https://www.virustotal.com/cs/file/7e30 ... 1451751569
ComboFix 15-12-29.01 - User 02.01.2016 17:36:48.3.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.2047.1182 [GMT 1:00]
Spuštěný z: c:\users\User\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\User\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\DarkMiner.exe"
"c:\windows\HappyPlay.exe"
"c:\windows\Tasks\Adobe Flash Player Updater.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\User\AppData\Local\Microsoft\BingSvc
c:\users\User\AppData\Local\Microsoft\BingSvc\BingSvc.exe
c:\users\User\AppData\Local\Microsoft\BingSvc\BSvcProcessor.exe
c:\users\User\AppData\Local\Microsoft\BingSvc\BSvcUpdateConfig.cab
c:\users\User\AppData\Local\Microsoft\BingSvc\BSvcUpdater.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-12-02 do 2016-01-02 )))))))))))))))))))))))))))))))
.
.
2016-01-02 16:42 . 2016-01-02 16:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-12-29 15:35 . 2003-03-15 23:15 90112 ----a-w- c:\windows\unvise32.exe
2015-12-27 15:40 . 2015-12-27 15:40 -------- d-----w- c:\users\User\AppData\Local\CrashDumps
2015-12-26 20:42 . 2015-12-26 20:42 437248 ----a-w- c:\windows\HappyPlay.exe
2015-12-26 20:42 . 2015-12-26 20:42 39424 ----a-w- c:\windows\DarkMiner.exe
2015-12-26 19:00 . 2015-12-26 19:00 -------- d-----w- c:\users\User\AppData\Local\GHISLER
2015-12-24 11:21 . 2015-12-24 11:21 -------- d-----w- c:\users\User\AppData\Local\Adobe
2015-12-04 19:46 . 2015-12-04 19:29 24064 ----a-w- c:\windows\zoek-delete.exe
2015-12-04 19:46 . 2016-01-02 16:44 -------- d-----w- c:\users\User\AppData\Local\Temp
2015-12-04 19:29 . 2015-12-04 19:43 -------- d-----w- C:\zoek_backup
2015-12-03 21:47 . 2015-12-03 21:47 -------- d-----w- c:\program files\Common Files\AV
2015-12-03 21:47 . 2015-12-03 21:47 -------- d-----w- c:\program files (x86)\Common Files\AV
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-01-02 13:34 . 2014-11-20 13:28 796864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-01-02 13:34 . 2014-11-20 13:28 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-12-09 03:39 . 2014-10-02 11:29 301728 ------w- c:\windows\system32\MpSigStub.exe
2015-12-04 18:56 . 2015-12-01 20:35 36608 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-12-01 20:56 . 2015-11-29 19:35 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-11-18 19:31 . 2015-11-18 19:31 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2015-11-18 19:31 . 2015-11-18 19:31 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2015-11-10 19:10 . 2014-12-10 17:46 449992 ----a-w- c:\windows\system32\drivers\aswsp.sys
2015-11-10 19:10 . 2014-12-10 17:46 1059656 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2015-10-05 08:50 . 2015-11-29 19:33 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-10-05 08:50 . 2015-11-29 19:33 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-10-05 08:50 . 2015-11-29 19:33 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-11-10 6108752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2016-01-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-20 13:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-07-20 18:18 777544 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 83.240.0.214 83.240.0.135
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-ProtectDisc Driver 11 - c:\program files (x86)\ProtectDisc Driver Installer\uninstall_v11.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\AVAST Software\Avast\avBugReport.exe
.
**************************************************************************
.
Celkový čas: 2016-01-02 17:47:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-01-02 16:47
ComboFix2.txt 2016-01-01 12:06
.
Před spuštěním: Volných bajtů: 32 692 088 832
Po spuštění: Volných bajtů: 32 488 034 304
.
- - End Of File - - 733C8891E3ECCC20F4FF57E2A7596F68
A36C5E4F47E84449FF07ED3517B43A31
Kontrola logu Vyřešeno
-
jerabina
- člen Security týmu
-
Level 6
- Příspěvky: 3647
- Registrován: březen 13
- Bydliště: Litoměřice
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu
Stáhni si z některého odkazu SystemLook
SystemLook (32-bit)
http://jpshortstuff.247fixes.com/SystemLook.exe
SystemLook (64-bit)
http://jpshortstuff.247fixes.com/SystemLook_x64.exe
a ulož si ho na plochu.
Poklepej na stažený SystemLook , zkopíruj do hlavního text. okna tento následující text:
Klikni na Look ke startu skenu. Když program skončí objeví se v poznámkovém bloku zpráva skenu. Zkopíruj sem celý jeho obsah. Log se také nachází na ploše pod názvem SystemLook.txt.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
Vyčisti systém CCleanerem
Stáhni si OTC
na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.
Co problémy? + nový log z HJT
SystemLook (32-bit)
http://jpshortstuff.247fixes.com/SystemLook.exe
SystemLook (64-bit)
http://jpshortstuff.247fixes.com/SystemLook_x64.exe
a ulož si ho na plochu.
Poklepej na stažený SystemLook , zkopíruj do hlavního text. okna tento následující text:
Kód: Vybrat vše
:filefind
*DarkMiner.exe*
*HappyPlay.exe*
:folderfind
*DarkMiner.exe*
*HappyPlay.exe*
:regfind
*DarkMiner.exe*
*HappyPlay.exe*Klikni na Look ke startu skenu. Když program skončí objeví se v poznámkovém bloku zpráva skenu. Zkopíruj sem celý jeho obsah. Log se také nachází na ploše pod názvem SystemLook.txt.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
Vyčisti systém CCleanerem
Stáhni si OTC
na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.
Co problémy? + nový log z HJT
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
Re: Kontrola logu
Program OTC mi nejde stáhnout. Zkoušel jsem to i přes jiný stránky a buď to napíše, že program neexistuje, anebo to stáhne půlku souboru a konec.
