Kontrola logu Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: memphisto, Mods_senior, Security team

Jaros
Level 2
Level 2
Příspěvky: 216
Registrován: květen 09
Pohlaví: Muž

Kontrola logu

Příspěvekod Jaros » 14 črc 2017 08:10

Zdravím,

prosím o kontrolu logu. Notebook zamrzá, pomalejší odezvy.

Log z HJT:

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 8:06:41, on 14.7.2017
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16800)

FIREFOX: 3.6.18 (cs)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\System32\rundll32.exe
C:\Windows\PLFSetI.exe
C:\Users\Pavel_2\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Windows\System32\qttask.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Users\Pavel_2\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\wuauclt.exe
C:\Users\Pavel_2\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_6930g
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_6930g
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_6930g
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Windows\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvLaunch.exe" /gui
O4 - HKLM\..\Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Pavel_2\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Pavel_2\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Acer VCM.lnk = ?
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - Invalid registry found
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\Alwil Software\Avast5\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10483 bytes

Log z MBAM:

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 14.7.2017
Čas skenování: 6:36:50
Protokol: log mbam.txt
Správce: Ano

Verze: 2.01.4.1018
Databáze malwaru: v2017.07.14.01
Databáze rootkitů: v2017.05.27.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows Vista Service Pack 2
CPU: x86
Souborový systém: NTFS
Uživatel: Pavel_2

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 77745
Uplynulý čas: 35 min, 14 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 10
PUP.Optional.Babylon, HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Do karantény, [c1689accf4b5d1652b91c881be446997],
PUP.Optional.SpeedAnalysis, HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{18DBB6CE-3148-4FEC-B481-103CB3290427}, Do karantény, [50d96afc456467cf1b24133bd82aef11],
PUP.Optional.Dealio, HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}, Do karantény, [3eeb422439702313b4c1b09a08fa8878],
PUP.Optional.Dealio, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}, Do karantény, [3eeb422439702313b4c1b09a08fa8878],
PUP.Optional.Dealio, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}, Do karantény, [3eeb422439702313b4c1b09a08fa8878],
PUP.Optional.ICQToolbar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXPLORER BARS\{855F3B16-6D32-4fe6-8A56-BBB695989046}, Do karantény, [cc5d4c1aadfc6acc4ffc55f6cf33a35d],
PUP.Optional.ICQToolbar, HKLM\SOFTWARE\CLASSES\ICQToolBar.IEHook, Do karantény, [cc5d4c1aadfc6acc4ffc55f6cf33a35d],
PUP.Optional.ICQToolbar, HKLM\SOFTWARE\CLASSES\ICQToolBar.IEHook.1, Do karantény, [cc5d4c1aadfc6acc4ffc55f6cf33a35d],
PUP.Optional.ASK, HKLM\SOFTWARE\CLASSES\GenericAskToolbar.ToolbarWnd, Do karantény, [3decd690d7d288ae3b2bb16e5ca411ef],
PUP.Optional.ASK, HKLM\SOFTWARE\CLASSES\GenericAskToolbar.ToolbarWnd.1, Do karantény, [d8514b1b92171c1a8cdaea351fe130d0],

Hodnoty registru: 12
PUP.Optional.Dealio, HKU\S-1-5-21-2689332252-1931905943-1140053980-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}, Do karantény, [3eeb422439702313b4c1b09a08fa8878],
PUP.Optional.Dealio, HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}, Do karantény, [3eeb422439702313b4c1b09a08fa8878],
PUP.Optional.Dealio, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}, Dealio Toolbar, Do karantény, [3eeb422439702313b4c1b09a08fa8878]
PUP.Optional.ICQToolbar, HKU\S-1-5-21-2689332252-1931905943-1140053980-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{855F3B16-6D32-4FE6-8A56-BBB695989046}, Do karantény, [cc5d4c1aadfc6acc4ffc55f6cf33a35d],
PUP.Optional.ICQToolbar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{855F3B16-6D32-4FE6-8A56-BBB695989046}, ICQToolBar, Do karantény, [cc5d4c1aadfc6acc4ffc55f6cf33a35d]
PUP.Optional.Dealio, HKU\S-1-5-21-2689332252-1931905943-1140053980-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}, Do karantény, [a8816bfbb6f3181eef8692b8fb07f808],
PUP.Optional.ICQToolbar, HKU\S-1-5-21-2689332252-1931905943-1140053980-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{855F3B16-6D32-4fe6-8A56-BBB695989046}, Do karantény, [60c94125951493a35bf088c3af53ba46],
PUP.Optional.Dealio, HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}, Do karantény, [06233f27337660d6403576d448ba748c],
PUP.Optional.ASK, HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{00000000-6E41-4FD3-8538-502F5495E5FC}, Do karantény, [ae7be086cbde0f27f4a864d8b749a957],
PUP.Optional.ASK, HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{00000000-6E41-4FD3-8538-502F5495E5FC}, Do karantény, [ae7be086cbde0f27f4a864d8b749a957],
PUP.Optional.ICQToolbar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{855F3B16-6D32-4fe6-8A56-BBB695989046}, Do karantény, [69c0e58198118aaca1aa19329270669a],
PUP.Optional.Dealio, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}, Do karantény, [b970c79f6f3ae254047154f62bd79967],

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 1
PUP.Optional.Solvusoft, C:\Users\Pavel_2\Downloads\Setup_DriverDoc_2016.exe, Do karantény, [ec3d9cca347580b6987c3709d22e40c0],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)



Reklama
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 37130
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Kontrola logu

