Prosím o kontrolu logu
Napsal: 19 pro 2017 11:25
Dobrý den,
prosím o kontolu mého NTB.
Nevykazuje žádné viditelné problémy, ale chtěl bych ho projet preventivně. (ukázalo se, že to asi bude potřeba
Zatím jsem udělal prvních pár kroků - HJT, ATF Cleaner, TFC, AdwCleaner a Malwarebytes - viz níže:
Logfile of Trend Micro HijackThisv2.0.4
Scan saved at 16:56:13, on 18.12.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\dxconfig.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\Hewlett-Packard\HP Hotkey Support\QLBController.exe
C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE
C:\Program Files\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
C:\Users\kutik\Downloads\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp ... 4GLHSP42KX
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.cz/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp ... 4GLHSP42KX
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?typ ... HSP42KX&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?typ ... HSP42KX&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp ... 4GLHSP42KX
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: (no name) - {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} - (no file)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll
O4 - HKLM\..\Run: [FreePDF Assistant] "C:\Program Files\FreePDF_XP\fpassist.exe"
O4 - HKLM\..\Run: [HPConnectionManager] C:\Program Files\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
O4 - HKLM\..\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Baglantili &Notlari - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Baglantili &Notlari - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BAUMAX.com
O17 - HKLM\Software\..\Telephony: DomainName = BAUMAX.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = BAUMAX.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = BAUMAX.com
O18 - Protocol: WSISVCUchrome - {78A543EB-3A61-4ED3 - (no file)
O18 - Protocol: WSKVAllmytubechrome - (no CLSID) - (no file)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Unknown owner - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (file missing)
O23 - Service: DameWare Mini Remote Control (dwmrcs) - SolarWinds - C:\Windows\dwrcs\dwrcs.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Connection Manager 4 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - C:\Program Files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Microsoft DirectX Configuration Service - Unknown owner - C:\Windows\system32\dxconfig.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SMS Task Sequence Agent (smstsmgr) - Unknown owner - C:\Windows\system32\CCM\TSManager.exe
O23 - Service: @%SystemRoot%\system32\stlang.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
O23 - Service: TeamViewer 13 (TeamViewer) - TeamViewer GmbH - C:\DOKUMENTY_KUTIK\PF\Teamwiever\TeamViewer_Service.exe
O23 - Service: Therefore™ Conversion Service (TheConversionServer) - Therefore Corporation - C:\Program Files\Therefore\TheConversionServer.exe
O23 - Service: Therefore™ Installer Service (TheInstaller) - Therefore Corporation - C:\Program Files\Therefore\TheInstaller.exe
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Broadcom Corporation - C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
--
End of file - 8765 bytes
---------------------------------------------------------
ATF Cleaner= hotovo
---------------------------------------------------------
TFC = hotovo
--------------------------------------------------
AdwCleaner = hotovo
# AdwCleaner 7.0.5.0 - Logfile created on Mon Dec 18 16:19:24 2017
# Updated on 2017/29/11 by Malwarebytes
# Database: 12-15-2017.1
# Running on Windows 7 Enterprise (X86)
# Mode: scan
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
PUP.Optional.Legacy, C:\ProgramData\MailUpdate
PUP.Optional.Legacy, C:\ProgramData\Application Data\MailUpdate
PUP.Optional.Legacy, C:\Users\All Users\MailUpdate
PUP.Optional.Legacy, C:\Users\kutik\AppData\Roaming\MailUpdate
