Kontrola logu (podezření na keylogger)

[Impra]

a můžu se zeptat, proč všecko tohle dělám? Nějak se v tom ztrácím

[Reklama]

[jerabina]

Protože tam máš hromadu bordelu a virů?

[Impra]

A šlo z toho nějak vyčíst zda-li je tam ten keylogger nebo není? Jinak budu pokračovat zítra celkem se mi to líbí, PC se začíná zase nějak zrychlovat

[jerabina]

Ani se nedivím, že zase začíná být svižné
Akorát tam pořád ještě toho hromada zůstává.

Jestli tam je nějaký keylogger tak to zjistíme lépe v logu ComboFixu, ale nějaké možné náznaky tam jsou.

[Impra]

Mě právě včera ukradl nějakej rusák učet na originu. Tak jsem si řekl, že musím nějak zjistit zda-li tam nemám nějakej keylogger. A potom začnu řešit s EA ten hacknutej ACC. A ten keylogger funguje, tak že zaznamenává všecky hesla? Že mě přijde divny, že by vzali jen origin.

[jerabina]

Jak který, může zaznamenávat také všechny stisky kláves. Každopádně si nejsem jistý, jestli tam doopravdy je. Musím se na to podívat hlouběji až budu mít více času, ty ale zatím dodej zbytek logů, to nám také může pomoct s odhalením

[Impra]

Jojo jasný, zítra budu pokračovat. Tedkom uz si jdu lehnout :) Diky za pomoc, dobrou

[jaro3]

OK.

[Impra]

http://leteckaposta.cz/272880777 log z rougekilleru.

[jaro3]

-pokud bude mít log více než 60.000 znaků , rozděl ho a vlož do více příspěvků

[Impra]

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by FILIP on p  12.02.2016 at 15:52:46,45.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\FILIP\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

12.2.2016 15:54:51 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\GRETECH deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\COMMON~1\SWF Studio deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\Program Files\Google deleted successfully
C:\Program Files\MAXON deleted successfully
C:\Program Files\Paint.NET deleted successfully
C:\PROGRA~3\LangSoft deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted successfully
C:\Users\FILIP\AppData\Roaming\fltk.org deleted successfully
C:\Users\FILIP\AppData\Roaming\LangSoft deleted successfully
C:\Users\FILIP\AppData\Roaming\Pamela deleted successfully
C:\Users\FILIP\AppData\Roaming\Publish Providers deleted successfully
C:\Users\FILIP\AppData\Roaming\saves deleted successfully
C:\Users\FILIP\AppData\Roaming\versions deleted successfully
C:\Users\Linux\AppData\Roaming\DAEMON Tools Lite deleted successfully
C:\Users\mamka\AppData\Roaming\Google deleted successfully
C:\Windows\serviceprofiles\Localservice\AppData\Roaming\Xfire deleted successfully
C:\Users\FILIP\AppData\Local\GHISLER deleted successfully
C:\Users\FILIP\AppData\Local\PokerStars deleted successfully
C:\Users\FILIP\AppData\Local\Skype deleted successfully
C:\Users\FILIP\AppData\Local\WMTools Downloaded Files deleted successfully
C:\Users\Guest\AppData\Local\VirtualStore deleted successfully
C:\Users\Guest.FILIP-PC\AppData\Local\VirtualStore deleted successfully
C:\Users\Linux\AppData\Local\NokiaAccount deleted successfully
C:\Users\Linux\AppData\Local\{FCEC8E88-BBB9-46A3-964E-FD6A3B9DEBE7} deleted successfully
C:\Users\mamka\AppData\Local\{8B89D365-6910-4B27-8839-1BD2E9A6AD87} deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1017595815-1696786224-2602232475-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully
HKEY_USERS\S-1-5-21-1017595815-1696786224-2602232475-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully
HKEY_USERS\S-1-5-21-1017595815-1696786224-2602232475-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-1017595815-1696786224-2602232475-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-1017595815-1696786224-2602232475-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82A76710-4F98-4957-92BE-99648A4E2475} deleted successfully
HKEY_USERS\S-1-5-21-1017595815-1696786224-2602232475-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82A76710-4F98-4957-92BE-99648A4E2475} deleted successfully
HKEY_USERS\S-1-5-21-1017595815-1696786224-2602232475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4E39681-15F8-4fda-B8A3-B5C98378F2F3} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1017595815-1696786224-2602232475-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully
HKEY_USERS\S-1-5-21-1017595815-1696786224-2602232475-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-1017595815-1696786224-2602232475-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{BFF6B2CA-366C-4A90-B685-D87776DEB0D2} deleted successfully
HKEY_USERS\S-1-5-21-1017595815-1696786224-2602232475-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} deleted successfully
HKEY_USERS\S-1-5-21-1017595815-1696786224-2602232475-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95} deleted successfully
HKEY_USERS\S-1-5-21-1017595815-1696786224-2602232475-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{82A76710-4F98-4957-92BE-99648A4E2475} deleted successfully
HKEY_USERS\S-1-5-21-1017595815-1696786224-2602232475-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WtuSystemSupport deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WtuSystemSupport deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\FILIP\AppData\Roaming\Mozilla\Firefox\Profiles\lqiggqkd.default-1353230452431\prefs.js:
user_pref("browser.search.defaultenginename", "Yahoo!");
user_pref("browser.search.selectedEngine", "Yahoo!");

