Kontrola logu (podezření na keylogger)

[jerabina]

Ano, ten je nezbytný.

[Reklama]

[Impra]

Dobře, jdu na to.

[Impra]

ComboFix 16-02-09.01 - FILIP 12.02.2016 17:30:15.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4095.2111 [GMT 1:00]
Spuštěný z: c:\users\FILIP\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2012 *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: AVG AntiVirus Free Edition 2012 *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Uninstall.exe
c:\users\FILIP\AppData\Local[j0002]-[p04].bmp
c:\users\FILIP\AppData\Local[j0002]-[p06].bmp
c:\users\FILIP\AppData\Local[j0003]-[p06].bmp
c:\users\FILIP\AppData\Local[j0004]-[p06].bmp
c:\users\FILIP\AppData\Local\Temp\NOSEventMessages.dll
c:\users\FILIP\AppData\Roaming\Config
c:\users\FILIP\AppData\Roaming\Config\IDResolverknownIDs.properties
c:\users\FILIP\AppData\Roaming\Config\IDResolvermodPriorities.properties
c:\users\FILIP\AppData\Roaming\Config\mod_MinecraftForge.cfg
c:\users\FILIP\AppData\Roaming\Config\mod_Somnia.cfg
c:\users\FILIP\AppData\Roaming\Config\mystcraft_config.txt
c:\users\FILIP\Documents\utorrent.exe.20153.tmp
c:\users\FILIP\Documents\utorrent.exe.20578.tmp
c:\users\FILIP\Documents\utorrent.exe.428.tmp
c:\users\FILIP\Documents\utorrent.exe.9681.tmp
c:\windows\iun6002.exe
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-01-12 do 2016-02-12 )))))))))))))))))))))))))))))))
.
.
2016-02-12 16:44 . 2016-02-12 16:44 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2016-02-12 16:44 . 2016-02-12 16:44 -------- d-----w- c:\users\mamka\AppData\Local\temp
2016-02-12 16:44 . 2016-02-12 16:44 -------- d-----w- c:\users\Linux\AppData\Local\temp
2016-02-12 16:44 . 2016-02-12 16:44 -------- d-----w- c:\users\Guest\AppData\Local\temp
2016-02-12 15:54 . 2016-02-12 15:54 -------- d-----w- c:\users\FILIP\AppData\Roaming\ProductData
2016-02-12 15:49 . 2016-02-12 14:52 24064 ----a-w- c:\windows\zoek-delete.exe
2016-02-12 15:49 . 2016-02-12 16:50 -------- d-----w- c:\users\FILIP\AppData\Local\Temp
2016-02-12 14:52 . 2016-02-12 15:52 -------- d-----w- C:\zoek_backup
2016-02-12 14:16 . 2016-02-12 14:16 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-02-12 14:16 . 2016-02-12 14:49 -------- d-----w- c:\programdata\RogueKiller
2016-02-11 17:19 . 2016-02-12 16:49 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-02-11 17:18 . 2016-02-11 17:18 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-02-11 17:18 . 2016-02-11 17:18 -------- d-----w- c:\programdata\Malwarebytes
2016-02-11 17:18 . 2015-10-05 08:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-02-11 17:18 . 2015-10-05 08:50 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-02-11 17:18 . 2015-10-05 08:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-02-11 17:12 . 2016-02-11 19:25 -------- d-----w- C:\AdwCleaner
2016-02-07 11:32 . 2016-02-07 11:32 -------- d-----w- c:\program files (x86)\licenses
2016-02-07 11:27 . 2016-02-07 11:27 329944 ----a-w- c:\program files (x86)\lua5.1.dll
2016-02-07 11:27 . 2016-02-07 11:32 -------- d-----w- c:\program files (x86)\Uninstall
2016-01-16 18:27 . 2016-01-16 18:50 -------- d-s---w- c:\windows\system32\GWX
2016-01-16 18:27 . 2016-01-16 18:27 -------- d-s---w- c:\windows\SysWow64\GWX
2016-01-16 18:26 . 2016-01-16 18:26 -------- d-----w- c:\windows\system32\appraiser
2016-01-16 16:40 . 2016-01-16 16:40 -------- d-----w- C:\76363729cdd8ef937d2a23fb648b86
2016-01-16 15:37 . 2016-01-16 16:16 -------- d-----w- c:\windows\system32\MRT
2016-01-16 14:15 . 2016-01-16 14:15 -------- d-----w- c:\program files (x86)\Microsoft ASP.NET
2016-01-16 13:56 . 2015-06-25 10:06 115136 ----a-w- c:\windows\system32\consent.exe
2016-01-16 13:56 . 2015-06-25 10:01 1941504 ----a-w- c:\windows\system32\authui.dll
2016-01-16 13:56 . 2015-06-25 10:01 70656 ----a-w- c:\windows\system32\appinfo.dll
2016-01-16 13:56 . 2015-06-25 09:44 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2016-01-16 13:56 . 2015-07-23 00:02 1390592 ----a-w- c:\windows\system32\diagtrack.dll
2016-01-16 13:56 . 2015-07-22 16:48 41984 ----a-w- c:\windows\system32\UtcResources.dll
2016-01-16 13:56 . 2015-07-23 00:02 879104 ----a-w- c:\windows\system32\tdh.dll
2016-01-16 13:56 . 2015-07-22 17:53 635392 ----a-w- c:\windows\SysWow64\tdh.dll
2016-01-16 13:54 . 2015-02-03 03:34 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2016-01-16 13:53 . 2015-12-08 21:54 358400 ----a-w- c:\windows\SysWow64\WMVSENCD.DLL
2016-01-16 13:52 . 2015-07-30 18:06 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2016-01-16 13:51 . 2014-10-14 02:13 683520 ----a-w- c:\windows\system32\termsrv.dll
2016-01-16 13:50 . 2015-07-04 18:07 2087424 ----a-w- c:\windows\system32\ole32.dll
2016-01-16 13:49 . 2014-06-18 22:23 81560 ----a-w- c:\windows\SysWow64\mscories.dll
2016-01-16 13:38 . 2015-11-03 19:04 241664 ----a-w- c:\windows\system32\els.dll
2016-01-16 13:38 . 2015-11-03 18:55 179712 ----a-w- c:\windows\SysWow64\els.dll