SystemLook 30.07.11 by jpshortstuff
Log created at 11:11 on 03/01/2016 by User
Administrator - Elevation successful
========== filefind ==========
Searching for "*DarkMiner.exe*"
C:\Windows\DarkMiner.exe --a---- 39424 bytes [20:42 26/12/2015] [20:42 26/12/2015] EFC84B65420BCBEE0B9CB7C23B8524A8
C:\Windows\Prefetch\DARKMINER.EXE-DD25DD9B.pf --a---- 21930 bytes [21:56 31/12/2015] [21:56 31/12/2015] 63A548F73C7A18B08E48E5235C3E514B
Searching for "*HappyPlay.exe*"
C:\Windows\HappyPlay.exe --a---- 437248 bytes [20:42 26/12/2015] [20:42 26/12/2015] C3ED8070E201D2887FC0FAF8CC7F0263
========== folderfind ==========
Searching for "*DarkMiner.exe*"
No folders found.
Searching for "*HappyPlay.exe*"
No folders found.
========== regfind ==========
Searching for "*DarkMiner.exe*"
No data found.
Searching for "*HappyPlay.exe*"
No data found.
-= EOF =-
SystemLook 30.07.11 by jpshortstuff
Log created at 11:11 on 03/01/2016 by User
Administrator - Elevation successful
========== filefind ==========
Searching for "*DarkMiner.exe*"
C:\Windows\DarkMiner.exe --a---- 39424 bytes [20:42 26/12/2015] [20:42 26/12/2015] EFC84B65420BCBEE0B9CB7C23B8524A8
C:\Windows\Prefetch\DARKMINER.EXE-DD25DD9B.pf --a---- 21930 bytes [21:56 31/12/2015] [21:56 31/12/2015] 63A548F73C7A18B08E48E5235C3E514B
Searching for "*HappyPlay.exe*"
C:\Windows\HappyPlay.exe --a---- 437248 bytes [20:42 26/12/2015] [20:42 26/12/2015] C3ED8070E201D2887FC0FAF8CC7F0263
========== folderfind ==========
Searching for "*DarkMiner.exe*"
No folders found.
Searching for "*HappyPlay.exe*"
No folders found.
========== regfind ==========
Searching for "*DarkMiner.exe*"
No data found.
Searching for "*HappyPlay.exe*"
No data found.
-= EOF =-
-
jerabina
- člen Security týmu
-
Level 6
- Příspěvky: 3647
- Registrován: březen 13
- Bydliště: Litoměřice
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu
Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit Farbar Recovery Scan Tool (FRST)
32bit.:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
64bit.:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
a ulož jej na plochu. ,pak spusť FRST jako správce
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.
32bit.:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
64bit.:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
a ulož jej na plochu. ,pak spusť FRST jako správce
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
Re: Kontrola logu
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015
Ran by User (administrator) on PC (03-01-2016 15:48:37)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_20_0_0_270_ActiveX.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6108752 2015-11-10] (AVAST Software)
HKU\S-1-5-21-592749292-2958473000-3406679687-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-20] (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 83.240.0.214 83.240.0.135
Tcpip\..\Interfaces\{F7F7FC0D-DCD4-4545-B5EB-3EF1982938D7}: [DhcpNameServer] 83.240.0.214 83.240.0.135
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-592749292-2958473000-3406679687-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-592749292-2958473000-3406679687-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-592749292-2958473000-3406679687-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://seznam.cz/
SearchScopes: HKU\S-1-5-21-592749292-2958473000-3406679687-1003 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-20] (AVAST Software)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-16] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-20] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-16] (Oracle Corporation)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-29] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-592749292-2958473000-3406679687-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-10]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-07-20]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-20]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-20] (AVAST Software)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-10-02] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-20] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-20] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-20] (AVAST Software)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2015-09-26] ()
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-09-18] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2015-09-26] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [36608 2015-12-04] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-03 15:48 - 2016-01-03 15:49 - 00008545 _____ C:\Users\User\Desktop\FRST.txt
2016-01-03 15:48 - 2016-01-03 15:48 - 00000000 ____D C:\FRST
2016-01-03 15:46 - 2016-01-03 15:46 - 02370560 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2016-01-03 11:28 - 2016-01-03 11:28 - 00095488 _____ C:\Users\User\Documents\cc_20160103_112812.reg
2016-01-03 11:23 - 2016-01-03 11:23 - 00002776 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-01-03 11:23 - 2016-01-03 11:23 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-01-03 11:23 - 2016-01-03 11:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-01-03 11:23 - 2016-01-03 11:23 - 00000000 ____D C:\Program Files\CCleaner
2016-01-03 11:20 - 2016-01-03 11:20 - 06805328 _____ (Piriform Ltd) C:\Users\User\Downloads\ccsetup513.exe
2016-01-03 10:52 - 2016-01-03 10:52 - 00165376 _____ C:\Users\User\Desktop\SystemLook_x64.exe
2016-01-02 17:47 - 2016-01-02 17:47 - 00009713 _____ C:\ComboFix.txt
2015-12-31 18:18 - 2016-01-03 11:19 - 00000000 ____D C:\Windows\erdnt
2015-12-31 18:17 - 2015-12-31 18:17 - 05200384 _____ (AVAST Software) C:\Users\User\Desktop\aswmbr.exe
2015-12-29 16:35 - 2015-12-29 16:35 - 00000702 _____ C:\Users\User\Desktop\Launch Painkiller!.lnk
2015-12-29 16:35 - 2015-12-29 16:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DreamCatcher
2015-12-29 16:35 - 2003-03-16 00:15 - 00090112 _____ (MindVision Software) C:\Windows\unvise32.exe
2015-12-27 16:40 - 2016-01-03 11:27 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2015-12-27 13:15 - 2015-12-27 13:16 - 189895320 _____ C:\Users\User\Downloads\painkiller_1.0.zip
2015-12-27 11:35 - 2015-12-27 11:35 - 00000000 ____D C:\Users\User\Downloads\Teorie-velkého-třesku-S03.E1-24.CZ
2015-12-26 21:42 - 2015-12-26 21:42 - 00437248 _____ C:\Windows\HappyPlay.exe
2015-12-26 21:42 - 2015-12-26 21:42 - 00039424 _____ (COIN) C:\Windows\DarkMiner.exe
2015-12-26 20:00 - 2015-12-26 20:00 - 00000000 ____D C:\Users\User\AppData\Local\GHISLER
2015-12-26 17:24 - 2015-12-26 19:33 - 2309068078 _____ C:\Users\User\Downloads\Painkiller-(PC-Game-2004).rar
2015-12-24 14:54 - 2015-12-24 14:54 - 00000000 ____D C:\Users\User\Downloads\Teorie-velkého-třesku-S05.E1-24.CZ
