Prosím o kontrolu logu Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: memphisto, Mods_senior, Security team

FooDMasteR
Level 2.5
Level 2.5
Příspěvky: 268
Registrován: duben 11
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod FooDMasteR » 03 zář 2017 10:04

RogueKiller

Omylem jsem neoznačil napoprvé všechno, tak jsem to musel pustit dvakrát ale druhý log nemůžu najít. Posílám ten první.

RogueKiller V12.11.11.0 [Aug 21 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Spuštěno : Normální režim
Uživatel : AutoCont [Práva správce]
Started from : C:\Users\AutoCont\Desktop\RogueKiller_portable32.exe
Mód : Smazat -- Datum : 08/31/2017 10:05:10 (Duration : 00:49:45)

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 11 ¤¤¤
[PUM.Proxy] HKEY_USERS\S-1-5-21-2588390014-3003545289-3532412750-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Nevybráno
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://cs.intl.acer.yahoo.com -> Nevybráno
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://cs.intl.acer.yahoo.com -> Nevybráno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 1.1.1.1 8.8.8.8 ([AU][-]) -> Nevybráno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{761BB808-11F2-4392-99B7-FB3EB6061B91} | DhcpNameServer : 1.1.1.1 8.8.8.8 ([AU][-]) -> Nevybráno
[Tr.Gen0] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{8B720273-1ACA-469F-BA95-AFB8D98B9A68}C:\users\autocont\pictures\2011-07-12 001\documents\downloads\winbox.exe : v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\autocont\pictures\2011-07-12 001\documents\downloads\winbox.exe|Name=winbox.exe|Desc=winbox.exe|Edge=FALSE| [x] -> Smazáno
[Tr.Gen0] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{69274805-D9A5-48B6-8F6D-09BC65135B99}C:\users\autocont\pictures\2011-07-12 001\documents\downloads\winbox.exe : v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\autocont\pictures\2011-07-12 001\documents\downloads\winbox.exe|Name=winbox.exe|Desc=winbox.exe|Edge=FALSE| [x] -> Smazáno
[Tr.Gen0] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{8B720273-1ACA-469F-BA95-AFB8D98B9A68}C:\users\autocont\pictures\2011-07-12 001\documents\downloads\winbox.exe : v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\autocont\pictures\2011-07-12 001\documents\downloads\winbox.exe|Name=winbox.exe|Desc=winbox.exe|Edge=FALSE| [x] -> Smazáno
[Tr.Gen0] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{69274805-D9A5-48B6-8F6D-09BC65135B99}C:\users\autocont\pictures\2011-07-12 001\documents\downloads\winbox.exe : v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\autocont\pictures\2011-07-12 001\documents\downloads\winbox.exe|Name=winbox.exe|Desc=winbox.exe|Edge=FALSE| [x] -> Smazáno
[Tr.Gen0] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{8B720273-1ACA-469F-BA95-AFB8D98B9A68}C:\users\autocont\pictures\2011-07-12 001\documents\downloads\winbox.exe : v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\autocont\pictures\2011-07-12 001\documents\downloads\winbox.exe|Name=winbox.exe|Desc=winbox.exe|Edge=FALSE| [x] -> Smazáno
[Tr.Gen0] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{69274805-D9A5-48B6-8F6D-09BC65135B99}C:\users\autocont\pictures\2011-07-12 001\documents\downloads\winbox.exe : v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\autocont\pictures\2011-07-12 001\documents\downloads\winbox.exe|Name=winbox.exe|Desc=winbox.exe|Edge=FALSE| [x] -> Smazáno