Příspěvekod jaro3 » 14 črc 2017 09:34

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
http://www.geekstogo.com/forum/files/fi ... -oldtimer/
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode
http://www.bleepingcomputer.com/download/adwcleaner/
http://www.adlice.com/downloadprogress/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Scan“
Po skenu klikni na „Logfile“ ,objeví se okno „Log Manager“ a pak poklepej na odpovídající log , který se otevře. ( jinak je uložen systémovem disku jako C:\AdwCleaner [C?].txt ), jeho obsah sem celý vlož.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Jaros
Level 2
Level 2
Příspěvky: 216
Registrován: květen 09
Pohlaví: Muž

Re: Kontrola logu

Příspěvekod Jaros » 14 črc 2017 12:09

Log:

# AdwCleaner v6.047 - Log vytvořen 14/07/2017 v 10:41:10
# Aktualizováno dne 19/05/2017 z Malwarebytes
# Databáze : 2017-07-13.1 [Server]
# Operační systém : Windows Vista (TM) Home Premium Service Pack 2 (X86)
# Uživatelské jméno : Pavel_2 - PAVEL-PC
# Spuštěno z : C:\Users\Pavel_2\Desktop\adwcleaner_6.047.exe
# Mod: Skenování
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****

Služba nalezena: ICQ Service
Služba nalezena: icq service


***** [ Složky ] *****

Složka nalezena: C:\Users\Pavel\AppData\Local\VirtualStore\Program Files\Convesoft
Složka nalezena: C:\Users\Pavel\AppData\LocalLow\Dealio
Složka nalezena: C:\Users\Pavel\AppData\LocalLow\Search Settings
Složka nalezena: C:\Users\Pavel_2\AppData\Local\Video Converter
Složka nalezena: C:\Users\Pavel_2\AppData\Local\VirtualStore\Program Files\Convesoft
Složka nalezena: C:\Users\Pavel_2\AppData\LocalLow\AskToolbar
Složka nalezena: C:\Users\Pavel_2\AppData\LocalLow\Dealio
Složka nalezena: C:\Users\Pavel_2\AppData\LocalLow\Search Settings
Složka nalezena: C:\Users\Pavel_2\AppData\Roaming\Babylon
Složka nalezena: C:\Users\Pavel_2\AppData\Roaming\PerformerSoft
Složka nalezena: C:\Users\Pavel_2\AppData\Roaming\SpeedAnalysis2
Složka nalezena: C:\Users\Pavel_2\AppData\Roaming\zulagames
Složka nalezena: C:\Users\Pavel_2\AppData\Roaming\Performersoft
Složka nalezena: C:\ProgramData\apn
Složka nalezena: C:\ProgramData\Ask
Složka nalezena: C:\ProgramData\Babylon
Složka nalezena: C:\ProgramData\IBUpdaterService
Složka nalezena: C:\ProgramData\ICQ\ICQToolbar
Složka nalezena: C:\ProgramData\VideoConverter
Složka nalezena: C:\ProgramData\ICQ\ICQNewTab
Složka nalezena: C:\ProgramData\Application Data\apn
Složka nalezena: C:\ProgramData\Application Data\Ask
Složka nalezena: C:\ProgramData\Application Data\Babylon
Složka nalezena: C:\ProgramData\Application Data\IBUpdaterService
Složka nalezena: C:\ProgramData\Application Data\ICQ\ICQToolbar
Složka nalezena: C:\ProgramData\Application Data\VideoConverter
Složka nalezena: C:\ProgramData\Application Data\ICQ\ICQNewTab
Složka nalezena: C:\Program Files\Application Updater
Složka nalezena: C:\Program Files\Dealio Toolbar
Složka nalezena: C:\Program Files\ICQ6Toolbar
Složka nalezena: C:\Program Files\Common Files\Spigot
Složka nalezena: C:\Windows\system32\config\systemprofile\AppData\Roaming\Solvusoft
Složka nalezena: C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\cfhwo8rt.default\extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}
Složka nalezena: C:\Users\Pavel_2\AppData\Roaming\Mozilla\Firefox\Profiles\n8xkgxkm.default\extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}
Složka nalezena: C:\Users\Pavel_2\AppData\Roaming\Mozilla\Firefox\Profiles\n8xkgxkm.default\extensions\zulagames@ZulaGames.com


***** [ Soubory ] *****

Soubor nalezen: C:\Users\Pavel_2\AppData\Roaming\speedanalysis.ico
Soubor nalezen: C:\Users\Pavel_2\AppData\Roaming\Mozilla\Firefox\Profiles\n8xkgxkm.default\searchplugins\Askcom.xml


***** [ DLL ] *****

Nebyly nalezeny žádné škodlivé DLL.


***** [ WMI ] *****

Nebyly nalezeny žádné škodlivé klíče.


***** [ Zástupci ] *****

Žádný infikovaný zástupce nenalezen.


***** [ Naplánované úlohy ] *****

Žádná nebezpečná úloha nenalezena.