2015-12-24 12:21 - 2015-12-24 12:21 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2015-12-04 20:46 - 2015-12-04 20:29 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-12-04 20:29 - 2015-12-04 20:43 - 00000000 ____D C:\zoek_backup
2015-12-04 20:26 - 2015-12-04 20:26 - 01309184 _____ C:\Users\User\Desktop\zoek.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-03 15:48 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2016-01-03 15:34 - 2014-11-20 14:28 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-03 12:08 - 2015-01-10 15:34 - 00000000 ____D C:\Users\User\Desktop\Výkazy
2016-01-03 11:27 - 2015-11-18 20:41 - 00000000 ____D C:\Users\User\AppData\Roaming\MPC-HC
2016-01-03 11:27 - 2015-09-18 14:24 - 00000000 ____D C:\Users\User\AppData\Roaming\DAEMON Tools Lite
2016-01-03 11:27 - 2014-10-07 10:04 - 00000000 ____D C:\Windows\Panther
2016-01-03 11:27 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-01-03 11:14 - 2015-09-25 13:00 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-01-03 10:53 - 2009-07-14 05:45 - 00025152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-03 10:53 - 2009-07-14 05:45 - 00025152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-03 10:46 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-02 20:14 - 2014-12-10 18:47 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-01-02 17:44 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2016-01-02 14:34 - 2014-11-20 14:28 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-02 14:34 - 2014-11-20 14:28 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-02 14:34 - 2014-11-20 14:28 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-01 12:52 - 2014-10-02 14:03 - 00001912 _____ C:\Windows\epplauncher.mif
2015-12-26 11:25 - 2014-10-02 09:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-26 11:25 - 2014-10-02 09:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-26 11:22 - 2014-10-02 09:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-12 19:31 - 2015-11-29 20:16 - 00000884 _____ C:\Users\User\Desktop\Temp File Cleaner.lnk
2015-12-12 19:31 - 2015-11-18 20:40 - 00001746 _____ C:\Users\User\Desktop\MPC-HC x64.lnk
2015-12-09 04:39 - 2014-10-02 12:29 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-06 14:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2015-12-04 19:56 - 2015-12-01 21:35 - 00036608 _____ C:\Windows\system32\Drivers\TrueSight.sys
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-12-30 14:24
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-12-2015
Ran by User (2016-01-03 15:49:20)
Running from C:\Users\User\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-10-07 08:15:06)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-592749292-2958473000-3406679687-500 - Administrator - Disabled)
Guest (S-1-5-21-592749292-2958473000-3406679687-501 - Limited - Disabled)
User (S-1-5-21-592749292-2958473000-3406679687-1003 - Administrator - Enabled) => C:\Users\User
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2223 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Hattrick Organizer (remove only) (HKLM-x32\...\Hattrick Organizer) (Version: - )
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Malwarebytes Anti-Malware verze 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110405-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MPC-HC 1.7.8 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.8 - MPC-HC Team)
NVIDIA Ovladače grafiky 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{C560D6E7-E40A-435D-8B71-62CBCF1701B2}) (Version: 4.11.9775 - Apache Software Foundation)
Ovládací panel NVIDIA 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden
Painkiller SP Demo 3 (HKLM-x32\...\Painkiller SP Demo 3) (Version: - )
Sada Compatibility Pack pro systém Office 2007 (HKLM-x32\...\{90120000-0020-0405-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Temp File Cleaner (HKLM\...\Temp File Cleaner) (Version: 4.4.0 - Addpcs, LLC)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 8.51 - Ghisler Software GmbH)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {07395450-E289-48E8-8530-8A3D5E26DD1E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-15] (AVAST Software)
Task: {2324D9FD-C516-4CB8-AF05-841687226A0C} - System32\Tasks\{0EB180DA-08DD-4FDC-9A98-FFF2055ABB73} => pcalua.exe -a "D:\Hry\MotoGP PC Demo Install\setup.exe" -d "D:\Hry\MotoGP PC Demo Install"
Task: {2FC1F7D4-4EB3-46BA-B0DC-5C2C932E6D3C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {46A9CF27-EAE7-4917-9325-2DCE33CC8880} - System32\Tasks\{2F2F6548-7A8E-4CBB-986C-8EEC3F61C64C} => pcalua.exe -a F:\setup.exe -d F:\
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {687EF2F5-32AC-4121-8C3E-1360F4EC8959} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-02] (Adobe Systems Incorporated)
Task: {8C312D97-C4DE-419B-AF3D-5E595B27B55D} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
Task: {A2F4C6DF-C2EE-45D8-B107-D80C3202C2E2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-20] (AVAST Software)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {E0B4AF93-8A62-4335-9EA6-6AEDC64ED154} - System32\Tasks\{2443DEC0-AC5C-4432-A176-AEDDA687EDFB} => pcalua.exe -a G:\Crack\Cestina\CZ_100.exe -d G:\Crack\Cestina
Task: {F7DB539A-5812-4A34-BC94-C37E403D8620} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2014-10-02 12:40 - 2013-01-31 10:25 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-12-08 20:25 - 2015-12-08 20:25 - 00047616 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2015-07-20 19:18 - 2015-07-20 19:18 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-20 19:18 - 2015-07-20 19:18 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-01-02 20:14 - 2016-01-02 20:14 - 02808832 _____ () C:\Program Files\AVAST Software\Avast\defs\16010201\algo.dll
2016-01-03 14:47 - 2016-01-03 14:47 - 02808832 _____ () C:\Program Files\AVAST Software\Avast\defs\16010300\algo.dll
2015-07-20 19:18 - 2015-07-20 19:18 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2016-01-02 17:43 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-592749292-2958473000-3406679687-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 83.240.0.214 - 83.240.0.135
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
==================== Restore Points =========================
03-01-2016 11:20:03 ComboFix created restore point
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/03/2016 03:17:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program IEXPLORE.EXE verze 11.0.9600.17420 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.
ID procesu: c8c
Čas spuštění: 01d1463151ca6e97
Čas ukončení: 44
Cesta k aplikaci: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
ID hlášení:
Error: (01/03/2016 11:02:19 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program IEXPLORE.EXE verze 11.0.9600.17420 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.