¤¤¤ Úlohy : 13 ¤¤¤
[Hj.Shortcut] \{07D881D8-8A27-40B9-A481-1F139FB6D3A2} -- "c:\program files\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/4.1.0.141/cs/a ... ltbrowser2) -> Smazáno
[Hj.Shortcut] \{2E56DB05-4F10-48A5-A52D-0BFBD3D8C803} -- "c:\program files\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/4.1.0.141/cs/a ... ltbrowser2) -> Smazáno
[Hj.Shortcut] \{4DB01043-59F8-4D96-BEFF-8FC64E1B1612} -- "c:\program files\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/5.5.0.124.259/ ... d;disabled) -> Smazáno
[Hj.Shortcut] \{6A20AAD2-E913-4A7B-9BAE-7C171F2652C8} -- "c:\program files\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/4.2.0.152/cs/g ... Error=1603) -> Smazáno
[Hj.Shortcut] \{79958A69-40F6-470A-BD9A-85338E5EEC4D} -- "c:\program files\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/5.5.0.124.259/ ... tinstaller) -> Smazáno
[Hj.Shortcut] \{7ED6081A-6D80-4039-9103-7DBFC11E8594} -- "c:\program files\google\chrome\application\chrome.exe" (http://ui.skype.com/ui/0/6.6.73.106.456 ... age=tsMain) -> Smazáno
[Hj.Shortcut] \{8ECF6882-00E9-4618-A30C-40A0A3FDE870} -- "c:\program files\google\chrome\application\chrome.exe" (http://ui.skype.com/ui/0/6.6.73.106.456 ... age=tsBing) -> Smazáno
[Hj.Shortcut] \{A1B58029-39D0-4FF3-8B9D-C7B0EDB520E8} -- "c:\program files\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/5.3.0.120.259/ ... adedefault) -> Smazáno
[Hj.Shortcut] \{AA53ACC2-D2DC-4975-A873-706F41FAC45C} -- "c:\program files\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/7.17.0.105.259 ... age=tsMain) -> Smazáno
[Hj.Shortcut] \{AE6B3FBF-65AA-420F-914A-76076E9C7C85} -- "c:\program files\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/5.1.0.104.259/ ... velpresent) -> Smazáno
[Hj.Shortcut] \{AEAAA158-B2C6-4184-9941-8AF1C1BB4284} -- "c:\program files\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/5.3.0.120.259/ ... velpresent) -> Smazáno
[Hj.Shortcut] \{FAFFE941-5D00-415A-866E-777D5044BE5D} -- "c:\program files\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/4.1.0.141/cs/a ... ltbrowser2) -> Smazáno
[Hj.Shortcut] \{FE5CE28F-3B65-4C0B-8C4E-06834AD18F87} -- "c:\program files\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/4.1.0.141/cs/a ... ltbrowser2) -> Smazáno

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS542516K9SA00 ATA Device +++++
--- User ---
[MBR] 41bac060d3705df50b7223d14d939549
[BSP] a6fd32d9d93473571153e9846cd9a1ca : Acer|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 11993 MB
1 - [ACTIVE] FAT16 (0x6) [VISIBLE] Offset (sectors): 24563712 | Size: 70424 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 168792064 | Size: 70208 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Zoek


Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by AutoCont on pá 01.09.2017 at 23:38:27,90.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\AutoCont\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2017-08-31-205200.log 1255 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Program Files\Alwil Software deleted successfully
C:\Program Files\Fotolab deleted successfully
C:\Program Files\JetAudio deleted successfully
C:\Program Files\MSXML 4.0 deleted successfully
C:\Program Files\TiskProRadost deleted successfully
C:\Program Files\Yahoo! deleted successfully
C:\Program Files\Common Files\Nero deleted successfully
C:\Program Files\Common Files\Steam deleted successfully
C:\Program Files\Common Files\SWF Studio deleted successfully
C:\PROGRA~2\BlazeVideo deleted successfully
C:\PROGRA~2\Oracle deleted successfully
C:\PROGRA~2\SSScanAppDataDir deleted successfully
C:\PROGRA~2\WLInstaller deleted successfully
C:\Users\AutoCont\AppData\Roaming\COWON deleted successfully
C:\Users\AutoCont\AppData\Roaming\Media Player Classic deleted successfully
C:\Users\AutoCont\AppData\Roaming\Yahoo! deleted successfully
C:\Users\AutoCont\AppData\Local\MakeDisc deleted successfully
C:\Users\AutoCont\AppData\Local\MicroVision Applications deleted successfully
C:\Users\AutoCont\AppData\Local\Skype deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2588390014-3003545289-3532412750-1000\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\AutoCont\AppData\Roaming\Mozilla\Firefox\Profiles\mi0bt6ry.default\prefs.js:
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\AutoCont\AppData\Roaming\Mozilla\Firefox\Profiles\mi0bt6ry.default\prefs.js:

Deleted from C:\Users\AutoCont\AppData\Roaming\Thunderbird\Profiles\ldp2lv04.default\prefs.js:

Added to C:\Users\AutoCont\AppData\Roaming\Thunderbird\Profiles\ldp2lv04.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\AutoCont\AppData\Roaming\Mozilla\Firefox\Profiles\mi0bt6ry.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_02.09.2017_0010_.backup

ProfilePath: C:\Users\AutoCont\AppData\Roaming\Thunderbird\Profiles\ldp2lv04.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_02.09.2017_0010_.backup