PUP.Optional.Legacy, C:\ProgramData\trusted publisher
PUP.Optional.Legacy, C:\ProgramData\Application Data\trusted publisher
PUP.Optional.Legacy, C:\Users\All Users\trusted publisher
PUP.Optional.Legacy, C:\Users\kutik\AppData\Local\DriverToolkit
PUP.Optional.Legacy, C:\Users\Administrator\AppData\Local\torch
PUP.Optional.Legacy, C:\Users\kutik\AppData\Local\torch
PUP.Optional.Legacy, C:\ProgramData\Trusted Publisher
PUP.Optional.Legacy, C:\ProgramData\Application Data\Trusted Publisher
PUP.Optional.Legacy, C:\Users\All Users\Trusted Publisher
PUP.Optional.Legacy, C:\ProgramData\54F3DE4E-B7BA-4EBD-8B3B-385D272CC583
PUP.Optional.Legacy, C:\ProgramData\Application Data\54F3DE4E-B7BA-4EBD-8B3B-385D272CC583
PUP.Optional.Legacy, C:\Users\All Users\54F3DE4E-B7BA-4EBD-8B3B-385D272CC583
PUP.Optional.Chromatic, C:\Users\Administrator\AppData\Local\Chromatic Browser
PUP.Optional.Chromatic, C:\Users\kutik\AppData\Local\Chromatic Browser
PUP.Optional.SupTab, C:\Program Files\SupTab
PUP.Optional.EZDownloader, C:\Users\kutik\AppData\Roaming\EZDownloader
PUP.Optional.IEPluginServices, C:\ProgramData\IePluginServices
PUP.Optional.IEPluginServices, C:\ProgramData\Application Data\IePluginServices
PUP.Optional.IEPluginServices, C:\Users\All Users\IePluginServices
PUP.Optional.MultiPlug, C:\ProgramData\adblocker
PUP.Optional.MultiPlug, C:\ProgramData\Application Data\adblocker
PUP.Optional.MultiPlug, C:\Users\All Users\adblocker
PUP.Adware.Heuristic, C:\ProgramData\1ab0a4847f6b4312
***** [ Files ] *****
PUP.Optional.Legacy, C:\Users\kutik\AppData\Roaming\LiveSupport.exe_log.txt
PUP.Optional.Legacy, C:\Users\kutik\AppData\Roaming\regsvr32.exe_log.txt
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
PUP.Optional.Legacy, DRIVERTOOLKIT AUTORUN
PUP.Adware.Heuristic, At1
***** [ Registry ] *****
PUP.Optional.PCOptimizerPro, [Key] - HKU\S-1-5-21-3289980385-2872688556-2806904064-1001\Software\Optimizer Pro
PUP.Optional.PCOptimizerPro, [Key] - HKCU\Software\Optimizer Pro
PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Default_Page_URL [http:\\istart.webssearches.com\?type=hp&ts=1408643051&from=wpc&uid=HitachiXHTS725050A9A364_110620PCK404GLHSP42KX]
PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Default_Page_URL [http:\\istart.webssearches.com\?type=hp&ts=1408643051&from=wpc&uid=HitachiXHTS725050A9A364_110620PCK404GLHSP42KX]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Default_Search_URL [http:\\istart.webssearches.com\web\?type=ds&ts=1408643051&from=wpc&uid=HitachiXHTS725050A9A364_110620PCK404GLHSP42KX&q={searchTerms}]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Default_Search_URL [http:\\istart.webssearches.com\web\?type=ds&ts=1408643051&from=wpc&uid=HitachiXHTS725050A9A364_110620PCK404GLHSP42KX&q={searchTerms}]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Default_Page_URL [http:\\istart.webssearches.com\?type=hp&ts=1408643051&from=wpc&uid=HitachiXHTS725050A9A364_110620PCK404GLHSP42KX]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Default_Page_URL [http:\\istart.webssearches.com\?type=hp&ts=1408643051&from=wpc&uid=HitachiXHTS725050A9A364_110620PCK404GLHSP42KX]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Start Page [http:\\istart.webssearches.com\?type=hp&ts=1408643051&from=wpc&uid=HitachiXHTS725050A9A364_110620PCK404GLHSP42KX]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Start Page [http:\\istart.webssearches.com\?type=hp&ts=1408643051&from=wpc&uid=HitachiXHTS725050A9A364_110620PCK404GLHSP42KX]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Search Page [http:\\istart.webssearches.com\web\?type=ds&ts=1408643051&from=wpc&uid=HitachiXHTS725050A9A364_110620PCK404GLHSP42KX&q={searchTerms}]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Search Page [http:\\istart.webssearches.com\web\?type=ds&ts=1408643051&from=wpc&uid=HitachiXHTS725050A9A364_110620PCK404GLHSP42KX&q={searchTerms}]
PUP.Optional.Legacy, [Value] - HKCU\Software\Microsoft\Internet Explorer\SearchScopes | DoNotAskAgain