***** [ Registry ] *****

Klíč nalezen: HKLM\SOFTWARE\Classes\Prod.cap
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\{937936AF-28CA-4973-B8AE-F250406149A2}
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Klíč nalezen: HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Klíč nalezen: HKLM\SOFTWARE\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}
Klíč nalezen: HKLM\SOFTWARE\Classes\TypeLib\{E716F183-5AD7-11DC-9670-00508DC0D496}
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Klíč nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Klíč nalezen: HKU\.DEFAULT\Software\AskPartnerNetwork
Klíč nalezen: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\Convesoft
Klíč nalezen: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\Dealio
Klíč nalezen: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\filescout
Klíč nalezen: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\Search Settings
Klíč nalezen: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\USyndication
Klíč nalezen: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\usyndication.com
Klíč nalezen: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\AppDataLow\Software\AskToolbar
Klíč nalezen: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\AppDataLow\Software\Dealio
Klíč nalezen: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\AppDataLow\Software\Search Settings
Klíč nalezen: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Klíč nalezen: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{7ABD4437-12A5-4644-A954-F83B3FBE7FBF}
Klíč nalezen: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Klíč nalezen: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\APN PIP
Klíč nalezen: HKU\S-1-5-18\Software\AskPartnerNetwork
Klíč nalezen: HKCU\Software\Convesoft
Klíč nalezen: HKCU\Software\Dealio
Klíč nalezen: HKCU\Software\filescout
Klíč nalezen: HKCU\Software\Search Settings
Klíč nalezen: HKCU\Software\USyndication
Klíč nalezen: HKCU\Software\usyndication.com
Klíč nalezen: HKCU\Software\AppDataLow\Software\AskToolbar
Klíč nalezen: HKCU\Software\AppDataLow\Software\Dealio
Klíč nalezen: HKCU\Software\AppDataLow\Software\Search Settings
Klíč nalezen: HKLM\SOFTWARE\Application Updater
Klíč nalezen: HKLM\SOFTWARE\Dealio
Klíč nalezen: HKLM\SOFTWARE\ICQ\ICQToolbar
Klíč nalezen: HKLM\SOFTWARE\Search Settings
Klíč nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Klíč nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{7ABD4437-12A5-4644-A954-F83B3FBE7FBF}
Klíč nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Klíč nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Klíč nalezen: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\Microsoft\Internet Explorer\SearchScopes\{BA7EE915-CA44-4777-B414-72962E43EB7D}
Klíč nalezen: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C7C38660-DD5D-4EA0-863D-5C2FDC4B3BA0}
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BA7EE915-CA44-4777-B414-72962E43EB7D}
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C7C38660-DD5D-4EA0-863D-5C2FDC4B3BA0}
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe


***** [ Internetové prohlížeče ] *****

Firefox nastavení nalezeno: [C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\cfhwo8rt.default\prefs.js] - "browser.search.param.yahoo-fr" - "chr-greentree_ff&ilc=12&type=847320"
Firefox nastavení nalezeno: [C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\cfhwo8rt.default\prefs.js] - "extensions.asktb.ff-original-keyword-url" - "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type
Firefox nastavení nalezeno: [C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\cfhwo8rt.default\prefs.js] - "extensions.wrc.SearchRules.ask.com.url" - "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*"
Firefox nastavení nalezeno: [C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\cfhwo8rt.default\prefs.js] - "extensions.wrc.SearchRules.rambler.ru.url" - "^hxxp\\:\\/\\/nova\\.rambler\\.ru\\/.+"
Firefox nastavení nalezeno: [C:\Users\Pavel_2\AppData\Roaming\Mozilla\Firefox\Profiles\n8xkgxkm.default\prefs.js] - "browser.search.param.yahoo-fr" - "chr-greentree_ff&ilc=12&type=847320"
Firefox nastavení nalezeno: [C:\Users\Pavel_2\AppData\Roaming\Mozilla\Firefox\Profiles\n8xkgxkm.default\prefs.js] - "extensions.APN_TB.first-previous-keyword-url" - ""
Firefox nastavení nalezeno: [C:\Users\Pavel_2\AppData\Roaming\Mozilla\Firefox\Profiles\n8xkgxkm.default\prefs.js] - "extensions.wrc.SearchRules.ask.com.url" - "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*"
Firefox nastavení nalezeno: [C:\Users\Pavel_2\AppData\Roaming\Mozilla\Firefox\Profiles\n8xkgxkm.default\prefs.js] - "extensions.wrc.SearchRules.rambler.ru.url" - "^hxxp\\:\\/\\/nova\\.rambler\\.ru\\/.+"
Nebyly nalezeny žádné škodlivé položky prohlížeče Chromium.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [11212 Bajty] - [14/07/2017 10:41:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11286 Bajty] ##########

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 37130
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Kontrola logu

Příspěvekod jaro3 » 14 črc 2017 17:00

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce
klikni na „Scan“, po prohledání klikni na „ Clean

Program provede opravu, po automatickém restartu klikni na „Log Manager“ a pak poklepej na odpovídají log, (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.


Sophos Virus Removal Tool je praktický softwarový nástroj, který by mohl odstranit infekce, které antivirový program nedetekuje .
Stáhněte si ho zde z některého odkazu:
http://www.majorgeeks.com/mg/get/sophos ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,2.html

Viry mohou zpomalit počítač, nebo se snaží ukrást vaše data, a ani nevíte , že je máte. Co potřebujete, je rychlý a snadný způsob, jak je najít a zbavit se jich, pokud již máte antivirový program v počítači nainstalován , můžete nainstalovat i nástroj Sophos Virus Removal , který identifikuje a vyčistí zbylé infekce, které mohl Váš antivirový program přehlédnout.
K použití Sophos Virus Removal Tool na něj poklepejte a stiskněte tlačítko „Start scanning“ . Pak bude Sophos Virus Removal Tool vyhledávat a odstraňovat viry, které najde. Může být vyžadován restart.


Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.adlice.com/download/roguekil ... HlwZT14ODY
64bit.:
http://www.adlice.com/download/roguekil ... HlwZT14NjQ
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7,8,10 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“
- Program skenuje procesy PC. Po proskenování klikni na „Open Report “ , v okně pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
-pokud bude mít log více než 60.000 znaků , rozděl ho a vlož do více příspěvků

http://www.adlice.com/download/roguekiller/
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Jaros
Level 2
Level 2
Příspěvky: 216
Registrován: květen 09
Pohlaví: Muž

Re: Kontrola logu

Příspěvekod Jaros » 14 črc 2017 17:39

Log z AdwCleaner:

# AdwCleaner v6.047 - Log vytvořen 14/07/2017 v 17:32:09
# Aktualizováno dne 19/05/2017 z Malwarebytes
# Databáze : 2017-07-13.1 [Server]
# Operační systém : Windows Vista (TM) Home Premium Service Pack 2 (X86)
# Uživatelské jméno : Pavel_2 - PAVEL-PC
# Spuštěno z : C:\Users\Pavel_2\Desktop\adwcleaner_6.047.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****

[-] Služba smazána: ICQ Service


***** [ Složky ] *****

[-] Složka smazána: C:\Users\Pavel\AppData\Local\VirtualStore\Program Files\Convesoft
[-] Složka smazána: C:\Users\Pavel\AppData\LocalLow\Dealio
[-] Složka smazána: C:\Users\Pavel\AppData\LocalLow\Search Settings
[-] Složka smazána: C:\Users\Pavel_2\AppData\Local\Video Converter
[-] Složka smazána: C:\Users\Pavel_2\AppData\Local\VirtualStore\Program Files\Convesoft
[-] Složka smazána: C:\Users\Pavel_2\AppData\LocalLow\AskToolbar
[-] Složka smazána: C:\Users\Pavel_2\AppData\LocalLow\Dealio
[-] Složka smazána: C:\Users\Pavel_2\AppData\LocalLow\Search Settings
[-] Složka smazána: C:\Users\Pavel_2\AppData\Roaming\Babylon
[-] Složka smazána: C:\Users\Pavel_2\AppData\Roaming\PerformerSoft
[-] Složka smazána: C:\Users\Pavel_2\AppData\Roaming\SpeedAnalysis2
[-] Složka smazána: C:\Users\Pavel_2\AppData\Roaming\zulagames
[#] Složka smazána po restartu: C:\Users\Pavel_2\AppData\Roaming\Performersoft
[-] Složka smazána: C:\ProgramData\apn
[-] Složka smazána: C:\ProgramData\Ask
[-] Složka smazána: C:\ProgramData\Babylon
[-] Složka smazána: C:\ProgramData\IBUpdaterService
[-] Složka smazána: C:\ProgramData\ICQ\ICQToolbar
[-] Složka smazána: C:\ProgramData\VideoConverter
[-] Složka smazána: C:\ProgramData\ICQ\ICQNewTab
[#] Složka smazána po restartu: C:\ProgramData\Application Data\apn
[#] Složka smazána po restartu: C:\ProgramData\Application Data\Ask
[#] Složka smazána po restartu: C:\ProgramData\Application Data\Babylon
[#] Složka smazána po restartu: C:\ProgramData\Application Data\IBUpdaterService
[#] Složka smazána po restartu: C:\ProgramData\Application Data\ICQ\ICQToolbar
[#] Složka smazána po restartu: C:\ProgramData\Application Data\VideoConverter
[#] Složka smazána po restartu: C:\ProgramData\Application Data\ICQ\ICQNewTab
[-] Složka smazána: C:\Program Files\Application Updater
[-] Složka smazána: C:\Program Files\Dealio Toolbar
[-] Složka smazána: C:\Program Files\ICQ6Toolbar
[-] Složka smazána: C:\Program Files\Common Files\Spigot
[-] Složka smazána: C:\Windows\system32\config\systemprofile\AppData\Roaming\Solvusoft
[-] Složka smazána: C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\cfhwo8rt.default\extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}
[-] Složka smazána: C:\Users\Pavel_2\AppData\Roaming\Mozilla\Firefox\Profiles\n8xkgxkm.default\extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}
[-] Složka smazána: C:\Users\Pavel_2\AppData\Roaming\Mozilla\Firefox\Profiles\n8xkgxkm.default\extensions\zulagames@ZulaGames.com


***** [ Soubory ] *****

[-] Soubor smazán: C:\Users\Pavel_2\AppData\Roaming\speedanalysis.ico
[-] Soubor smazán: C:\Users\Pavel_2\AppData\Roaming\Mozilla\Firefox\Profiles\n8xkgxkm.default\searchplugins\Askcom.xml