==== Deleting Files \ Folders ======================

C:\Program Files\Alwil Software not found
C:\Program Files\Fotolab not found
C:\Program Files\JetAudio not found
C:\Program Files\TiskProRadost not found
C:\Program Files\Yahoo! not found
C:\Program Files\Windows Live SkyDrive deleted
C:\Program Files\GUM4AB5.tmp deleted
C:\PROGRA~2\Package Cache deleted
C:\Windows\system32\config\systemprofile\AppData\Local\AVAST Software deleted
C:\Users\AutoCont\AppData\Roaming\Mozilla\Firefox\Profiles\mi0bt6ry.default\Invalidprefs.js deleted
C:\Users\AutoCont\AppData\Roaming\Mozilla\Firefox\Profiles\mi0bt6ry.default\GoogleToolbarData deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\AutoCont\AppData\Roaming\Thunderbird\Profiles\ldp2lv04.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [09.08.2012 21:15]

ComboFix

ComboFix 17-09-01.01 - AutoCont 01.09.2017 23:10:48.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2037.238 [GMT 2:00]
Spuštěný z: c:\users\AutoCont\Desktop\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\page
c:\programdata\page\page.ico
c:\programdata\page\page.URL
c:\users\AutoCont\AppData\Roaming\.#
c:\users\AutoCont\AppData\Roaming\.#\MBX@11E0@3F2990.###
c:\users\AutoCont\AppData\Roaming\.#\MBX@11E0@3F29C0.###
c:\users\AutoCont\AppData\Roaming\.#\MBX@11E0@3F29F0.###
c:\users\AutoCont\AppData\Roaming\.#\MBX@1548@1D02990.###
c:\users\AutoCont\AppData\Roaming\.#\MBX@1548@1D029C0.###
c:\users\AutoCont\AppData\Roaming\.#\MBX@1548@1D029F0.###
c:\users\AutoCont\AppData\Roaming\.#\MBX@4B7C@1B52990.###
c:\users\AutoCont\AppData\Roaming\.#\MBX@4B7C@1B529C0.###
c:\users\AutoCont\AppData\Roaming\.#\MBX@4B7C@1B529F0.###
c:\users\AutoCont\AppData\Roaming\.#\MBX@E34@1BB2990.###
c:\users\AutoCont\AppData\Roaming\.#\MBX@E34@1BB29C0.###
c:\users\AutoCont\AppData\Roaming\.#\MBX@E34@1BB29F0.###
c:\users\AutoCont\AppData\Roaming\Microsoft\Windows\Recent\FastStone Image Viewer (2).url
c:\users\AutoCont\AppData\Roaming\Microsoft\Windows\Recent\FastStone Image Viewer.url
c:\windows\system32\AF15BDAEX.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2017-08-01 do 2017-09-01 )))))))))))))))))))))))))))))))
.
.
2017-09-01 21:28 . 2017-09-01 21:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-09-01 20:58 . 2017-09-01 20:58 -------- d-----w- c:\programdata\SWCUTemp
2017-08-31 20:52 . 2017-08-31 20:52 -------- dc----w- C:\$AV_ASW
2017-08-31 20:48 . 2017-08-31 20:48 -------- dc----w- C:\zoek_backup
2017-08-31 07:33 . 2017-08-26 06:49 84928 ----a-w- c:\windows\system32\drivers\aswHdsKe.sys
2017-08-28 13:12 . 2017-08-31 19:50 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-08-28 13:06 . 2017-08-28 14:33 -------- d-----w- c:\programdata\RogueKiller
2017-08-28 06:25 . 2017-08-28 06:25 -------- d-----w- c:\programdata\Sophos
2017-08-28 06:23 . 2017-08-28 06:23 -------- d-----w- c:\program files\Sophos
2017-08-26 06:48 . 2017-08-26 22:29 -------- dc----w- C:\AdwCleaner
2017-08-22 22:27 . 2017-08-22 22:27 -------- dc----w- C:\My PDF
2017-08-22 22:27 . 2017-08-22 22:27 -------- d-----w- c:\program files\Weeny Free Word to PDF Converter
2017-08-21 20:06 . 2013-11-12 10:53 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2017-08-21 17:16 . 2017-08-21 17:16 -------- d-----w- c:\users\Public\CyberLink
2017-08-21 17:15 . 2017-08-21 17:15 -------- d-----w- c:\users\AutoCont\Tracing
2017-08-21 17:12 . 2017-08-21 17:12 -------- d-----w- c:\program files\Common Files\Skype
2017-08-21 16:36 . 2017-08-21 15:22 303280 ----a-w- c:\windows\system32\aswBoot.exe
2017-08-21 16:13 . 2015-07-18 13:14 11616 ----a-w- c:\windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2017-08-21 15:59 . 2017-08-21 15:59 -------- d-----w- c:\windows\system32\config\systemprofile\{f871cebf-10d6-4121-aa88-b4d98fc12971}
2017-08-21 15:50 . 2017-08-21 15:50 -------- dc----w- C:\0b0ff799c201f75fe3cc72ff
2017-08-21 15:48 . 2017-08-21 15:48 -------- d-----w- c:\programdata\Package Cache
2017-08-21 15:35 . 2017-08-21 15:35 39752 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2017-08-21 15:32 . 2017-08-21 15:32 -------- d-----w- c:\users\AutoCont\AppData\Local\CEF
2017-08-21 15:28 . 2017-08-21 15:25 202688 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2017-08-21 15:28 . 2017-08-21 15:25 496976 ----a-w- c:\windows\system32\drivers\aswSP.sys
2017-08-21 15:28 . 2017-08-21 15:25 296312 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2017-08-21 15:28 . 2017-08-21 17:44 123928 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2017-08-21 15:28 . 2017-08-21 15:25 70840 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2017-08-21 15:28 . 2017-08-21 15:25 42824 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2017-08-21 15:28 . 2017-08-21 17:44 774320 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2017-08-21 15:28 . 2017-08-21 15:25 70088 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2017-08-21 15:28 . 2017-08-21 15:19 50384 ----a-w- c:\windows\system32\drivers\aswbunivx.sys