2016-01-16 13:12 . 2014-07-17 02:07 235520 ----a-w- c:\windows\system32\winsta.dll
2016-01-16 13:12 . 2014-07-17 02:07 150528 ----a-w- c:\windows\system32\rdpcorekmts.dll
2016-01-16 13:12 . 2014-07-17 02:07 455168 ----a-w- c:\windows\system32\winlogon.exe
2016-01-16 13:12 . 2014-07-17 01:40 157696 ----a-w- c:\windows\SysWow64\winsta.dll
2016-01-16 13:12 . 2014-07-17 01:21 212480 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2016-01-16 13:12 . 2014-07-17 01:21 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2016-01-16 13:10 . 2015-12-30 19:08 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2016-01-16 13:09 . 2015-10-01 18:00 1737216 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2016-01-16 13:08 . 2015-09-02 03:04 41984 ----a-w- c:\windows\system32\lpk.dll
2016-01-16 13:08 . 2015-09-02 03:04 46080 ----a-w- c:\windows\system32\atmlib.dll
2016-01-16 13:08 . 2015-09-02 02:48 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2016-01-16 13:08 . 2015-09-02 01:47 372736 ----a-w- c:\windows\system32\atmfd.dll
2016-01-16 13:08 . 2015-09-02 01:33 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
2016-01-16 13:08 . 2015-09-02 03:04 100864 ----a-w- c:\windows\system32\fontsub.dll
2016-01-16 13:08 . 2015-09-02 03:04 14336 ----a-w- c:\windows\system32\dciman32.dll
2016-01-16 13:08 . 2015-09-02 02:48 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2016-01-16 13:08 . 2015-09-02 02:48 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2016-01-16 13:08 . 2015-09-02 02:47 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2016-01-16 13:07 . 2015-12-08 21:52 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2016-01-16 13:07 . 2015-12-08 19:07 405504 ----a-w- c:\windows\system32\gdi32.dll
2016-01-16 13:07 . 2014-10-25 01:57 77824 ----a-w- c:\windows\system32\packager.dll
2016-01-16 13:07 . 2014-10-25 01:32 67584 ----a-w- c:\windows\SysWow64\packager.dll
2016-01-16 13:07 . 2014-12-08 03:09 406528 ----a-w- c:\windows\system32\scesrv.dll
2016-01-16 13:07 . 2014-12-08 02:46 308224 ----a-w- c:\windows\SysWow64\scesrv.dll
2016-01-16 13:07 . 2015-03-04 04:55 367552 ----a-w- c:\windows\system32\clfs.sys
2016-01-16 13:07 . 2015-03-04 04:41 79360 ----a-w- c:\windows\system32\clfsw32.dll
2016-01-16 13:07 . 2015-03-04 04:10 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll
2016-01-16 13:06 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2016-01-16 13:06 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2016-01-16 11:06 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
2016-01-16 11:06 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
2016-01-16 11:06 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
2016-01-16 11:06 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
2016-01-16 11:02 . 2014-05-14 08:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
2016-01-16 11:02 . 2014-05-14 08:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
2016-01-16 11:02 . 2014-05-14 08:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2016-01-16 11:02 . 2014-05-14 08:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2016-01-15 14:42 . 2016-02-12 16:06 -------- d-----w- c:\users\FILIP\AppData\Local\Spotify
2016-01-15 14:40 . 2016-02-12 15:59 -------- d-----w- c:\users\FILIP\AppData\Roaming\Spotify
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-02-09 21:17 . 2012-06-18 13:10 796864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-02-09 21:17 . 2011-07-11 06:43 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-02-07 20:33 . 2014-05-30 19:08 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2016-02-07 20:33 . 2010-06-13 19:53 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2016-02-07 15:38 . 2010-06-13 19:43 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2016-01-16 15:37 . 2009-10-06 14:11 143671360 ----a-w- c:\windows\system32\MRT.exe
2015-12-30 18:37 . 2016-01-16 13:10 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-12-29 13:54 . 2010-06-13 19:43 2434856 ----a-w- c:\windows\SysWow64\pbsvc_bc2.exe
2009-09-08 14:48 64735 --sha-r- c:\windows\ConfigSetRoot\command.com
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\WatermarkMaster]
@="{E09DD638-92D3-4871-9ED0-708A6C7115BD}"
[HKEY_CLASSES_ROOT\CLSID\{E09DD638-92D3-4871-9ED0-708A6C7115BD}]
2007-06-11 12:59 81920 ----a-w- c:\program files (x86)\Videocharge Software\Watermark Master\FolderIcon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\WatermarkMaster1]
@="{550636DD-B4DF-4E86-8F3C-7C71E59D14DC}"
[HKEY_CLASSES_ROOT\CLSID\{550636DD-B4DF-4E86-8F3C-7C71E59D14DC}]
2007-06-11 12:59 81920 ----a-w- c:\program files (x86)\Videocharge Software\Watermark Master\FolderIcon.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2016-02-04 3014224]
"Overwolf"="c:\program files (x86)\Overwolf\Overwolf.exe" [2016-01-20 45296]