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****



***** [ Registry ] *****

[#] Klíč smazán po restartu: HKLM\SYSTEM\CurrentControlSet\services\icq service
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Prod.cap
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{937936AF-28CA-4973-B8AE-F250406149A2}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{E716F183-5AD7-11DC-9670-00508DC0D496}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Klíč smazán: HKU\.DEFAULT\Software\AskPartnerNetwork
[-] Klíč smazán: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\Convesoft
[-] Klíč smazán: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\Dealio
[-] Klíč smazán: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\filescout
[-] Klíč smazán: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\Search Settings
[-] Klíč smazán: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\USyndication
[-] Klíč smazán: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\usyndication.com
[-] Klíč smazán: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\AppDataLow\Software\AskToolbar
[-] Klíč smazán: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\AppDataLow\Software\Dealio
[-] Klíč smazán: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\AppDataLow\Software\Search Settings
[-] Klíč smazán: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
[-] Klíč smazán: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{7ABD4437-12A5-4644-A954-F83B3FBE7FBF}
[-] Klíč smazán: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
[-] Klíč smazán: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\APN PIP
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\AskPartnerNetwork
[#] Klíč smazán po restartu: HKCU\Software\Convesoft
[#] Klíč smazán po restartu: HKCU\Software\Dealio
[#] Klíč smazán po restartu: HKCU\Software\filescout
[#] Klíč smazán po restartu: HKCU\Software\Search Settings
[#] Klíč smazán po restartu: HKCU\Software\USyndication
[#] Klíč smazán po restartu: HKCU\Software\usyndication.com
[#] Klíč smazán po restartu: HKCU\Software\AppDataLow\Software\AskToolbar
[#] Klíč smazán po restartu: HKCU\Software\AppDataLow\Software\Dealio
[#] Klíč smazán po restartu: HKCU\Software\AppDataLow\Software\Search Settings
[-] Klíč smazán: HKLM\SOFTWARE\Application Updater
[-] Klíč smazán: HKLM\SOFTWARE\Dealio
[-] Klíč smazán: HKLM\SOFTWARE\ICQ\ICQToolbar
[-] Klíč smazán: HKLM\SOFTWARE\Search Settings
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{7ABD4437-12A5-4644-A954-F83B3FBE7FBF}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
[-] Klíč smazán: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\Microsoft\Internet Explorer\SearchScopes\{BA7EE915-CA44-4777-B414-72962E43EB7D}
[-] Klíč smazán: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C7C38660-DD5D-4EA0-863D-5C2FDC4B3BA0}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BA7EE915-CA44-4777-B414-72962E43EB7D}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C7C38660-DD5D-4EA0-863D-5C2FDC4B3BA0}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe


***** [ Prohlížeče ] *****

[-] Firefox předvolby vyčištěny: "browser.search.param.yahoo-fr" - "chr-greentree_ff&ilc=12&type=847320"
[-] Firefox předvolby vyčištěny: "extensions.asktb.ff-original-keyword-url" - "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=847320&p="
[-] Firefox předvolby vyčištěny: "extensions.wrc.SearchRules.ask.com.url" - "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*"
[-] Firefox předvolby vyčištěny: "extensions.wrc.SearchRules.rambler.ru.url" - "^hxxp\\:\\/\\/nova\\.rambler\\.ru\\/.+"
[-] Firefox předvolby vyčištěny: "browser.search.param.yahoo-fr" - "chr-greentree_ff&ilc=12&type=847320"
[-] Firefox předvolby vyčištěny: "extensions.APN_TB.first-previous-keyword-url" - ""
[-] Firefox předvolby vyčištěny: "extensions.wrc.SearchRules.ask.com.url" - "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*"
[-] Firefox předvolby vyčištěny: "extensions.wrc.SearchRules.rambler.ru.url" - "^hxxp\\:\\/\\/nova\\.rambler\\.ru\\/.+"


*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [11176 Bajty] - [14/07/2017 17:32:09]
C:\AdwCleaner\AdwCleaner[S0].txt - [11366 Bajty] - [14/07/2017 10:41:10]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [11324 Bajty] ##########

Log z JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows Vista (TM) Home Premium x86
Ran by Pavel_2 (Administrator) on p  14.07.2017 at 17:48:51,15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 18

Successfully deleted: C:\Users\Pavel_2\AppData\Roaming\alawar (Folder)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Users\Pavel_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\664VJOYX (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Pavel_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\83EGL26Y (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Pavel_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6J81RM2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Pavel_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJAO9L7L (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Pavel_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I46YBL1H (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Pavel_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OV4ZY9XM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Pavel_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X2K4X3QF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Pavel_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZN2P55IK (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\664VJOYX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\83EGL26Y (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6J81RM2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJAO9L7L (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I46YBL1H (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OV4ZY9XM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X2K4X3QF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZN2P55IK (Temporary Internet Files Folder)



Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on p  14.07.2017 at 18:01:22,52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 37130
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Kontrola logu

Příspěvekod jaro3 » 14 črc 2017 20:30

Ještě to další.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Jaros
Level 2
Level 2
Příspěvky: 216
Registrován: květen 09
Pohlaví: Muž

Re: Kontrola logu

Příspěvekod Jaros » 15 črc 2017 08:44

RogueKiller V12.11.5.0 [Jul 3 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Spuštěno : Normální režim
Uživatel : Pavel_2 [Práva správce]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mód : Prohledat -- Datum : 07/14/2017 22:51:17 (Duration : 01:36:12)

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 14 ¤¤¤
[Suspicious.Path] HKEY_USERS\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.autoupdate : "C:\Users\Pavel_2\AppData\Roaming\Seznam.cz\szninstall.exe" -c [7] -> Nalezeno
[Suspicious.Path] HKEY_USERS\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.szndesktop : "C:\Users\Pavel_2\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q [7] -> Nalezeno
[PUP.Gen0] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ICQ Service (C:\Program Files\ICQ6Toolbar\ICQ Service.exe) -> Nalezeno
[PUP.Gen0] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ICQ Service (C:\Program Files\ICQ6Toolbar\ICQ Service.exe) -> Nalezeno
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://homepage.acer.com/rdr.aspx?b=ACA ... pire_6930g -> Nalezeno
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://homepage.acer.com/rdr.aspx?b=ACA ... pire_6930g -> Nalezeno
[PUM.HomePage] HKEY_USERS\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://homepage.acer.com/rdr.aspx?b=ACA ... pire_6930g -> Nalezeno
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2 -> Nalezeno
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2 -> Nalezeno
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 2 -> Nalezeno
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 2 -> Nalezeno
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2 -> Nalezeno
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 2 -> Nalezeno
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][Firefox:Config] n8xkgxkm.default : user_pref("browser.startup.homepage", "www.centrum.cz"); -> Nalezeno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS543232L9A300 +++++
--- User ---
[MBR] d94d68a878b71b4e0a4771beea44c4a0
[BSP] b531ca4034e5059484ca844b761e44ce : Acer MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10240 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 20973568 | Size: 147501 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 323055616 | Size: 143872 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 617705472 | Size: 3630 MB
User = LL1 ... OK
User = LL2 ... OK

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 37130
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Kontrola logu

Příspěvekod jaro3 » 15 črc 2017 09:33

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“,
po jeho skončení - vše zatrhni (dej zatržítka vlevo od nálezů , do bílých políček)
- pak klikni na "Remove Selected"
- Počkej, dokud Status box nezobrazí " Removal finished, please review result "
- Klikni na "Open report " a pak na " Open TXT“ a zkopíruj ten log a vlož obsah té zprávy prosím sem. Log je možno nalézt v C:\ProgramData\RogueKiller\Logs - Zavři RogueKiller.