2017-08-21 15:28 . 2017-08-21 15:19 276736 ----a-w- c:\windows\system32\drivers\aswblogx.sys
2017-08-21 15:28 . 2017-08-21 15:19 157416 ----a-w- c:\windows\system32\drivers\aswbidshx.sys
2017-08-21 15:28 . 2017-08-21 15:19 267008 ----a-w- c:\windows\system32\drivers\aswbidsdriverx.sys
2017-08-21 15:27 . 2017-08-21 15:23 921280 ----a-w- c:\windows\ucrtbase.dll
2017-08-21 15:12 . 2017-08-21 15:35 -------- d-----w- c:\program files\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-08-08 13:11 . 2012-05-12 10:04 803328 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-08-08 13:11 . 2011-07-12 19:26 144896 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2010-08-10 19:44 . 2014-01-11 16:42 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2017-08-04 09:58 575448 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2017-08-04 09:58 575448 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2017-08-04 09:58 575448 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-08-21 15:22 1210312 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 00:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2017-05-05 27716568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-11 5296128]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 525360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-22 133656]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-04 768520]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-10 30192]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]
"snp325"="c:\windows\vsnp325.exe" [2006-10-10 827392]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2017-08-21 213832]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe 9999 [2008-4-19 535336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2588390014-3003545289-3532412750-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-04-14 10:42 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2017-08-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2588390014-3003545289-3532412750-1000Core.job
- c:\users\AutoCont\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-16 11:01]
.
2017-08-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2588390014-3003545289-3532412750-1000UA.job
- c:\users\AutoCont\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-16 11:01]
.
2015-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-26 12:09]
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 1.1.1.1 8.8.8.8
FF - ProfilePath - c:\users\AutoCont\AppData\Roaming\Mozilla\Firefox\Profiles\mi0bt6ry.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
HKCU-Run-BlazeServoTool - c:\program files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-4StoryPrePatch - f:\program files\Gameforge4D\4Story_CZ\PrePatch.exe
c:\users\AutoCont\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verbatim GREEN BUTTON.lnk - f:\verbatim green button\GREEN BUTTON.exe /a
SafeBoot-MBAMService
AddRemove-4Story_CZ_is1 - f:\program files\Gameforge4D\4Story_CZ\unins000.exe
AddRemove-Activation Assistant for the 2007 Microsoft Office suites - c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe
AddRemove-Verbatim GREEN BUTTON_is1 - f:\verbatim green button\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2017-09-01 23:29
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2588390014-3003545289-3532412750-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*,%p]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2588390014-3003545289-3532412750-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*,%p\OpenWithList]
@Class="Shell"
"a"="wmplayer.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2588390014-3003545289-3532412750-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*,%p\OpenWithProgids]
"TĘŰ_auto_file"=hex(0):
.
[HKEY_USERS\S-1-5-21-2588390014-3003545289-3532412750-1000_Classes\.*,%p]
@Allowed: (Read) (RestrictedCode)
@="TĘŰ_auto_file"
.
[HKEY_USERS\S-1-5-21-2588390014-3003545289-3532412750-1000_Classes\,%p_*a*u*t*o*_*f*i*l*e*\shell]
@="Play"
.
[HKEY_USERS\S-1-5-21-2588390014-3003545289-3532412750-1000_Classes\,%p_*a*u*t*o*_*f*i*l*e*\shell\open\command]
@=expand:"\"%ProgramFiles%\\Windows Media Player\\wmplayer.exe\" /Open \"%L\" "
.
[HKEY_USERS\S-1-5-21-2588390014-3003545289-3532412750-1000_Classes\,%p_*a*u*t*o*_*f*i*l*e*\shell\play]
@="&Play"
"MUIVerb"=expand:"@%SystemRoot%\\system32\\unregmp2.exe,-9991"
.
[HKEY_USERS\S-1-5-21-2588390014-3003545289-3532412750-1000_Classes\,%p_*a*u*t*o*_*f*i*l*e*\shell\play\command]
@=expand:"\"%ProgramFiles%\\Windows Media Player\\wmplayer.exe\" /Play \"%L\" "
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_26_0_0_151_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_26_0_0_151_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2017-09-01 23:33:46
ComboFix-quarantined-files.txt 2017-09-01 21:33
.
Před spuštěním: 4 254 986 240
Po spuštění: 4 123 275 264
.
- - End Of File - - 6346E9C986EF7C39F324965D04E3EFF0
A863475757CC50891AA8458C415E4B25