"WMFinishInstall"="c:\program files (x86)\Videocharge Software\Watermark Master\FinishInstallation.exe" [2007-06-11 159744]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2013-10-02 1090912]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"Dxtory Update Checker 2.0"="c:\program files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe" [2010-10-17 93696]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2016-02-02 50605696]
"Spotify Web Helper"="c:\users\FILIP\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2016-01-30 2355312]
"Spotify"="c:\users\FILIP\AppData\Roaming\Spotify\Spotify.exe" [2016-01-30 8449136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2015-05-18 2598912]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2015-11-12 5565448]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2014-09-16 839384]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"GK-862 Driver"="c:\program files (x86)\EVOLVEO\Gaming Keyboard\Monitor.exe" [2013-11-21 479232]
"AvgUi"="c:\program files (x86)\AVG\Framework\Common\avguirnx.exe" [2016-01-12 179624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.11.266\McCHSvc.exe;c:\program files\McAfee Security Scan\3.11.266\McCHSvc.exe [x]
R3 MSILiveVirtualCamera;MSI Live Virtual Camera;c:\windows\system32\DRIVERS\MSILiveVirtualCamera.sys;c:\windows\SYSNATIVE\DRIVERS\MSILiveVirtualCamera.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 OverwolfUpdater;Overwolf Updater Windows SCM;c:\program files (x86)\Overwolf\OverwolfUpdater.exe;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [x]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS;c:\windows\SYSNATIVE\DRIVERS\PFC027.SYS [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [x]
S2 avgsvc;AVG Service;c:\program files (x86)\AVG\Framework\Common\avgsvca.exe;c:\program files (x86)\AVG\Framework\Common\avgsvca.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LOGMEIN HAMACHI\LMIGUARDIANSVC.EXE;c:\program files (x86)\LOGMEIN HAMACHI\LMIGUARDIANSVC.EXE [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsfiltera.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-02-10 19:31 1090376 ----a-w- c:\program files (x86)\Google\Chrome\Application\48.0.2564.109\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2016-02-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-18 21:17]
.
2016-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-12-20 10:54]
.
2016-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-12-20 10:54]
.
2016-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1017595815-1696786224-2602232475-1000Core.job
- c:\users\FILIP\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-22 08:41]
.
2016-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1017595815-1696786224-2602232475-1000UA.job
- c:\users\FILIP\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-22 08:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-11-06 2464072]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-11-06 2800296]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
TCP: DhcpNameServer = 213.46.172.37 213.46.172.36
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} -
DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} - hxxp://www.fifa-online.easports.com/fo3 ... uncher.cab
FF - ProfilePath - c:\users\FILIP\AppData\Roaming\Mozilla\Firefox\Profiles\yv23j9g4.default-1356541827888\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-SpywareTerminatorUpdate - c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Web TuneUp\vprot.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
SafeBoot-SolutoService
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
AddRemove-CToolbar_UNINSTALL - c:\progra~2\Crawler\Toolbar\CToolbar.exe
AddRemove-Euro Truck Simulator 2 v1.22.0.3 (29 DLC)1.22.0.3 - c:\program files (x86)\uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
AddRemove-uTorrentControl2 Toolbar - c:\program files (x86)\uTorrentControl2\uninstall.exe
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
AddRemove-{3A787631-66A2-4634-B928-A37E73B58FB6} - c:\users\FILIP\AppData\Roaming\Slick Savings\uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1017595815-1696786224-2602232475-1000\Software\SecuROM\License information*]
"datasecu"=hex:b7,c9,bf,98,92,e0,70,2c,f8,d8,6d,a9,c2,9a,b4,a3,0a,8e,09,e4,69,
d2,86,f0,6b,35,8b,30,2d,17,5c,3c,74,f9,33,21,80,fd,b2,a3,87,bf,d0,a1,03,e6,\
"rkeysecu"=hex:72,af,96,77,c5,fc,1e,d3,12,2e,86,eb,24,2f,19,a6
.
[HKEY_LOCAL_MACHINE\software\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_306_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_306_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.20"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
.
**************************************************************************
.
Celkový čas: 2016-02-12 17:58:51 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-02-12 16:58
.
Před spuštěním: Volných bajtů: 24 656 244 736
Po spuštění: Volných bajtů: 24 332 668 928
.
- - End Of File - - C3EAA2B978B677AF68A7351E0E597D97
A36C5E4F47E84449FF07ED3517B43A31