Added to C:\Users\FILIP\AppData\Roaming\Mozilla\Firefox\Profiles\lqiggqkd.default-1353230452431\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\FILIP\AppData\Roaming\Mozilla\Firefox\Profiles\yv23j9g4.default-1356541827888\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.cz");
user_pref("browser.search.defaultenginename", "Yahoo!");
user_pref("browser.search.selectedEngine", "Yahoo!");
user_pref("keyword.url", "https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p=");

Added to C:\Users\FILIP\AppData\Roaming\Mozilla\Firefox\Profiles\yv23j9g4.default-1356541827888\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\FILIP\AppData\Roaming\Nvu\Profiles\hkq7wuue.default\prefs.js:

Added to C:\Users\FILIP\AppData\Roaming\Nvu\Profiles\hkq7wuue.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\GUEST~1.FIL\AppData\Roaming\Mozilla\Firefox\Profiles\7h21nn0a.default\prefs.js:
user_pref("browser.search.defaultenginename", "Ask.com");
user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.selectedEngine", "Ask.com");
user_pref("browser.search.order.1", "Ask.com");
user_pref("extensions.asktb.ff-original-keyword-url", "");

Added to C:\Users\GUEST~1.FIL\AppData\Roaming\Mozilla\Firefox\Profiles\7h21nn0a.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Linux\AppData\Roaming\Mozilla\Firefox\Profiles\x87uq7d1.default\prefs.js:
user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.defaultenginename", "Yahoo!");
user_pref("browser.search.selectedEngine", "Yahoo!");
user_pref("browser.search.order.1", "Ask.com");
user_pref("extensions.asktb.ff-original-keyword-url", "");

Added to C:\Users\Linux\AppData\Roaming\Mozilla\Firefox\Profiles\x87uq7d1.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\mamka\AppData\Roaming\Mozilla\Firefox\Profiles\66h8ul8p.default\prefs.js:
user_pref("browser.search.defaultenginename", "Yahoo!");
user_pref("browser.search.selectedEngine", "Yahoo!");

Added to C:\Users\mamka\AppData\Roaming\Mozilla\Firefox\Profiles\66h8ul8p.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\FILIP\AppData\Roaming\Mozilla\Firefox\Profiles\lqiggqkd.default-1353230452431

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_12.02.2016_1629_.backup

ProfilePath: C:\Users\FILIP\AppData\Roaming\Mozilla\Firefox\Profiles\yv23j9g4.default-1356541827888

user.js not found
---- Lines akamaihd.net removed from prefs.js ----
user_pref("coupons.url", "[\"http://i.spigtrmrjs.info/spigtr/javascript.js?hid=58&channel=FF\",\"http://savingsslider-a.akamaihd.net/loaders/1036/l.js
user_pref("coupons.urls", "[\"https://i_spigtrmrjs_info.tlscdn.com/spigtr/javascript.js?hid=58&channel=FF\",\"https://savingsslider-a.akamaihd.net/loa
---- FireFox user.js and prefs.js backups ----

prefs_12.02.2016_1629_.backup

ProfilePath: C:\Users\FILIP\AppData\Roaming\Nvu\Profiles\hkq7wuue.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_12.02.2016_1629_.backup