Reklama
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 36685
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 03 zář 2017 18:01

Takže v RK jsi dal všechno smazat?

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
File::
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2588390014-3003545289-3532412750-1000Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2588390014-3003545289-3532412750-1000UA.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

Folder::
c:\users\AutoCont\AppData\Local\Facebook\Update
c:\program files\Google\Update

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000000

RegLock::
[HKEY_USERS\S-1-5-21-2588390014-3003545289-3532412750-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*,%  p ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2588390014-3003545289-3532412750-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*,%  p \OpenWithList]
@Class="Shell"
"a"="wmplayer.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2588390014-3003545289-3532412750-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*,%  p \OpenWithProgids]
"TĘŰ_auto_file"=hex(0):
.
[HKEY_USERS\S-1-5-21-2588390014-3003545289-3532412750-1000_Classes\.*,%  p ]
@Allowed: (Read) (RestrictedCode)
@="TĘŰ_auto_file"
.
[HKEY_USERS\S-1-5-21-2588390014-3003545289-3532412750-1000_Classes\,%  p _*a*u*t*o*_*f*i*l*e*\shell]
@="Play"
.
[HKEY_USERS\S-1-5-21-2588390014-3003545289-3532412750-1000_Classes\,%  p _*a*u*t*o*_*f*i*l*e*\shell\open\command]
@=expand:"\"%ProgramFiles%\\Windows Media Player\\wmplayer.exe\" /Open \"%L\" "
.
[HKEY_USERS\S-1-5-21-2588390014-3003545289-3532412750-1000_Classes\,%  p _*a*u*t*o*_*f*i*l*e*\shell\play]
@="&Play"
"MUIVerb"=expand:"@%SystemRoot%\\system32\\unregmp2.exe,-9991"
.
[HKEY_USERS\S-1-5-21-2588390014-3003545289-3532412750-1000_Classes\,%  p _*a*u*t*o*_*f*i*l*e*\shell\play\command]
@=expand:"\"%ProgramFiles%\\Windows Media Player\\wmplayer.exe\" /Play \"%L\" "
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_26_0_0_151_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_26_0_0_151_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

FooDMasteR
Level 2.5
Level 2.5
Příspěvky: 268
Registrován: duben 11
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod FooDMasteR » 06 zář 2017 18:22

Ano dal jsem v RK všechno smazat.