ID procesu: a6c
Čas spuštění: 01d1460d6c0f8b5f
Čas ukončení: 92
Cesta k aplikaci: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
ID hlášení:
Error: (01/02/2016 05:12:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program IEXPLORE.EXE verze 11.0.9600.17420 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.
ID procesu: 748
Čas spuštění: 01d14578323b98fa
Čas ukončení: 10
Cesta k aplikaci: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
ID hlášení:
Error: (01/02/2016 04:52:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program IEXPLORE.EXE verze 11.0.9600.17420 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.
ID procesu: b5c
Čas spuštění: 01d14574195469a2
Čas ukončení: 30
Cesta k aplikaci: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
ID hlášení:
Error: (01/02/2016 12:39:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program IEXPLORE.EXE verze 11.0.9600.17420 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.
ID procesu: 3d0
Čas spuštění: 01d1454f5c12d987
Čas ukončení: 62
Cesta k aplikaci: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
ID hlášení:
Error: (01/02/2016 12:13:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program IEXPLORE.EXE verze 11.0.9600.17420 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.
ID procesu: e0c
Čas spuštění: 01d1454df5f7ef55
Čas ukončení: 40
Cesta k aplikaci: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
ID hlášení:
Error: (01/02/2016 12:12:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program IEXPLORE.EXE verze 11.0.9600.17420 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.
ID procesu: 944
Čas spuštění: 01d1454e4acfaf7a
Čas ukončení: 152
Cesta k aplikaci: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
ID hlášení:
Error: (01/02/2016 12:11:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program IEXPLORE.EXE verze 11.0.9600.17420 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.
ID procesu: 5fc
Čas spuštění: 01d1454e1d126189
Čas ukončení: 20
Cesta k aplikaci: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
ID hlášení:
Error: (01/02/2016 12:09:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program IEXPLORE.EXE verze 11.0.9600.17420 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.
ID procesu: cc0
Čas spuštění: 01d1454e07b8d591
Čas ukončení: 40
Cesta k aplikaci: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
ID hlášení:
Error: (01/02/2016 11:19:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program IEXPLORE.EXE verze 11.0.9600.17420 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.
ID procesu: 888
Čas spuštění: 01d1453dc8d2b559
Čas ukončení: 90
Cesta k aplikaci: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
ID hlášení:
System errors:
=============
Error: (01/02/2016 05:42:16 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.
Error: (01/02/2016 05:41:39 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Načtení \??\C:\ComboFix\catchme.sys bylo zablokováno kvůli nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru
o kompatibilní verzi ovladače.
Error: (01/02/2016 05:41:39 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Načtení \??\C:\ComboFix\catchme.sys bylo zablokováno kvůli nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru
o kompatibilní verzi ovladače.
Error: (01/02/2016 05:39:47 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.
Error: (01/02/2016 05:36:38 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Načtení \??\C:\ComboFix\catchme.sys bylo zablokováno kvůli nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru
o kompatibilní verzi ovladače.
Error: (01/01/2016 01:03:37 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.
Error: (01/01/2016 01:00:38 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.
Error: (12/31/2015 07:39:56 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (12/31/2015 06:28:57 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.
Error: (12/31/2015 06:28:45 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.
CodeIntegrity:
===================================
Date: 2016-01-02 17:41:39.376
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-01-02 17:41:39.314
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-01-02 17:41:39.236
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-01-02 17:41:39.173
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-01-02 17:36:38.545
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-01-02 17:36:38.483
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-12-04 19:56:39.065
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\TrueSight.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-12-04 19:56:38.987
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\TrueSight.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-12-01 21:35:23.231
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\TrueSight.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-12-01 21:35:23.153
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\TrueSight.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz
Percentage of memory in use: 44%
Total physical RAM: 2047.18 MB
Available physical RAM: 1129.51 MB
Total Virtual: 4094.36 MB
Available Virtual: 2810.98 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:74.43 GB) (Free:36.28 GB) NTFS
Drive d: (Nový svazek) (Fixed) (Total:74.53 GB) (Free:69.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or
(Size: 74.5 GB) (Disk ID: 39BF8117)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74.4 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or (Size: 74.5 GB) (Disk ID: 76588A6E)
Partition 1: (Not Active) - (Size=74.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Ran by User (administrator) on PC (03-01-2016 15:48:37)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_20_0_0_270_ActiveX.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6108752 2015-11-10] (AVAST Software)
HKU\S-1-5-21-592749292-2958473000-3406679687-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-20] (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 83.240.0.214 83.240.0.135
Tcpip\..\Interfaces\{F7F7FC0D-DCD4-4545-B5EB-3EF1982938D7}: [DhcpNameServer] 83.240.0.214 83.240.0.135
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-592749292-2958473000-3406679687-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-592749292-2958473000-3406679687-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-592749292-2958473000-3406679687-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://seznam.cz/
SearchScopes: HKU\S-1-5-21-592749292-2958473000-3406679687-1003 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-20] (AVAST Software)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-16] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-20] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-16] (Oracle Corporation)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-29] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-592749292-2958473000-3406679687-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-10]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-07-20]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-20]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-20] (AVAST Software)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-10-02] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-20] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-20] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-20] (AVAST Software)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2015-09-26] ()
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-09-18] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2015-09-26] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [36608 2015-12-04] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-03 15:48 - 2016-01-03 15:49 - 00008545 _____ C:\Users\User\Desktop\FRST.txt
2016-01-03 15:48 - 2016-01-03 15:48 - 00000000 ____D C:\FRST
2016-01-03 15:46 - 2016-01-03 15:46 - 02370560 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2016-01-03 11:28 - 2016-01-03 11:28 - 00095488 _____ C:\Users\User\Documents\cc_20160103_112812.reg