Vypni antivir i firewall.
Stáhni Zoek.exe
http://download.bleepingcomputer.com/smeenk/zoek.exe
klik nahoře vpravo na .rar-file a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
-pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log Zkopíruj sem celý obsah toho logu.
Pokud budou problémy , spusť zoek v nouz. režimu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Jaros
Level 2
Level 2
Příspěvky: 216
Registrován: květen 09
Pohlaví: Muž

Re: Kontrola logu

Příspěvekod Jaros » 18 črc 2017 08:08

Log RK:

RogueKiller V12.11.5.0 [Jul 3 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Spuštěno : Normální režim
Uživatel : Pavel_2 [Práva správce]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mód : Smazat -- Datum : 07/17/2017 22:06:30 (Duration : 01:33:42)

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 12 ¤¤¤
[PUP.Gen0] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ICQ Service (C:\Program Files\ICQ6Toolbar\ICQ Service.exe) -> Smazáno
[PUP.Gen0] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ICQ Service (C:\Program Files\ICQ6Toolbar\ICQ Service.exe) -> Smazáno
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://homepage.acer.com/rdr.aspx?b=ACA ... pire_6930g -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://homepage.acer.com/rdr.aspx?b=ACA ... pire_6930g -> Nahrazeno (http://www.microsoft.com/isapi/redir.dl ... ar=msnhome)
[PUM.HomePage] HKEY_USERS\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://homepage.acer.com/rdr.aspx?b=ACA ... pire_6930g -> Nahrazeno (http://www.microsoft.com/isapi/redir.dl ... ar=msnhome)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2 -> Nahrazeno (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2 -> Nahrazeno (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 2 -> Nahrazeno (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 2 -> Nahrazeno (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2 -> Nahrazeno (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 2 -> Nahrazeno (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Nahrazeno (1)

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][Firefox:Config] n8xkgxkm.default : user_pref("browser.startup.homepage", "www.centrum.cz"); -> Nahrazeno (about:home)

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS543232L9A300 +++++
--- User ---
[MBR] d94d68a878b71b4e0a4771beea44c4a0
[BSP] b531ca4034e5059484ca844b761e44ce : Acer|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10240 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 20973568 | Size: 147501 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 323055616 | Size: 143872 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 617705472 | Size: 3630 MB
User = LL1 ... OK
User = LL2 ... OK

Log z Zoek:


Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Pavel_2 on Łt 18.07.2017 at 4:44:05,18.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Pavel_2\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

18.7.2017 4:46:12 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Program Files\eSobi deleted successfully
C:\Program Files\MSXML 4.0 deleted successfully
C:\Program Files\TomTom DesktopSuite deleted successfully
C:\Program Files\WinFF deleted successfully
C:\PROGRA~2\Downloaded Installations deleted successfully
C:\PROGRA~2\ICQ deleted successfully
C:\PROGRA~2\Oracle deleted successfully
C:\PROGRA~2\Pinnacle Studio Plus deleted successfully
C:\PROGRA~2\TurboFLOORPLAN Dum & Interi‚r & Zahrada Pro deleted successfully
C:\Users\Pavel\AppData\Roaming\.# deleted successfully
C:\Users\Pavel\AppData\Roaming\PeerNetworking deleted successfully
C:\Users\Pavel_2\AppData\Roaming\.# deleted successfully
C:\Users\Pavel_2\AppData\Roaming\WinRAR deleted successfully
C:\Users\Pavel\AppData\Local\GHISLER deleted successfully
C:\Users\Pavel_2\AppData\Local\GHISLER deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_USERS\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\cfhwo8rt.default\prefs.js:
user_pref("browser.startup.homepage", "https://www.seznam.cz/?clid=22668");
user_pref("browser.search.defaulturl", "http://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&");
user_pref("browser.newtab.url", "about:newtab");
user_pref("browser.search.defaultengine", "Seznam");
user_pref("browser.search.defaultenginename", "Seznam");
user_pref("browser.search.selectedEngine", "Seznam");
user_pref("browser.search.order.1", "Seznam");
user_pref("keyword.URL", "http://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&");

Added to C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\cfhwo8rt.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Pavel\AppData\Roaming\TomTom\HOME\Profiles\mnakg3eb.default\prefs.js:

Added to C:\Users\Pavel\AppData\Roaming\TomTom\HOME\Profiles\mnakg3eb.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Pavel_2\AppData\Roaming\Mozilla\Firefox\Profiles\n8xkgxkm.default\prefs.js:
user_pref("browser.search.defaulturl", "https://www.google.com/search");
user_pref("browser.newtab.url", "about:newtab");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");

Added to C:\Users\Pavel_2\AppData\Roaming\Mozilla\Firefox\Profiles\n8xkgxkm.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Pavel_2\AppData\Roaming\TomTom\HOME\Profiles\f91lty05.default\prefs.js:

Added to C:\Users\Pavel_2\AppData\Roaming\TomTom\HOME\Profiles\f91lty05.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\cfhwo8rt.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_18.07.2017_0552_.backup

ProfilePath: C:\Users\Pavel\AppData\Roaming\TomTom\HOME\Profiles\mnakg3eb.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_18.07.2017_0552_.backup

ProfilePath: C:\Users\Pavel_2\AppData\Roaming\Mozilla\Firefox\Profiles\n8xkgxkm.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_18.07.2017_0552_.backup

ProfilePath: C:\Users\Pavel_2\AppData\Roaming\TomTom\HOME\Profiles\f91lty05.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_18.07.2017_0552_.backup

==== Deleting Files \ Folders ======================

C:\Program Files\eSobi not found
C:\Program Files\TomTom DesktopSuite not found
C:\Program Files\WinFF not found
C:\PROGRA~2\TurboFLOORPLAN Dum & Interiér & Zahrada Pro not found
C:\Windows\system32\appdata deleted
C:\Program Files\SamsungPrinterLiveUpdateInstaller deleted
C:\Program Files\Mozilla Firefox\.autoreg deleted
C:\found.000 deleted
C:\found.001 deleted
C:\found.002 deleted
C:\found.003 deleted
C:\found.004 deleted
C:\found.005 deleted
C:\found.006 deleted
C:\found.007 deleted
C:\Users\Pavel\AppData\Roaming\Alawar deleted
C:\PROGRA~2\{174892B1-CBE7-44F5-86FF-AB555EFD73A3} deleted
C:\Users\Pavel\AppData\Local\Unity deleted
C:\Users\Pavel_2\AppData\Local\HWVendorDetection.log deleted
C:\Users\Pavel_2\AppData\Local\Unity deleted
C:\Users\Pavel\AppData\LocalLow\Unity deleted
C:\Users\Pavel_2\AppData\LocalLow\Unity deleted
C:\Users\Pavel_2\AppData\Roaming\Mozilla\Firefox\Profiles\n8xkgxkm.default\Invalidprefs.js deleted
"C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\cfhwo8rt.default\extensions\wtxpcom@mybrowserbar.com" deleted
"C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\cfhwo8rt.default\extensions\wtxpcom@mybrowserbar.com" deleted
"C:\Users\Pavel_2\AppData\Roaming\Mozilla\Firefox\Profiles\n8xkgxkm.default\extensions\dealio@mybrowserbar.com" deleted
"C:\Users\Pavel_2\AppData\Roaming\Mozilla\Firefox\Profiles\n8xkgxkm.default\extensions\dealio@mybrowserbar.com" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\cfhwo8rt.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Pavel\AppData\Roaming\TomTom\HOME\Profiles\mnakg3eb.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Pavel_2\AppData\Roaming\Mozilla\Firefox\Profiles\n8xkgxkm.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Pavel_2\AppData\Roaming\TomTom\HOME\Profiles\f91lty05.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [03.09.2009 10:42]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\cfhwo8rt.default
- Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
- Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

ProfilePath: C:\Users\Pavel\AppData\Roaming\TomTom\HOME\Profiles\mnakg3eb.default
- Map status indicator - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com
- TomTom HOME default theme - C:\Program Files\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com

ProfilePath: C:\Users\Pavel_2\AppData\Roaming\Mozilla\Firefox\Profiles\n8xkgxkm.default
- Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
- Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Dealio Toolbar\FF
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- Seznam litika - %ProfilePath%\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}

ProfilePath: C:\Users\Pavel_2\AppData\Roaming\TomTom\HOME\Profiles\f91lty05.default
- Map status indicator - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com
- TomTom HOME default theme - C:\Program Files\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

==== Firefox Plugins ======================

Profilepath: C:\Users\Pavel_2\AppData\Roaming\Mozilla\Firefox\Profiles\n8xkgxkm.default
9FC9D7C6370C9E6CCC27235F0FC5C275 - C:\Program Files\Java\jre7\bin\npjpi170_45.dll - Java(TM) Platform SE 7 U45
2D45A8274592D965EDFB62ACCB1150B1 - C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll - Google Update
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
6768C724599214E4F9ADD9F8FF5097EB - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U45
F1CD6E22E5AE5CEEB7712E546A5FC853 - C:\Windows\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.450.18
F2AE028008AD02EC3C38CA6679EE4CC6 - C:\Windows\system32\Macromed\Flash\NPSWF32_26_0_0_137.dll - Shockwave Flash
B6140A0C147234CA38FFB33EA55D3677 - C:\Users\Pavel_2\AppData\Roaming\KB-ext\lib\x86\npPKIComponentNPAPI-kbext.dll - Cryptoplus KB – podepisovací modul
FC5D7AF1FC3A63782E19B375E2312D1C - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
4E3216231CBA873F1D88CC3A755CC4AF - C:\Program Files\Mozilla Firefox\plugins\npnul32.dll - Mozilla Default Plug-in
F169116C1BA501AB4D0D66D41FF496B5 - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eofcbnmajmjmplflapaojjnihcjkigck - No path found[]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
olfeabkoenfaoljndfecamgilllcpiak - No path found[]

SiteAdvisor - Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
Avast Online Security - Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Ask Toolbar - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
MSS+ Extension - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
SiteAdvisor - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
Zula Games - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\gflandjopdloblmlcoiidmncpinmmacn