ComboFix

ComboFix 17-09-01.01 - AutoCont 05.09.2017 23:15:03.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2037.300 [GMT 2:00]
Spuštěný z: c:\users\AutoCont\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\AutoCont\Desktop\CFScript.txt
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2588390014-3003545289-3532412750-1000Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2588390014-3003545289-3532412750-1000UA.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Update
c:\program files\Google\Update\1.3.33.5\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.33.5\googleearthuninstall.log
c:\program files\Google\Update\1.3.33.5\GoogleUpdate.exe
c:\program files\Google\Update\1.3.33.5\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.33.5\GoogleUpdateComRegisterShell64.exe
c:\program files\Google\Update\1.3.33.5\GoogleUpdateCore.exe
c:\program files\Google\Update\1.3.33.5\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.33.5\GoogleUpdateSetup.exe
c:\program files\Google\Update\1.3.33.5\GoogleUpdateWebPlugin.exe
c:\program files\Google\Update\1.3.33.5\goopdate.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_am.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_ar.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_bg.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_bn.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_ca.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_cs.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_da.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_de.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_el.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_en.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_es.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_et.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_fa.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_fi.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_fil.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_fr.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_gu.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_hi.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_hr.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_hu.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_id.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_is.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_it.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_iw.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_ja.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_kn.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_ko.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_lt.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_lv.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_ml.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_mr.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_ms.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_nl.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_no.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_pl.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_ro.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_ru.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_sk.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_sl.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_sr.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_sv.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_sw.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_ta.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_te.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_th.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_tr.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_uk.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_ur.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_vi.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.33.5\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.33.5\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.33.5\psmachine.dll
c:\program files\Google\Update\1.3.33.5\psmachine_64.dll
c:\program files\Google\Update\1.3.33.5\psuser.dll
c:\program files\Google\Update\1.3.33.5\psuser_64.dll
c:\program files\Google\Update\Download\{3C122445-AECE-4309-90B7-85A6AEF42AC0}\2.34.6425.2548\gsync.msi
c:\program files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.33.5\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{5D282E30-6F7B-4633-BC7A-78010391B612}\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{65E60E95-0DE9-43FF-9F3F-4F7D2DFF04B5}\7.3.0.3832\googleearth-win-pro-7.3.0.3832.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\users\AutoCont\AppData\Local\Facebook\Update
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\FacebookCrashHandler.exe
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdate.exe
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdateHelper.msi
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ar.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_bg.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_bn.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ca.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_cs.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_da.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_de.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_el.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_en-GB.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_en.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_es-419.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_es.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_et.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fa.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fi.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fil.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fr.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_gu.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hi.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hr.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hu.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_id.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_is.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_it.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_iw.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ja.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_kn.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ko.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_lt.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_lv.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ml.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_mr.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ms.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_nl.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_no.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_or.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pl.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pt-BR.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pt-PT.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ro.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ru.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sk.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sl.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sr.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sv.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ta.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_te.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_th.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_tr.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_uk.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ur.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_vi.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_zh-CN.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_zh-TW.dll