2016-01-03 11:23 - 2016-01-03 11:23 - 00002776 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-01-03 11:23 - 2016-01-03 11:23 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-01-03 11:23 - 2016-01-03 11:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-01-03 11:23 - 2016-01-03 11:23 - 00000000 ____D C:\Program Files\CCleaner
2016-01-03 11:20 - 2016-01-03 11:20 - 06805328 _____ (Piriform Ltd) C:\Users\User\Downloads\ccsetup513.exe
2016-01-03 10:52 - 2016-01-03 10:52 - 00165376 _____ C:\Users\User\Desktop\SystemLook_x64.exe
2016-01-02 17:47 - 2016-01-02 17:47 - 00009713 _____ C:\ComboFix.txt
2015-12-31 18:18 - 2016-01-03 11:19 - 00000000 ____D C:\Windows\erdnt
2015-12-31 18:17 - 2015-12-31 18:17 - 05200384 _____ (AVAST Software) C:\Users\User\Desktop\aswmbr.exe
2015-12-29 16:35 - 2015-12-29 16:35 - 00000702 _____ C:\Users\User\Desktop\Launch Painkiller!.lnk
2015-12-29 16:35 - 2015-12-29 16:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DreamCatcher
2015-12-29 16:35 - 2003-03-16 00:15 - 00090112 _____ (MindVision Software) C:\Windows\unvise32.exe
2015-12-27 16:40 - 2016-01-03 11:27 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2015-12-27 13:15 - 2015-12-27 13:16 - 189895320 _____ C:\Users\User\Downloads\painkiller_1.0.zip
2015-12-27 11:35 - 2015-12-27 11:35 - 00000000 ____D C:\Users\User\Downloads\Teorie-velkého-třesku-S03.E1-24.CZ
2015-12-26 21:42 - 2015-12-26 21:42 - 00437248 _____ C:\Windows\HappyPlay.exe
2015-12-26 21:42 - 2015-12-26 21:42 - 00039424 _____ (COIN) C:\Windows\DarkMiner.exe
2015-12-26 20:00 - 2015-12-26 20:00 - 00000000 ____D C:\Users\User\AppData\Local\GHISLER
2015-12-26 17:24 - 2015-12-26 19:33 - 2309068078 _____ C:\Users\User\Downloads\Painkiller-(PC-Game-2004).rar
2015-12-24 14:54 - 2015-12-24 14:54 - 00000000 ____D C:\Users\User\Downloads\Teorie-velkého-třesku-S05.E1-24.CZ
2015-12-24 12:21 - 2015-12-24 12:21 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2015-12-04 20:46 - 2015-12-04 20:29 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-12-04 20:29 - 2015-12-04 20:43 - 00000000 ____D C:\zoek_backup
2015-12-04 20:26 - 2015-12-04 20:26 - 01309184 _____ C:\Users\User\Desktop\zoek.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-03 15:48 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2016-01-03 15:34 - 2014-11-20 14:28 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-03 12:08 - 2015-01-10 15:34 - 00000000 ____D C:\Users\User\Desktop\Výkazy
2016-01-03 11:27 - 2015-11-18 20:41 - 00000000 ____D C:\Users\User\AppData\Roaming\MPC-HC
2016-01-03 11:27 - 2015-09-18 14:24 - 00000000 ____D C:\Users\User\AppData\Roaming\DAEMON Tools Lite
2016-01-03 11:27 - 2014-10-07 10:04 - 00000000 ____D C:\Windows\Panther
2016-01-03 11:27 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-01-03 11:14 - 2015-09-25 13:00 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-01-03 10:53 - 2009-07-14 05:45 - 00025152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-03 10:53 - 2009-07-14 05:45 - 00025152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-03 10:46 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-02 20:14 - 2014-12-10 18:47 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-01-02 17:44 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2016-01-02 14:34 - 2014-11-20 14:28 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-02 14:34 - 2014-11-20 14:28 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-02 14:34 - 2014-11-20 14:28 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-01 12:52 - 2014-10-02 14:03 - 00001912 _____ C:\Windows\epplauncher.mif
2015-12-26 11:25 - 2014-10-02 09:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-26 11:25 - 2014-10-02 09:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-26 11:22 - 2014-10-02 09:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-12 19:31 - 2015-11-29 20:16 - 00000884 _____ C:\Users\User\Desktop\Temp File Cleaner.lnk
2015-12-12 19:31 - 2015-11-18 20:40 - 00001746 _____ C:\Users\User\Desktop\MPC-HC x64.lnk
2015-12-09 04:39 - 2014-10-02 12:29 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-06 14:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2015-12-04 19:56 - 2015-12-01 21:35 - 00036608 _____ C:\Windows\system32\Drivers\TrueSight.sys
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-12-30 14:24
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-12-2015
Ran by User (2016-01-03 15:49:20)
Running from C:\Users\User\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-10-07 08:15:06)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-592749292-2958473000-3406679687-500 - Administrator - Disabled)
Guest (S-1-5-21-592749292-2958473000-3406679687-501 - Limited - Disabled)
User (S-1-5-21-592749292-2958473000-3406679687-1003 - Administrator - Enabled) => C:\Users\User
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2223 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Hattrick Organizer (remove only) (HKLM-x32\...\Hattrick Organizer) (Version: - )
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Malwarebytes Anti-Malware verze 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110405-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MPC-HC 1.7.8 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.8 - MPC-HC Team)
NVIDIA Ovladače grafiky 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{C560D6E7-E40A-435D-8B71-62CBCF1701B2}) (Version: 4.11.9775 - Apache Software Foundation)
Ovládací panel NVIDIA 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden
Painkiller SP Demo 3 (HKLM-x32\...\Painkiller SP Demo 3) (Version: - )
Sada Compatibility Pack pro systém Office 2007 (HKLM-x32\...\{90120000-0020-0405-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Temp File Cleaner (HKLM\...\Temp File Cleaner) (Version: 4.4.0 - Addpcs, LLC)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 8.51 - Ghisler Software GmbH)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {07395450-E289-48E8-8530-8A3D5E26DD1E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-15] (AVAST Software)
Task: {2324D9FD-C516-4CB8-AF05-841687226A0C} - System32\Tasks\{0EB180DA-08DD-4FDC-9A98-FFF2055ABB73} => pcalua.exe -a "D:\Hry\MotoGP PC Demo Install\setup.exe" -d "D:\Hry\MotoGP PC Demo Install"
Task: {2FC1F7D4-4EB3-46BA-B0DC-5C2C932E6D3C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {46A9CF27-EAE7-4917-9325-2DCE33CC8880} - System32\Tasks\{2F2F6548-7A8E-4CBB-986C-8EEC3F61C64C} => pcalua.exe -a F:\setup.exe -d F:\
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {687EF2F5-32AC-4121-8C3E-1360F4EC8959} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-02] (Adobe Systems Incorporated)
Task: {8C312D97-C4DE-419B-AF3D-5E595B27B55D} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
Task: {A2F4C6DF-C2EE-45D8-B107-D80C3202C2E2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-20] (AVAST Software)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {E0B4AF93-8A62-4335-9EA6-6AEDC64ED154} - System32\Tasks\{2443DEC0-AC5C-4432-A176-AEDDA687EDFB} => pcalua.exe -a G:\Crack\Cestina\CZ_100.exe -d G:\Crack\Cestina
Task: {F7DB539A-5812-4A34-BC94-C37E403D8620} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2014-10-02 12:40 - 2013-01-31 10:25 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-12-08 20:25 - 2015-12-08 20:25 - 00047616 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2015-07-20 19:18 - 2015-07-20 19:18 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-20 19:18 - 2015-07-20 19:18 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-01-02 20:14 - 2016-01-02 20:14 - 02808832 _____ () C:\Program Files\AVAST Software\Avast\defs\16010201\algo.dll
2016-01-03 14:47 - 2016-01-03 14:47 - 02808832 _____ () C:\Program Files\AVAST Software\Avast\defs\16010300\algo.dll
2015-07-20 19:18 - 2015-07-20 19:18 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2016-01-02 17:43 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-592749292-2958473000-3406679687-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 83.240.0.214 - 83.240.0.135
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
==================== Restore Points =========================
03-01-2016 11:20:03 ComboFix created restore point
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/03/2016 03:17:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program IEXPLORE.EXE verze 11.0.9600.17420 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.