PUP.Optional.Legacy, [Value] - HKU\S-1-5-21-3289980385-2872688556-2806904064-1001\Software\Microsoft\Internet Explorer\SearchScopes | DoNotAskAgain
PUP.Optional.Legacy, [Value] - HKU\S-1-5-21-3289980385-2872688556-2806904064-1001\Software\Microsoft\Internet Explorer\SearchScopes | DoNotAskAgain
PUP.Optional.Legacy, [Key] - HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
PUP.Optional.Legacy, [Key] - HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-3289980385-2872688556-2806904064-1001\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
PUP.Optional.Legacy, [Key] - HKU\S-1-5-18\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
PUP.Optional.Legacy, [Key] - HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\webssearchesSoftware
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\SUPDP
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-3289980385-2872688556-2806904064-1001\Software\DriverToolkit
PUP.Optional.Legacy, [Key] - HKCU\Software\DriverToolkit
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FDB962F0-B5B8-9460-D12F-7966E97BAA43}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\SupDp
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
PUP.Optional.SupTab, [Key] - HKLM\SOFTWARE\SupTab
PUP.Optional.IEPluginServices, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
PUP.Optional.IEPluginServices, [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
PUP.Optional.IEPluginServices, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
PUP.Optional.MultiPlug, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}
PUP.Optional.MultiPlug, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}
PUP.Optional.WebSearches.ShrtCln, [Key] - HKU\S-1-5-21-3289980385-2872688556-2806904064-1001\Software\SupHpUISoft
PUP.Optional.WebSearches.ShrtCln, [Key] - HKCU\Software\SupHpUISoft
PUP.Adware.Heuristic, [Key] - HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries.
*************************
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########
-----------------------------------------------------------------------------------------
prosím o kontolu mého NTB.
Nevykazuje žádné viditelné problémy, ale chtěl bych ho projet preventivně. (ukázalo se, že to asi bude potřeba
Zatím jsem udělal prvních pár kroků - HJT, ATF Cleaner, TFC, AdwCleaner a Malwarebytes - viz níže:
Logfile of Trend Micro HijackThisv2.0.4
Scan saved at 16:56:13, on 18.12.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\dxconfig.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\Hewlett-Packard\HP Hotkey Support\QLBController.exe
C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE
C:\Program Files\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
C:\Users\kutik\Downloads\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp ... 4GLHSP42KX
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.cz/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp ... 4GLHSP42KX
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?typ ... HSP42KX&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?typ ... HSP42KX&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp ... 4GLHSP42KX
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: (no name) - {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} - (no file)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll
O4 - HKLM\..\Run: [FreePDF Assistant] "C:\Program Files\FreePDF_XP\fpassist.exe"
O4 - HKLM\..\Run: [HPConnectionManager] C:\Program Files\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
O4 - HKLM\..\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Baglantili &Notlari - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Baglantili &Notlari - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BAUMAX.com
O17 - HKLM\Software\..\Telephony: DomainName = BAUMAX.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = BAUMAX.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = BAUMAX.com
O18 - Protocol: WSISVCUchrome - {78A543EB-3A61-4ED3 - (no file)