c:\users\AutoCont\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2017-08-05 do 2017-09-05 )))))))))))))))))))))))))))))))
.
.
2017-09-05 21:30 . 2017-09-05 21:34 -------- d-----w- c:\users\AutoCont\AppData\Local\temp
2017-08-31 20:52 . 2017-08-31 20:52 -------- dc----w- C:\$AV_ASW
2017-08-31 20:48 . 2017-09-01 22:10 -------- dc----w- C:\zoek_backup
2017-08-31 07:33 . 2017-08-26 06:49 84928 ----a-w- c:\windows\system32\drivers\aswHdsKe.sys
2017-08-28 13:12 . 2017-08-31 19:50 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-08-28 13:06 . 2017-08-28 14:33 -------- d-----w- c:\programdata\RogueKiller
2017-08-28 06:25 . 2017-08-28 06:25 -------- d-----w- c:\programdata\Sophos
2017-08-28 06:23 . 2017-08-28 06:23 -------- d-----w- c:\program files\Sophos
2017-08-26 06:48 . 2017-08-26 22:29 -------- dc----w- C:\AdwCleaner
2017-08-22 22:27 . 2017-08-22 22:27 -------- dc----w- C:\My PDF
2017-08-22 22:27 . 2017-08-22 22:27 -------- d-----w- c:\program files\Weeny Free Word to PDF Converter
2017-08-21 20:06 . 2013-11-12 10:53 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2017-08-21 17:16 . 2017-08-21 17:16 -------- d-----w- c:\users\Public\CyberLink
2017-08-21 17:15 . 2017-08-21 17:15 -------- d-----w- c:\users\AutoCont\Tracing
2017-08-21 17:12 . 2017-08-21 17:12 -------- d-----w- c:\program files\Common Files\Skype
2017-08-21 16:36 . 2017-08-21 15:22 303280 ----a-w- c:\windows\system32\aswBoot.exe
2017-08-21 16:13 . 2015-07-18 13:14 11616 ----a-w- c:\windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2017-08-21 15:59 . 2017-08-21 15:59 -------- d-----w- c:\windows\system32\config\systemprofile\{f871cebf-10d6-4121-aa88-b4d98fc12971}
2017-08-21 15:50 . 2017-08-21 15:50 -------- dc----w- C:\0b0ff799c201f75fe3cc72ff
2017-08-21 15:35 . 2017-08-21 15:35 39752 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2017-08-21 15:32 . 2017-08-21 15:32 -------- d-----w- c:\users\AutoCont\AppData\Local\CEF
2017-08-21 15:28 . 2017-08-21 15:25 202688 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2017-08-21 15:28 . 2017-08-21 15:25 496976 ----a-w- c:\windows\system32\drivers\aswSP.sys
2017-08-21 15:28 . 2017-08-21 15:25 296312 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2017-08-21 15:28 . 2017-08-21 17:44 123928 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2017-08-21 15:28 . 2017-08-21 15:25 70840 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2017-08-21 15:28 . 2017-08-21 15:25 42824 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2017-08-21 15:28 . 2017-08-21 17:44 774320 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2017-08-21 15:28 . 2017-08-21 15:25 70088 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2017-08-21 15:28 . 2017-08-21 15:19 50384 ----a-w- c:\windows\system32\drivers\aswbunivx.sys
2017-08-21 15:28 . 2017-08-21 15:19 276736 ----a-w- c:\windows\system32\drivers\aswblogx.sys
2017-08-21 15:28 . 2017-08-21 15:19 157416 ----a-w- c:\windows\system32\drivers\aswbidshx.sys
2017-08-21 15:28 . 2017-08-21 15:19 267008 ----a-w- c:\windows\system32\drivers\aswbidsdriverx.sys
2017-08-21 15:27 . 2017-08-21 15:23 921280 ----a-w- c:\windows\ucrtbase.dll
2017-08-21 15:12 . 2017-08-21 15:35 -------- d-----w- c:\program files\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-08-08 13:11 . 2012-05-12 10:04 803328 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-08-08 13:11 . 2011-07-12 19:26 144896 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2010-08-10 19:44 . 2014-01-11 16:42 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2017-08-04 09:58 575448 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2017-08-04 09:58 575448 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2017-08-04 09:58 575448 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-08-21 15:22 1210312 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 00:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2017-05-05 27716568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-11 5296128]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 525360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-22 133656]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-04 768520]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-10 30192]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]
"snp325"="c:\windows\vsnp325.exe" [2006-10-10 827392]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2017-08-21 213832]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe 9999 [2008-4-19 535336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2588390014-3003545289-3532412750-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-04-14 10:42 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.46.172.37 213.46.172.36
FF - ProfilePath - c:\users\AutoCont\AppData\Roaming\Mozilla\Firefox\Profiles\mi0bt6ry.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{e2803110-78b3-4664-a479-3611a381656a} - c:\programdata\Package Cache\{e2803110-78b3-4664-a479-3611a381656a}\VC_redist.x86.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2017-09-05 23:36
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2588390014-3003545289-3532412750-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*,%p]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2588390014-3003545289-3532412750-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*,%p\OpenWithList]
@Class="Shell"
"a"="wmplayer.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2588390014-3003545289-3532412750-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*,%p\OpenWithProgids]
"TĘŰ_auto_file"=hex(0):
.
[HKEY_USERS\S-1-5-21-2588390014-3003545289-3532412750-1000_Classes\.*,%p]
@Allowed: (Read) (RestrictedCode)
@="TĘŰ_auto_file"
.
[HKEY_USERS\S-1-5-21-2588390014-3003545289-3532412750-1000_Classes\,%p_*a*u*t*o*_*f*i*l*e*\shell]
@="Play"
.
[HKEY_USERS\S-1-5-21-2588390014-3003545289-3532412750-1000_Classes\,%p_*a*u*t*o*_*f*i*l*e*\shell\open\command]
@=expand:"\"%ProgramFiles%\\Windows Media Player\\wmplayer.exe\" /Open \"%L\" "
.
[HKEY_USERS\S-1-5-21-2588390014-3003545289-3532412750-1000_Classes\,%p_*a*u*t*o*_*f*i*l*e*\shell\play]
@="&Play"
"MUIVerb"=expand:"@%SystemRoot%\\system32\\unregmp2.exe,-9991"
.
[HKEY_USERS\S-1-5-21-2588390014-3003545289-3532412750-1000_Classes\,%p_*a*u*t*o*_*f*i*l*e*\shell\play\command]
@=expand:"\"%ProgramFiles%\\Windows Media Player\\wmplayer.exe\" /Play \"%L\" "
DUMPHIVE0.003 (REGF)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(620)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\agrsmsvc.exe
c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\windows\ehome\ehsched.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\AVAST Software\Avast\AvEmUpdate.exe
c:\windows\System32\wsqmcons.exe
.
**************************************************************************
.
Celkový čas: 2017-09-05 23:44:30 - počítač byl restartován
ComboFix-quarantined-files.txt 2017-09-05 21:43
ComboFix2.txt 2017-09-01 21:33
.
Před spuštěním: 3 935 150 080
Po spuštění: 3 681 759 232
.
- - End Of File - - E5C9D765293AE50C83E5688A669E743A
A863475757CC50891AA8458C415E4B25