ProfilePath: C:\Users\GUEST~1.FIL\AppData\Roaming\Mozilla\Firefox\Profiles\7h21nn0a.default

user.js not found
---- Lines imesh modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}\":{\"descriptor\":\"C:\\\\
---- Lines asktb removed from prefs.js ----
user_pref("extensions.asktb.ff-original-keyword-url", "");
---- Lines 1FD91A9C-410C-4090-BBCC-55D3450EF433 modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}\":{\"descriptor\":\"C:\\\\
---- Lines {4B3803EA-5230-4DC3-A7FC-33638F3D3542} modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}\":{\"descriptor\":\"C:\\\\
---- FireFox user.js and prefs.js backups ----

prefs_12.02.2016_1629_.backup

ProfilePath: C:\Users\Linux\AppData\Roaming\Mozilla\Firefox\Profiles\x87uq7d1.default

user.js not found
---- Lines asktb removed from prefs.js ----
user_pref("extensions.asktb.ff-original-keyword-url", "");
---- Lines {4B3803EA-5230-4DC3-A7FC-33638F3D3542} removed from prefs.js ----
user_pref("extensions.xpiState", "{\"app-profile\":{\"{58d2a791-6199-482f-a9aa-9b725ec61362}\":{\"d\":\"C:\\\\Users\\\\Linux\\\\AppData\\\\Roaming\\\\
---- FireFox user.js and prefs.js backups ----

prefs_12.02.2016_1629_.backup

ProfilePath: C:\Users\mamka\AppData\Roaming\Mozilla\Firefox\Profiles\66h8ul8p.default

user.js not found
---- Lines {4B3803EA-5230-4DC3-A7FC-33638F3D3542} modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}\":{\"descriptor\":\"C:\\\\
---- Lines {BFF6B2CA-366C-4A90-B685-D87776DEB0D2} modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}\":{\"descriptor\":\"C:\\\\
---- FireFox user.js and prefs.js backups ----

prefs_12.02.2016_1629_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\AGEIA Technologies not found
C:\PROGRA~2\GRETECH not found
C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} not found
C:\Users\Linux\AppData\Roaming\Mozilla\Firefox\Profiles\x87uq7d1.default\extensions\{bff6b2ca-366c-4a90-b685-d87776deb0d2} not found
C:\Users\mamka\AppData\Roaming\Mozilla\Firefox\Profiles\66h8ul8p.default\extensions\{bff6b2ca-366c-4a90-b685-d87776deb0d2} not found
"C:\Windows\Installer\3c143.msi" not found
C:\PROGRA~2\Sizer deleted
C:\PROGRA~2\Spyware Terminator deleted
C:\Users\Linux\AppData\Local\Mozilla Firefox deleted
C:\Users\FILIP\AppData\Roaming\assets deleted
C:\Windows\syswow64\appdata deleted
C:\PROGRA~3\0241 deleted
C:\PROGRA~2\bin deleted
C:\found.000 deleted
C:\Users\FILIP\AppData\Roaming\IDResolver.txt deleted
C:\Users\FILIP\AppData\Roaming\mystcraft_logfile.txt deleted
C:\Users\FILIP\AppData\Roaming\options.txt deleted
C:\Users\FILIP\AppData\Roaming\optionsof.txt deleted
C:\Users\FILIP\AppData\Roaming\TooManyItems.txt deleted
C:\Users\FILIP\AppData\Roaming\ForgeModLoader-0.log deleted
C:\Users\FILIP\AppData\Roaming\optifog.log deleted
C:\Users\FILIP\AppData\Roaming\ProductData deleted
C:\Users\Linux\AppData\Roaming\ProductData deleted
C:\PROGRA~3\AVG Web TuneUp deleted
C:\PROGRA~3\ICQ deleted
C:\PROGRA~3\{3002E08A-4925-4821-8D06-D5FC4EBFF034} deleted
C:\PROGRA~3\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted
C:\Users\FILIP\AppData\LocalLow\IObit Apps deleted
C:\Users\Guest.FILIP-PC\AppData\LocalLow\imeshtoolbar2 deleted
C:\Users\Guest.FILIP-PC\AppData\LocalLow\AVG Secure Search deleted
C:\Users\Linux\AppData\LocalLow\imeshtoolbar2 deleted
C:\Users\mamka\AppData\LocalLow\imeshtoolbar2 deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\windows\SysNative\tasks\Game_Booster_AutoUpdate deleted
C:\Windows\SysWow64\AI_RecycleBin deleted
C:\Windows\SysWow64\searchplugins deleted
C:\Windows\SysWow64\Extensions deleted
C:\Users\Linux\AppData\Roaming\Mozilla\Firefox\Profiles\x87uq7d1.default\imeshtoolbar2 deleted
C:\Users\mamka\AppData\Roaming\Mozilla\Firefox\Profiles\66h8ul8p.default\imeshtoolbar2 deleted
C:\Users\FILIP\budik.exe deleted
"C:\Windows\Installer\48e8bf.msi" deleted
"C:\Users\FILIP\AppData\Roaming\lastlogin" deleted
"C:\ProgramData\tempraw" deleted
"C:\Users\FILIP\AppData\Roaming\Mozilla\Firefox\Profiles\lqiggqkd.default-1353230452431\extensions\iobitapps@mybrowserbar.com" deleted
"C:\Users\FILIP\AppData\Roaming\Tunngle\Local.key" deleted
"C:\Users\FILIP\AppData\Roaming\Tunngle\Local.pub" deleted
"C:\PROGRA~2\AVG Web TuneUp\vprot.exe" deleted
"C:\Users\FILIP\AppData\Roaming\Tunngle" deleted
"C:\Users\FILIP\AppData\Local\AVG Web TuneUp" deleted
"C:\PROGRA~2\AVG Web TuneUp" deleted
"C:\Users\FILIP\AppData\Local\AVG Web TuneUp\Chrome" deleted