ID procesu: c8c
Čas spuštění: 01d1463151ca6e97
Čas ukončení: 44
Cesta k aplikaci: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
ID hlášení:
Error: (01/03/2016 11:02:19 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program IEXPLORE.EXE verze 11.0.9600.17420 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.
ID procesu: a6c
Čas spuštění: 01d1460d6c0f8b5f
Čas ukončení: 92
Cesta k aplikaci: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
ID hlášení:
Error: (01/02/2016 05:12:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program IEXPLORE.EXE verze 11.0.9600.17420 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.
ID procesu: 748
Čas spuštění: 01d14578323b98fa
Čas ukončení: 10
Cesta k aplikaci: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
ID hlášení:
Error: (01/02/2016 04:52:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program IEXPLORE.EXE verze 11.0.9600.17420 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.
ID procesu: b5c
Čas spuštění: 01d14574195469a2
Čas ukončení: 30
Cesta k aplikaci: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
ID hlášení:
Error: (01/02/2016 12:39:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program IEXPLORE.EXE verze 11.0.9600.17420 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.
ID procesu: 3d0
Čas spuštění: 01d1454f5c12d987
Čas ukončení: 62
Cesta k aplikaci: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
ID hlášení:
Error: (01/02/2016 12:13:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program IEXPLORE.EXE verze 11.0.9600.17420 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.
ID procesu: e0c
Čas spuštění: 01d1454df5f7ef55
Čas ukončení: 40
Cesta k aplikaci: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
ID hlášení:
Error: (01/02/2016 12:12:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program IEXPLORE.EXE verze 11.0.9600.17420 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.
ID procesu: 944
Čas spuštění: 01d1454e4acfaf7a
Čas ukončení: 152
Cesta k aplikaci: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
ID hlášení:
Error: (01/02/2016 12:11:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program IEXPLORE.EXE verze 11.0.9600.17420 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.
ID procesu: 5fc
Čas spuštění: 01d1454e1d126189
Čas ukončení: 20
Cesta k aplikaci: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
ID hlášení:
Error: (01/02/2016 12:09:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program IEXPLORE.EXE verze 11.0.9600.17420 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.
ID procesu: cc0
Čas spuštění: 01d1454e07b8d591
Čas ukončení: 40
Cesta k aplikaci: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
ID hlášení:
Error: (01/02/2016 11:19:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program IEXPLORE.EXE verze 11.0.9600.17420 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.
ID procesu: 888
Čas spuštění: 01d1453dc8d2b559
Čas ukončení: 90
Cesta k aplikaci: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
ID hlášení:
System errors:
=============
Error: (01/02/2016 05:42:16 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.
Error: (01/02/2016 05:41:39 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Načtení \??\C:\ComboFix\catchme.sys bylo zablokováno kvůli nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru
o kompatibilní verzi ovladače.
Error: (01/02/2016 05:41:39 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Načtení \??\C:\ComboFix\catchme.sys bylo zablokováno kvůli nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru
o kompatibilní verzi ovladače.
Error: (01/02/2016 05:39:47 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.
Error: (01/02/2016 05:36:38 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Načtení \??\C:\ComboFix\catchme.sys bylo zablokováno kvůli nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru
o kompatibilní verzi ovladače.
Error: (01/01/2016 01:03:37 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.
Error: (01/01/2016 01:00:38 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.
Error: (12/31/2015 07:39:56 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (12/31/2015 06:28:57 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.
Error: (12/31/2015 06:28:45 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.
CodeIntegrity:
===================================
Date: 2016-01-02 17:41:39.376
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-01-02 17:41:39.314
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-01-02 17:41:39.236
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-01-02 17:41:39.173
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-01-02 17:36:38.545
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-01-02 17:36:38.483
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-12-04 19:56:39.065
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\TrueSight.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-12-04 19:56:38.987
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\TrueSight.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-12-01 21:35:23.231
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\TrueSight.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-12-01 21:35:23.153
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\TrueSight.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz
Percentage of memory in use: 44%
Total physical RAM: 2047.18 MB
Available physical RAM: 1129.51 MB
Total Virtual: 4094.36 MB
Available Virtual: 2810.98 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:74.43 GB) (Free:36.28 GB) NTFS
Drive d: (Nový svazek) (Fixed) (Total:74.53 GB) (Free:69.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or
(Size: 74.5 GB) (Disk ID: 39BF8117)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74.4 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or
(Size: 74.5 GB) (Disk ID: 76588A6E)Partition 1: (Not Active) - (Size=74.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
-
jerabina
- člen Security týmu
-
Level 6
- Příspěvky: 3647
- Registrován: březen 13
- Bydliště: Litoměřice
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu
Vypni trvale Windows Defender
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému.
Toto otestuj na Virustotal
C:\Windows\System32\DRIVERS\lirsgt.sys
G:\Crack\Cestina\CZ_100.exe
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.
(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).
Ulož jej na na plochu jako fixlist.txt
Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému.
