volvo1971
Level 3.5
Level 3.5
Příspěvky: 790
Registrován: prosinec 14
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu kvůli keyloggeru

Příspěvekod volvo1971 » 20 říj 2015 06:01

\win-x86.lib:
https://www.virustotal.com/cs/file/2017 ... 445313534/
Nahoru
Zamčeno

Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 88 hostů