==== Orphaned Tasks deleted from Registry ======================

Chrome Cleanup Tool post reboot run deleted
Game_Booster_AutoUpdate deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\FILIP\AppData\Roaming\Mozilla\Firefox\Profiles\lqiggqkd.default-1353230452431
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\FILIP\AppData\Roaming\Mozilla\Firefox\Profiles\yv23j9g4.default-1356541827888
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\FILIP\AppData\Roaming\Nvu\Profiles\hkq7wuue.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\GUEST~1.FIL\AppData\Roaming\Mozilla\Firefox\Profiles\7h21nn0a.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Linux\AppData\Roaming\Mozilla\Firefox\Profiles\x87uq7d1.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\mamka\AppData\Roaming\Mozilla\Firefox\Profiles\66h8ul8p.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{F53C93F1-07D5-430c-86D4-C9531B27DFAF}"="C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack" [23.07.2015 11:19]

==== Firefox Extensions ======================

ProfilePath: C:\Users\FILIP\AppData\Roaming\Nvu\Profiles\hkq7wuue.default
- Undetermined - %ProfilePath%\extensions\installed-extensions.txt
- Nvu default - %ProfilePath%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

ProfilePath: C:\Users\GUEST~1.FIL\AppData\Roaming\Mozilla\Firefox\Profiles\7h21nn0a.default
- Undetermined - C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\FILIP\AppData\Roaming\Mozilla\Firefox\Profiles\lqiggqkd.default-1353230452431
AB4D28C4769C546FD8FCCBCE0F688F8F - C:\Users\FILIP\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll - Google Talk Plugin Video Accelerator
20FF20FBC1F20ADEC0AD6AF98ABE9545 - C:\Users\FILIP\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin

Profilepath: C:\Users\FILIP\AppData\Roaming\Mozilla\Firefox\Profiles\yv23j9g4.default-1356541827888
6FE651F6E3025AD51CC1D54913AEEADC - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll - Shockwave Flash
AF8A94BCB98C299C49B28CC12EBC0ED2 - C:\Users\FILIP\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll - Google Update
20FF20FBC1F20ADEC0AD6AF98ABE9545 - C:\Users\FILIP\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
57D28190C994AD5E9B1007FB2259393A - C:\Users\FILIP\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
7ABE33792F2787D599B6963E71B9E8CD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll - Shockwave Flash
AB4D28C4769C546FD8FCCBCE0F688F8F - C:\Users\FILIP\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll - Google Talk Plugin Video Accelerator


==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Linux\AppData\Local\Google\Chrome deleted

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[08.01.2016 10:47]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
chfdnecihphmhljaaejmgoiahnihplgn - No path found[]

Skype Click to Call - FILIP\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Shortcut Manager - FILIP\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgjjeipcdnnjhgodgjpfkffcejoljijf
AVG Web TuneUp - FILIP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chfdnecihphmhljaaejmgoiahnihplgn
Lounge Assistant - FILIP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\enjonnlehciedbcidabdglnnihcncbml
AdBlock - FILIP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom

==== Chromium Fix ======================

C:\Users\FILIP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_toolbar.utorrent.com_0.localstorage deleted successfully
C:\Users\FILIP\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_www.azlyrics.com_0.localstorage deleted successfully
C:\Users\FILIP\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_www.azlyrics.com_0.localstorage-journal deleted successfully
C:\Users\FILIP\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_www.metrolyrics.com_0.localstorage deleted successfully
C:\Users\FILIP\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_www.metrolyrics.com_0.localstorage-journal deleted successfully
C:\Users\FILIP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad-emea.doubleclick.net_0.localstorage deleted successfully
C:\Users\FILIP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad-g.doubleclick.net_0.localstorage deleted successfully
C:\Users\FILIP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adserver.cybersales.cz_0.localstorage deleted successfully
C:\Users\FILIP\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_ad2.billboard.cz_0.localstorage deleted successfully
C:\Users\FILIP\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_ad2.billboard.cz_0.localstorage-journal deleted successfully
C:\Users\FILIP\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_advert.uloz.to_0.localstorage deleted successfully
C:\Users\FILIP\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_advert.uloz.to_0.localstorage-journal deleted successfully
C:\Users\FILIP\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_static.audienceinsights.net_0.localstorage deleted successfully
C:\Users\FILIP\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_static.audienceinsights.net_0.localstorage-journal deleted successfully
C:\Users\FILIP\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_static.moddb.com_0.localstorage deleted successfully
C:\Users\FILIP\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_static.moddb.com_0.localstorage-journal deleted successfully
C:\Users\FILIP\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_static2.nkcdn.cz_0.localstorage deleted successfully
C:\Users\FILIP\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_static2.nkcdn.cz_0.localstorage-journal deleted successfully
C:\Users\FILIP\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\FILIP\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
C:\Users\FILIP\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\FILIP\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\FILIP\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\FILIP\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\FILIP\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_d3mwhxgzltpnyp.cloudfront.net_0.localstorage deleted successfully
C:\Users\FILIP\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_d3mwhxgzltpnyp.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\FILIP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.mcskinsearch.com_0.localstorage deleted successfully
C:\Users\FILIP\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_eu.mcskinsearch.com_0.localstorage deleted successfully
C:\Users\FILIP\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_eu.mcskinsearch.com_0.localstorage-journal deleted successfully
C:\Users\FILIP\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_mcskinsearch.com_0.localstorage deleted successfully
C:\Users\FILIP\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_mcskinsearch.com_0.localstorage-journal deleted successfully
C:\Users\FILIP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chfdnecihphmhljaaejmgoiahnihplgn deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{1E5672EF-5D91-451A-A581-0B907CFED224}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1E5672EF-5D91-451A-A581-0B907CFED224}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
HKCU\SearchScopes\{22192590-D4B3-4215-8177-8394D54A6408} - http://www.webhledani.cz/results.aspx?i=39&tp=ie&q={searchTerms}
HKCU\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
HKCU\SearchScopes\{EE10C07B-21E2-4CED-9559-B548A0283BCA} - http://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox

==== Reset Google Chrome ======================

C:\Users\FILIP\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\FILIP\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences was reset successfully
C:\Users\FILIP\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences~RFe8326.TMP was reset successfully
C:\Users\FILIP\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences was reset successfully
C:\Users\FILIP\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\FILIP\AppData\Local\Google\Chrome\User Data\Default\Web Data.protect was reset successfully
C:\Users\FILIP\AppData\Local\Google\Chrome\User Data\Default\Web Data.ReadOnly was reset successfully
C:\Users\FILIP\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data was reset successfully
C:\Users\FILIP\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1A594BF8F3A4D1C4DB72F3A32B6E7636 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5DCAE42FB33ABBD4BADC49BA450CE41C deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\chfdnecihphmhljaaejmgoiahnihplgn deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iMesh deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Web TuneUp deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\imeshtoolbar2 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F24EACD5-A33B-4DBB-ABCD-94AB54C04EC1} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3A787631-66A2-4634-B928-A37E73B58FB6} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Eusing Free Video Converter deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\1A594BF8F3A4D1C4DB72F3A32B6E7636 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\5DCAE42FB33ABBD4BADC49BA450CE41C deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ROC_ROC_JULY_P1 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorShield deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdater deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\FILIP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\FILIP\AppData\Local\Mozilla\Firefox\Profiles\yv23j9g4.default-1356541827888\Cache emptied successfully
C:\Users\FILIP\AppData\Local\Mozilla\Firefox\Profiles\yv23j9g4.default-1356541827888\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\FILIP\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\FILIP\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1451 folders=282 354214222 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\FILIP\AppData\Local\Temp will be emptied at reboot
C:\Users\Guest\AppData\Local\Temp emptied successfully
C:\Users\Guest.FILIP-PC\AppData\Local\Temp emptied successfully
C:\Users\Linux\AppData\Local\Temp emptied successfully
C:\Users\mamka\AppData\Local\Temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\FILIP\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on p  12.02.2016 at 16:56:54,00 ======================

[Impra]

Je potřeba i log z combofixu?