O18 - Protocol: WSKVAllmytubechrome - (no CLSID) - (no file)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Unknown owner - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (file missing)
O23 - Service: DameWare Mini Remote Control (dwmrcs) - SolarWinds - C:\Windows\dwrcs\dwrcs.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Connection Manager 4 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - C:\Program Files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Microsoft DirectX Configuration Service - Unknown owner - C:\Windows\system32\dxconfig.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SMS Task Sequence Agent (smstsmgr) - Unknown owner - C:\Windows\system32\CCM\TSManager.exe
O23 - Service: @%SystemRoot%\system32\stlang.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
O23 - Service: TeamViewer 13 (TeamViewer) - TeamViewer GmbH - C:\DOKUMENTY_KUTIK\PF\Teamwiever\TeamViewer_Service.exe
O23 - Service: Therefore™ Conversion Service (TheConversionServer) - Therefore Corporation - C:\Program Files\Therefore\TheConversionServer.exe
O23 - Service: Therefore™ Installer Service (TheInstaller) - Therefore Corporation - C:\Program Files\Therefore\TheInstaller.exe
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Broadcom Corporation - C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
--
End of file - 8765 bytes
---------------------------------------------------------
ATF Cleaner= hotovo
---------------------------------------------------------
TFC = hotovo
--------------------------------------------------
AdwCleaner = hotovo
# AdwCleaner 7.0.5.0 - Logfile created on Mon Dec 18 16:19:24 2017
# Updated on 2017/29/11 by Malwarebytes
# Database: 12-15-2017.1
# Running on Windows 7 Enterprise (X86)
# Mode: scan
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
PUP.Optional.Legacy, C:\ProgramData\MailUpdate
PUP.Optional.Legacy, C:\ProgramData\Application Data\MailUpdate
PUP.Optional.Legacy, C:\Users\All Users\MailUpdate
PUP.Optional.Legacy, C:\Users\kutik\AppData\Roaming\MailUpdate
PUP.Optional.Legacy, C:\ProgramData\trusted publisher
PUP.Optional.Legacy, C:\ProgramData\Application Data\trusted publisher
PUP.Optional.Legacy, C:\Users\All Users\trusted publisher
PUP.Optional.Legacy, C:\Users\kutik\AppData\Local\DriverToolkit
PUP.Optional.Legacy, C:\Users\Administrator\AppData\Local\torch
PUP.Optional.Legacy, C:\Users\kutik\AppData\Local\torch
PUP.Optional.Legacy, C:\ProgramData\Trusted Publisher
PUP.Optional.Legacy, C:\ProgramData\Application Data\Trusted Publisher
PUP.Optional.Legacy, C:\Users\All Users\Trusted Publisher
PUP.Optional.Legacy, C:\ProgramData\54F3DE4E-B7BA-4EBD-8B3B-385D272CC583
PUP.Optional.Legacy, C:\ProgramData\Application Data\54F3DE4E-B7BA-4EBD-8B3B-385D272CC583
PUP.Optional.Legacy, C:\Users\All Users\54F3DE4E-B7BA-4EBD-8B3B-385D272CC583
PUP.Optional.Chromatic, C:\Users\Administrator\AppData\Local\Chromatic Browser
PUP.Optional.Chromatic, C:\Users\kutik\AppData\Local\Chromatic Browser
PUP.Optional.SupTab, C:\Program Files\SupTab
PUP.Optional.EZDownloader, C:\Users\kutik\AppData\Roaming\EZDownloader
PUP.Optional.IEPluginServices, C:\ProgramData\IePluginServices
PUP.Optional.IEPluginServices, C:\ProgramData\Application Data\IePluginServices
PUP.Optional.IEPluginServices, C:\Users\All Users\IePluginServices
PUP.Optional.MultiPlug, C:\ProgramData\adblocker
PUP.Optional.MultiPlug, C:\ProgramData\Application Data\adblocker
PUP.Optional.MultiPlug, C:\Users\All Users\adblocker
PUP.Adware.Heuristic, C:\ProgramData\1ab0a4847f6b4312
***** [ Files ] *****
PUP.Optional.Legacy, C:\Users\kutik\AppData\Roaming\LiveSupport.exe_log.txt
PUP.Optional.Legacy, C:\Users\kutik\AppData\Roaming\regsvr32.exe_log.txt
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
PUP.Optional.Legacy, DRIVERTOOLKIT AUTORUN
PUP.Adware.Heuristic, At1
***** [ Registry ] *****
PUP.Optional.PCOptimizerPro, [Key] - HKU\S-1-5-21-3289980385-2872688556-2806904064-1001\Software\Optimizer Pro
PUP.Optional.PCOptimizerPro, [Key] - HKCU\Software\Optimizer Pro
PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Default_Page_URL [http:\\istart.webssearches.com\?type=hp&ts=1408643051&from=wpc&uid=HitachiXHTS725050A9A364_110620PCK404GLHSP42KX]
PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Default_Page_URL [http:\\istart.webssearches.com\?type=hp&ts=1408643051&from=wpc&uid=HitachiXHTS725050A9A364_110620PCK404GLHSP42KX]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Default_Search_URL [http:\\istart.webssearches.com\web\?type=ds&ts=1408643051&from=wpc&uid=HitachiXHTS725050A9A364_110620PCK404GLHSP42KX&q={searchTerms}]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Default_Search_URL [http:\\istart.webssearches.com\web\?type=ds&ts=1408643051&from=wpc&uid=HitachiXHTS725050A9A364_110620PCK404GLHSP42KX&q={searchTerms}]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Default_Page_URL [http:\\istart.webssearches.com\?type=hp&ts=1408643051&from=wpc&uid=HitachiXHTS725050A9A364_110620PCK404GLHSP42KX]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Default_Page_URL [http:\\istart.webssearches.com\?type=hp&ts=1408643051&from=wpc&uid=HitachiXHTS725050A9A364_110620PCK404GLHSP42KX]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Start Page [http:\\istart.webssearches.com\?type=hp&ts=1408643051&from=wpc&uid=HitachiXHTS725050A9A364_110620PCK404GLHSP42KX]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Start Page [http:\\istart.webssearches.com\?type=hp&ts=1408643051&from=wpc&uid=HitachiXHTS725050A9A364_110620PCK404GLHSP42KX]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Search Page [http:\\istart.webssearches.com\web\?type=ds&ts=1408643051&from=wpc&uid=HitachiXHTS725050A9A364_110620PCK404GLHSP42KX&q={searchTerms}]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Search Page [http:\\istart.webssearches.com\web\?type=ds&ts=1408643051&from=wpc&uid=HitachiXHTS725050A9A364_110620PCK404GLHSP42KX&q={searchTerms}]
PUP.Optional.Legacy, [Value] - HKCU\Software\Microsoft\Internet Explorer\SearchScopes | DoNotAskAgain
PUP.Optional.Legacy, [Value] - HKU\S-1-5-21-3289980385-2872688556-2806904064-1001\Software\Microsoft\Internet Explorer\SearchScopes | DoNotAskAgain
PUP.Optional.Legacy, [Value] - HKU\S-1-5-21-3289980385-2872688556-2806904064-1001\Software\Microsoft\Internet Explorer\SearchScopes | DoNotAskAgain
PUP.Optional.Legacy, [Key] - HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
PUP.Optional.Legacy, [Key] - HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-3289980385-2872688556-2806904064-1001\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
PUP.Optional.Legacy, [Key] - HKU\S-1-5-18\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
PUP.Optional.Legacy, [Key] - HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\webssearchesSoftware
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\SUPDP
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-3289980385-2872688556-2806904064-1001\Software\DriverToolkit
PUP.Optional.Legacy, [Key] - HKCU\Software\DriverToolkit
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FDB962F0-B5B8-9460-D12F-7966E97BAA43}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\SupDp
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
PUP.Optional.SupTab, [Key] - HKLM\SOFTWARE\SupTab
PUP.Optional.IEPluginServices, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
PUP.Optional.IEPluginServices, [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
PUP.Optional.IEPluginServices, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
PUP.Optional.MultiPlug, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}
PUP.Optional.MultiPlug, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}
PUP.Optional.WebSearches.ShrtCln, [Key] - HKU\S-1-5-21-3289980385-2872688556-2806904064-1001\Software\SupHpUISoft
PUP.Optional.WebSearches.ShrtCln, [Key] - HKCU\Software\SupHpUISoft
PUP.Adware.Heuristic, [Key] - HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries.
*************************
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########
-----------------------------------------------------------------------------------------