aswMBR

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2017-09-06 17:42:38
-----------------------------
17:42:38.960 OS Version: Windows 6.0.6002 Service Pack 2
17:42:38.960 Number of processors: 2 586 0xF0D
17:42:38.960 ComputerName: AUTOCONT-PC UserName: AutoCont
17:43:33.997 Initialize success
17:43:33.997 VM: initialized successfully
17:43:33.997 VM: Intel CPU virtualization not supported
17:43:43.591 AVAST engine defs: 17090602
17:43:54.620 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
17:43:54.636 Disk 0 Vendor: Hitachi_HTS542516K9SA00 BBCOC31P Size: 152627MB BusType: 3
17:43:55.119 Disk 0 MBR read successfully
17:43:55.119 Disk 0 MBR scan
17:43:55.119 Disk 0 unknown MBR code
17:44:04.074 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 11993 MB offset 63
17:44:04.089 Disk 0 Partition 2 80 (A) 06 FAT16 NTFS 70424 MB offset 24563712
17:44:04.121 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 70208 MB offset 168792064
17:44:04.136 Disk 0 scanning sectors +312578048
17:44:04.604 Disk 0 scanning C:\Windows\system32\drivers
17:44:42.497 Service scanning
17:45:32.214 Modules scanning
17:45:32.229 Disk 0 trace - called modules:
17:45:32.276 ntkrnlpa.exe CLASSPNP.SYS disk.sys aswSP.sys acpi.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys ndis.sys athr.sys tcpip.sys NETIO.SYS dxgkrnl.sys igdkmd32.sys
17:45:32.307 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8655d968]
17:45:32.323 3 aswSP.sys[8e76d3e3] -> nt!IofCallDriver -> [0x85e6e860]
17:45:32.339 5 acpi.sys[836996bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x85e778a0]
17:45:34.133 AVAST engine scan C:\Windows
17:45:45.739 AVAST engine scan C:\Windows\system32
17:50:43.964 AVAST engine scan C:\Windows\system32\drivers
17:51:19.173 AVAST engine scan C:\Users\AutoCont
18:05:47.516 AVAST engine scan C:\ProgramData
18:10:25.212 Disk 0 statistics 2445617/0/0 @ 0,93 MB/s
18:10:25.212 Scan finished successfully
18:12:20.043 Disk 0 MBR has been saved successfully to "C:\Users\AutoCont\Desktop\MBR.dat"
18:12:20.043 The log file has been saved successfully to "C:\Users\AutoCont\Desktop\aswMBR.txt"

HijackThis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:16:29, on 6.9.2017
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16800)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\AutoCont\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\FixCamera.exe
C:\Windows\vsnp325.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\AutoCont\Desktop\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe
O4 - HKLM\..\Run: [snp325] C:\Windows\vsnp325.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8082 bytes

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 36685
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 06 zář 2017 19:45

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt

Co problémy?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

FooDMasteR
Level 2.5
Level 2.5
Příspěvky: 268
Registrován: duben 11
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod FooDMasteR » 09 zář 2017 08:33

Moc vám děkuji za pomoc. Problém žádný už není. Často se stávalo že proces swchost.exe sežral celou paměť (mám jen 2GB), tak jsem podle nějakého návodu doinstaloval KB3216775 a vypnul Windows Update. Zatím je to v pořádku. Podle toho co jsem četl na www.microsoft.com už pro Windows Vista žádné aktualizace nebudou.

DelFix

# DelFix v1.013 - Logfile created 08/09/2017 at 23:50:55
# Updated 17/04/2016 by Xplode
# Username : AutoCont - AUTOCONT-PC
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : C:\zoek-results.log
Deleted : C:\zoek-results2017-08-31-205200.log
Deleted : C:\Users\AutoCont\Desktop\AdwCleaner.exe
Deleted : C:\Users\AutoCont\Desktop\JRT.exe
Deleted : C:\Users\AutoCont\Desktop\hijackthis.exe
Deleted : C:\Users\AutoCont\Desktop\hijackthis.log
Deleted : C:\Users\AutoCont\Desktop\MBR.dat
Deleted : C:\Users\AutoCont\Desktop\roguekiller.txt
Deleted : C:\Users\AutoCont\Desktop\roguekiller2.txt
Deleted : C:\Users\AutoCont\Desktop\RogueKiller_portable32.exe
Deleted : C:\Users\AutoCont\Desktop\TFC.exe
Deleted : C:\Users\AutoCont\Desktop\zoek.exe
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Cleaning system restore ...

Deleted : RP #1719 [JRT Pre-Junkware Removal | 08/26/2017 22:43:38]
Deleted : RP #1720 [Installed Sophos Virus Removal Tool. | 08/28/2017 06:15:30]
Deleted : RP #1721 [zoek.exe restore point | 08/31/2017 20:50:30]

New restore point created !

########## - EOF - ##########

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 36685
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu logu  Vyřešeno

Příspěvekod jaro3 » 09 zář 2017 09:50

Pro visty už aktualizace nejsou.

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: CommonCrawl [Bot] a 1 host