[Impra]

To je z toho ComboFixu.

[jerabina]

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::

Folder::
c:\programdata\RogueKiller
C:\76363729cdd8ef937d2a23fb648b86
c:\program files (x86)\AVG Secure Search
c:\program files (x86)\IObit
c:\program files (x86)\Skype\Updater
c:\program files\McAfee Security Scan
c:\program files (x86)\Google\Update
c:\program files (x86)\Spyware Terminator
c:\program files (x86)\AVG Web TuneUp

File::
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1017595815-1696786224-2602232475-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1017595815-1696786224-2602232475-1000UA.job
c:\windows\System32\SPReview\SPReview.exe
C:\Windows\inf\msuggeqp\diablo130302.cl
C:\Windows\inf\msuggeqp\diakgcn121016.cl
C:\Windows\inf\msuggeqp\libcurl.dll
C:\Windows\inf\msuggeqp\libeay32.dll
C:\Windows\inf\msuggeqp\libidn-11.dll
C:\Windows\inf\msuggeqp\librtmp.dll
Trojan.Miner, C:\Windows\inf\msuggeqp\libssh2.dll
C:\Windows\inf\msuggeqp\libusb-1.0.dll
C:\Windows\inf\msuggeqp\phatk121016.cl
C:\Windows\inf\msuggeqp\poclbm130302.cl
C:\Windows\inf\msuggeqp\scrypt130511.cl
C:\Windows\inf\msuggeqp\ssleay32.dll
C:\Windows\inf\msuggeqp\zlib1.dll
C:\Windows\inf\msuggeqp\bitstreams\fpgaminer_top_fixed7_197MHz.ncd
C:\Windows\inf\msuggeqp\bitstreams\ztex_ufm1_15b1.bit
C:\Windows\inf\msuggeqp\bitstreams\ztex_ufm1_15d1.bit
C:\Windows\inf\msuggeqp\bitstreams\ztex_ufm1_15d3.bit
C:\Windows\inf\msuggeqp\bitstreams\ztex_ufm1_15d4.bin
C:\Windows\inf\msuggeqp\bitstreams\ztex_ufm1_15d4.bit
C:\Windows\inf\msuggeqp\bitstreams\ztex_ufm1_15y1.bin 
C:\Windows\inf\msuggeqp\bitstreams\ztex_ufm1_15y1.bit
C:\ProgramData\lsass.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
"Dxtory Update Checker 2.0"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn Hamachi Ui"=-
"SunJavaUpdateSched"=-