Toto otestuj na Virustotal
C:\Windows\System32\DRIVERS\lirsgt.sys
G:\Crack\Cestina\CZ_100.exe
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.
Kód: Vybrat vše
Start
CloseProcesses:
HKU\S-1-5-21-592749292-2958473000-3406679687-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-592749292-2958473000-3406679687-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\S-1-5-21-592749292-2958473000-3406679687-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\ComboFix\catchme.sys
Task: {2324D9FD-C516-4CB8-AF05-841687226A0C} - System32\Tasks\{0EB180DA-08DD-4FDC-9A98-FFF2055ABB73} => pcalua.exe -a "D:\Hry\MotoGP PC Demo Install\setup.exe" -d "D:\Hry\MotoGP PC Demo Install"
Task: {2FC1F7D4-4EB3-46BA-B0DC-5C2C932E6D3C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {46A9CF27-EAE7-4917-9325-2DCE33CC8880} - System32\Tasks\{2F2F6548-7A8E-4CBB-986C-8EEC3F61C64C} => pcalua.exe -a F:\setup.exe -d F:\
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {687EF2F5-32AC-4121-8C3E-1360F4EC8959} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-02] (Adobe Systems Incorporated)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {E0B4AF93-8A62-4335-9EA6-6AEDC64ED154} - System32\Tasks\{2443DEC0-AC5C-4432-A176-AEDDA687EDFB} => pcalua.exe -a G:\Crack\Cestina\CZ_100.exe -d G:\Crack\Cestina
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\DarkMiner.exe
C:\Windows\Prefetch\DARKMINER.EXE
C:\Windows\HappyPlay.exe
G:\Crack\Cestina\CZ_100.exe
EmptyTemp:
End(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).
Ulož jej na na plochu jako fixlist.txt
Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
Re: Kontrola logu
Defender je vypnut, ale
C:\Windows\System32\DRIVERS\lirsgt.sys
G:\Crack\Cestina\CZ_100.exe
na Virustotalu neprojedu. Prostě jsem je nenašel. Navíc Géčko v kompu ani nemám. Měl jsem staženou nějakou hru, otevřel jsem ji přes DaemonTools, ale nejela mi, tak jsem to odinstaloval. Nevím proč to ukzuje, kdy už to aniv tom Daemonu nemám. A ani to C:\Windows\System32\DRIVERS\lirsgt.sys jsem nenašel.
C:\Windows\System32\DRIVERS\lirsgt.sys
G:\Crack\Cestina\CZ_100.exe
na Virustotalu neprojedu. Prostě jsem je nenašel. Navíc Géčko v kompu ani nemám. Měl jsem staženou nějakou hru, otevřel jsem ji přes DaemonTools, ale nejela mi, tak jsem to odinstaloval. Nevím proč to ukzuje, kdy už to aniv tom Daemonu nemám. A ani to C:\Windows\System32\DRIVERS\lirsgt.sys jsem nenašel.
-
jerabina
- člen Security týmu
-
Level 6
- Příspěvky: 3647
- Registrován: březen 13
- Bydliště: Litoměřice
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu
Dobře, pokračuj tedy tím skriptem.
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
Re: Kontrola logu
Fix result of Farbar Recovery Scan Tool (x64) Version:31-12-2015
Ran by User (2016-01-03 19:51:09) Run:1
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKU\S-1-5-21-592749292-2958473000-3406679687-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-592749292-2958473000-3406679687-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\S-1-5-21-592749292-2958473000-3406679687-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\ComboFix\catchme.sys
Task: {2324D9FD-C516-4CB8-AF05-841687226A0C} - System32\Tasks\{0EB180DA-08DD-4FDC-9A98-FFF2055ABB73} => pcalua.exe -a "D:\Hry\MotoGP PC Demo Install\setup.exe" -d "D:\Hry\MotoGP PC Demo Install"
Task: {2FC1F7D4-4EB3-46BA-B0DC-5C2C932E6D3C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {46A9CF27-EAE7-4917-9325-2DCE33CC8880} - System32\Tasks\{2F2F6548-7A8E-4CBB-986C-8EEC3F61C64C} => pcalua.exe -a F:\setup.exe -d F:\
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {687EF2F5-32AC-4121-8C3E-1360F4EC8959} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-02] (Adobe Systems Incorporated)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {E0B4AF93-8A62-4335-9EA6-6AEDC64ED154} - System32\Tasks\{2443DEC0-AC5C-4432-A176-AEDDA687EDFB} => pcalua.exe -a G:\Crack\Cestina\CZ_100.exe -d G:\Crack\Cestina
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\DarkMiner.exe
C:\Windows\Prefetch\DARKMINER.EXE
C:\Windows\HappyPlay.exe
G:\Crack\Cestina\CZ_100.exe
EmptyTemp:
End
*****************
Processes closed successfully.
HKU\S-1-5-21-592749292-2958473000-3406679687-1003\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-592749292-2958473000-3406679687-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKU\S-1-5-21-592749292-2958473000-3406679687-1003\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0" => key removed successfully
C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll => not found.
catchme => service removed successfully
"C:\ComboFix\catchme.sys" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2324D9FD-C516-4CB8-AF05-841687226A0C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2324D9FD-C516-4CB8-AF05-841687226A0C}" => key removed successfully
C:\Windows\System32\Tasks\{0EB180DA-08DD-4FDC-9A98-FFF2055ABB73} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0EB180DA-08DD-4FDC-9A98-FFF2055ABB73}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2FC1F7D4-4EB3-46BA-B0DC-5C2C932E6D3C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FC1F7D4-4EB3-46BA-B0DC-5C2C932E6D3C}" => key removed successfully
C:\Windows\System32\Tasks\Adobe Acrobat Update Task => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{46A9CF27-EAE7-4917-9325-2DCE33CC8880}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46A9CF27-EAE7-4917-9325-2DCE33CC8880}" => key removed successfully
C:\Windows\System32\Tasks\{2F2F6548-7A8E-4CBB-986C-8EEC3F61C64C} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2F2F6548-7A8E-4CBB-986C-8EEC3F61C64C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A40E926-9E86-4B89-9CFD-B12311724371}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A40E926-9E86-4B89-9CFD-B12311724371}" => key removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UPnP\UPnPHostConfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{687EF2F5-32AC-4121-8C3E-1360F4EC8959}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{687EF2F5-32AC-4121-8C3E-1360F4EC8959}" => key removed successfully
C:\Windows\System32\Tasks\Adobe Flash Player Updater => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD9F510C-95F4-499A-90C8-BAC5BC372FF4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD9F510C-95F4-499A-90C8-BAC5BC372FF4}" => key removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0B4AF93-8A62-4335-9EA6-6AEDC64ED154}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0B4AF93-8A62-4335-9EA6-6AEDC64ED154}" => key removed successfully
C:\Windows\System32\Tasks\{2443DEC0-AC5C-4432-A176-AEDDA687EDFB} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2443DEC0-AC5C-4432-A176-AEDDA687EDFB}" => key removed successfully
C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully
C:\Windows\DarkMiner.exe => moved successfully
"C:\Windows\Prefetch\DARKMINER.EXE" => not found.