[-HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ROC_roc_dec12"=-
"Adobe ARM"=-

Driver::
LiveUpdateSvc
SkypeUpdate
McComponentHostService
WinRing0_1_2_0

DDS::
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
IE: Crawler Search - tbr:iemenu
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} -
FF - prefs.js: browser.startup.homepage - about:home

RegLock::
[HKEY_USERS\S-1-5-21-1017595815-1696786224-2602232475-1000\Software\SecuROM\License information*]
"datasecu"=hex:b7,c9,bf,98,92,e0,70,2c,f8,d8,6d,a9,c2,9a,b4,a3,0a,8e,09,e4,69,
 d2,86,f0,6b,35,8b,30,2d,17,5c,3c,74,f9,33,21,80,fd,b2,a3,87,bf,d0,a1,03,e6,\
"rkeysecu"=hex:72,af,96,77,c5,fc,1e,d3,12,2e,86,eb,24,2f,19,a6

[HKEY_LOCAL_MACHINE\software\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_306_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_306_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.20"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť:

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu, klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[Impra]

Teďkom bych potřeboval radu. Jelikož jsem nemehlo zkopíroval jsem jen ClearJavaCache::
KillAll::

Folder::
c:\programdata\RogueKiller
C:\76363729cdd8ef937d2a23fb648b86
c:\program files (x86)\AVG Secure Search
c:\program files (x86)\IObit
c:\program files (x86)\Skype\Updater
c:\program files\McAfee Security Scan
c:\program files (x86)\Google\Update
c:\program files (x86)\Spyware Terminator
c:\program files (x86)\AVG Web TuneUp
Nic se nedělo, tak jsem to vypnul nešlo se připojit k internetu něco s DNS. Tak jsem restaroval PC internet už jede. Mám ten proces opakovat? Nebo něco v tom scriptu přepsat?

[jaro3]

Zopakuj celý script .

[Impra]

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2016-02-13 16:12:01
-----------------------------
16:12:01.192 OS Version: Windows x64 6.1.7601 Service Pack 1
16:12:01.192 Number of processors: 2 586 0x170A
16:12:01.193 ComputerName: FILIP-PC UserName: FILIP
16:12:03.855 Initialize success
16:12:03.966 VM: initialized successfully
16:12:03.967 VM: Intel CPU supported
16:12:14.982 VM: disk I/O atapi.sys
16:12:24.406 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
16:12:24.411 Disk 0 Vendor: WDC_WD5000AAKS-00V1A0 05.01D05 Size: 476940MB BusType: 3
16:12:24.433 Disk 0 MBR read successfully
16:12:24.436 Disk 0 MBR scan
16:12:24.438 Disk 0 Windows 7 default MBR code
16:12:24.455 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
16:12:24.458 Disk 0 Boot: NTFS code=1
16:12:24.471 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476739 MB offset 411648
16:12:24.488 Disk 0 scanning C:\Windows\system32\drivers
16:12:32.822 Service scanning
16:12:48.749 Modules scanning
16:12:48.759 Disk 0 trace - called modules:
16:12:48.789 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80039a42c0]<<sptd.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
16:12:48.793 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004580440]
16:12:48.797 3 CLASSPNP.SYS[fffff880015d143f] -> nt!IofCallDriver -> [0xfffffa800442f580]
16:12:48.801 5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8004431060]
16:12:48.806 \Driver\atapi[0xfffffa8004401060] -> IRP_MJ_CREATE -> 0xfffffa80039a42c0
16:12:48.811 Disk 0 statistics 99506/0/0 @ 7,04 MB/s
16:12:48.815 Scan finished successfully
16:13:30.891 Disk 0 MBR has been saved successfully to "C:\Users\FILIP\Desktop\MBR.dat"
16:13:30.897 The log file has been saved successfully to "C:\Users\FILIP\Desktop\aswMBR.txt"

[Impra]

log z combofixu nemuzu nikde najít, musel jsem po tom scriptu obnovit PC nešel mě nahodit windows.

[Orcus]

Zkus provést skript v nouzovém režimu.

[Impra]

A už se to nějak blíží k závěru? Dalo se z toho už něco zjistit jestli tam nějakej keylogger je nebo není? páč já jsem uplně mimo a nemám šajnu, co dělám

[jerabina]

Aktuálně potřebujeme, aby jsi se řídil instrukcemi, takže udělal ComboFix se skriptem v nouzovém režimu. Bez toho se dále nedostaneme .. každopádně máš tam spoustu bordelu, jestli tam je keylogger si nejsem jistý.