C:\Windows\HappyPlay.exe => moved successfully
"G:\Crack\Cestina\CZ_100.exe" => not found.
EmptyTemp: => 223.2 MB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 19:51:19 ====
Ran by User (2016-01-03 19:51:09) Run:1
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKU\S-1-5-21-592749292-2958473000-3406679687-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-592749292-2958473000-3406679687-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\S-1-5-21-592749292-2958473000-3406679687-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\ComboFix\catchme.sys
Task: {2324D9FD-C516-4CB8-AF05-841687226A0C} - System32\Tasks\{0EB180DA-08DD-4FDC-9A98-FFF2055ABB73} => pcalua.exe -a "D:\Hry\MotoGP PC Demo Install\setup.exe" -d "D:\Hry\MotoGP PC Demo Install"
Task: {2FC1F7D4-4EB3-46BA-B0DC-5C2C932E6D3C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {46A9CF27-EAE7-4917-9325-2DCE33CC8880} - System32\Tasks\{2F2F6548-7A8E-4CBB-986C-8EEC3F61C64C} => pcalua.exe -a F:\setup.exe -d F:\
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {687EF2F5-32AC-4121-8C3E-1360F4EC8959} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-02] (Adobe Systems Incorporated)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {E0B4AF93-8A62-4335-9EA6-6AEDC64ED154} - System32\Tasks\{2443DEC0-AC5C-4432-A176-AEDDA687EDFB} => pcalua.exe -a G:\Crack\Cestina\CZ_100.exe -d G:\Crack\Cestina
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\DarkMiner.exe
C:\Windows\Prefetch\DARKMINER.EXE
C:\Windows\HappyPlay.exe
G:\Crack\Cestina\CZ_100.exe
EmptyTemp:
End
*****************
Processes closed successfully.
HKU\S-1-5-21-592749292-2958473000-3406679687-1003\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-592749292-2958473000-3406679687-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKU\S-1-5-21-592749292-2958473000-3406679687-1003\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0" => key removed successfully
C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll => not found.
catchme => service removed successfully
"C:\ComboFix\catchme.sys" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2324D9FD-C516-4CB8-AF05-841687226A0C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2324D9FD-C516-4CB8-AF05-841687226A0C}" => key removed successfully
C:\Windows\System32\Tasks\{0EB180DA-08DD-4FDC-9A98-FFF2055ABB73} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0EB180DA-08DD-4FDC-9A98-FFF2055ABB73}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2FC1F7D4-4EB3-46BA-B0DC-5C2C932E6D3C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FC1F7D4-4EB3-46BA-B0DC-5C2C932E6D3C}" => key removed successfully
C:\Windows\System32\Tasks\Adobe Acrobat Update Task => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{46A9CF27-EAE7-4917-9325-2DCE33CC8880}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46A9CF27-EAE7-4917-9325-2DCE33CC8880}" => key removed successfully
C:\Windows\System32\Tasks\{2F2F6548-7A8E-4CBB-986C-8EEC3F61C64C} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2F2F6548-7A8E-4CBB-986C-8EEC3F61C64C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A40E926-9E86-4B89-9CFD-B12311724371}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A40E926-9E86-4B89-9CFD-B12311724371}" => key removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UPnP\UPnPHostConfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{687EF2F5-32AC-4121-8C3E-1360F4EC8959}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{687EF2F5-32AC-4121-8C3E-1360F4EC8959}" => key removed successfully
C:\Windows\System32\Tasks\Adobe Flash Player Updater => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD9F510C-95F4-499A-90C8-BAC5BC372FF4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD9F510C-95F4-499A-90C8-BAC5BC372FF4}" => key removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0B4AF93-8A62-4335-9EA6-6AEDC64ED154}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0B4AF93-8A62-4335-9EA6-6AEDC64ED154}" => key removed successfully
C:\Windows\System32\Tasks\{2443DEC0-AC5C-4432-A176-AEDDA687EDFB} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2443DEC0-AC5C-4432-A176-AEDDA687EDFB}" => key removed successfully
C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully
C:\Windows\DarkMiner.exe => moved successfully
"C:\Windows\Prefetch\DARKMINER.EXE" => not found.
C:\Windows\HappyPlay.exe => moved successfully
"G:\Crack\Cestina\CZ_100.exe" => not found.
EmptyTemp: => 223.2 MB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 19:51:19 ====
-
jerabina
- člen Security týmu
-
Level 6
- Příspěvky: 3647
- Registrován: březen 13
- Bydliště: Litoměřice
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu
Co problémy?
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
Re: Kontrola logu
Zatím pohoda. Teď mě zrovna nic netrklo, co by bylo třeba opravit. Ještě včera mi vybíhala okýnka z Avastu o nějakým DARKMINER ale ted už to nedělá. Zkusím na tom zase chvíli pracovat a když to bude ok, tak to za dva dny označím jako vyřešený. Díky
-
jerabina
- člen Security týmu
-
Level 6
- Příspěvky: 3647
- Registrován: březen 13
- Bydliště: Litoměřice
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu
DARKMINER jsem dnes odstranil 
Jinak jestli nebudou problémy tak:
Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/
ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore) .
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci.
Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem. Jinak je zpráva zde:
v C: \ DelFix.txt
A můžeš to označit za vyřešené fajfkou.
Jinak jestli nebudou problémy tak:
Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/
ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore) .
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci.
Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem. Jinak je zpráva zde:
v C: \ DelFix.txt
A můžeš to označit za vyřešené fajfkou.
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 5 hostů