==== Chromium Fix ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo deleted successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake deleted successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf deleted successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo deleted successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh deleted successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf deleted successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho deleted successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\gflandjopdloblmlcoiidmncpinmmacn deleted successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda deleted successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia deleted successfully
C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.cz/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.cz/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{5D1ACDCD-4141-46AA-9485-3CB6B737B5A7}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{5D1ACDCD-4141-46AA-9485-3CB6B737B5A7} Google Url="https://www.google.com/search?q={searchTerms}"

==== Reset Google Chrome ======================

C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Pavel\AppData\Local\Seznam.cz\User Data\Default\Preferences was reset successfully
C:\Users\Pavel\AppData\Local\Seznam.cz\User Data\Default\Secure Preferences was reset successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Protected Preferences was reset successfully
C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Pavel\AppData\Local\Seznam.cz\User Data\Default\Web Data was reset successfully
C:\Users\Pavel\AppData\Local\Seznam.cz\User Data\Default\Web Data-journal was reset successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_CURRENT_USER\Software\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully

==== Empty IE Cache ======================

C:\Users\Pavel_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Pavel_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Pavel_2\AppData\Local\Mozilla\Firefox\Profiles\n8xkgxkm.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Pavel\AppData\Local\Seznam.cz\User Data\Default\Cache emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=833 folders=481 95145746 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Pavel\AppData\Local\Temp emptied successfully
C:\Users\Pavel_2\AppData\Local\Temp will be emptied at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Pavel_2\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Pavel_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on Łt 18.07.2017 at 7:09:49,06 ======================

Log z Combofixu:

ComboFix 17-07-07.01 - Pavel_2 18.07.2017 7:20.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3066.1127 [GMT 2:00]
Spuštěný z: c:\users\Pavel_2\Desktop\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\UNWISE.EXE
c:\users\Pavel_2\Desktop\Setup.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\DEBUG.log
c:\windows\system32\spsys.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2017-06-18 do 2017-07-18 )))))))))))))))))))))))))))))))
.
.
2017-07-18 05:43 . 2017-07-18 05:44 -------- d-----w- c:\users\Pavel_2\AppData\Local\temp
2017-07-18 05:43 . 2017-07-18 05:43 -------- d-----w- c:\users\Pavel\AppData\Local\temp
2017-07-18 05:43 . 2017-07-18 05:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-07-18 05:03 . 2017-07-18 05:03 -------- d-----w- c:\programdata\SWCUTemp
2017-07-18 04:14 . 2017-07-18 02:43 24064 ----a-w- c:\windows\zoek-delete.exe
2017-07-18 02:43 . 2017-07-18 04:06 -------- d-----w- C:\zoek_backup
2017-07-14 20:51 . 2017-07-17 20:06 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-07-14 20:50 . 2017-07-15 06:44 -------- d-----w- c:\programdata\RogueKiller
2017-07-14 20:49 . 2017-07-14 20:49 -------- d-----w- c:\program files\RogueKiller
2017-07-14 16:22 . 2017-07-14 16:22 -------- d-----w- c:\programdata\Sophos
2017-07-14 16:21 . 2017-07-14 16:21 -------- d-----w- c:\program files\Sophos
2017-07-14 08:16 . 2017-07-14 08:16 -------- d-----w- c:\users\Pavel_2\AppData\Local\CEF
2017-07-14 08:15 . 2017-07-14 15:32 -------- d-----w- C:\AdwCleaner
2017-07-14 05:29 . 2017-07-14 05:29 -------- d-----w- c:\users\Pavel_2\AppData\Roaming\Hard Disk Sentinel
2017-07-14 05:28 . 2017-07-14 05:33 -------- d-----w- c:\program files\Hard Disk Sentinel
2017-07-14 04:36 . 2017-07-14 06:11 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-07-14 04:35 . 2015-03-17 04:15 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-07-14 04:35 . 2015-03-17 04:15 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2017-07-14 04:35 . 2017-07-14 04:35 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2017-07-14 04:35 . 2017-07-14 04:35 -------- d-----w- c:\programdata\Malwarebytes
2017-07-14 04:35 . 2015-03-17 04:15 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-07-13 18:50 . 2017-07-13 18:50 -------- d-----w- c:\users\Pavel_2\AppData\Local\ESET
2017-07-13 18:31 . 2017-07-13 18:31 -------- d-----w- c:\program files\CCleaner
2017-07-13 18:26 . 2017-07-13 18:26 -------- d-----w- c:\program files\Seznam.cz
2017-07-13 18:24 . 2017-07-17 19:39 -------- d-----w- c:\users\Pavel_2\AppData\Roaming\Seznam.cz
2017-07-13 18:22 . 2017-07-13 18:22 -------- d-----w- c:\users\Pavel_2\AppData\Roaming\Acer
2017-07-06 18:17 . 2017-07-06 18:17 303280 ----a-w- c:\windows\system32\aswBoot.exe
2017-06-23 20:52 . 2017-06-23 20:52 -------- d-----w- c:\users\Pavel\AppData\Roaming\Seznam Browser
2017-06-19 19:09 . 2017-06-19 19:09 -------- d-----w- c:\users\Pavel_2\AppData\Roaming\Template
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-07-11 19:26 . 2012-08-07 19:13 803328 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-07-11 19:26 . 2011-05-17 18:46 144896 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2017-07-06 18:18 . 2013-04-01 12:42 296312 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2017-07-06 18:17 . 2016-06-28 21:53 202688 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2017-07-06 18:17 . 2014-06-25 21:13 42824 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2017-07-06 18:17 . 2013-04-01 12:42 70840 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2017-07-06 18:17 . 2009-04-23 21:27 70088 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2017-07-06 18:17 . 2009-04-23 21:27 496976 ----a-w- c:\windows\system32\drivers\aswSP.sys
2017-07-06 18:17 . 2009-04-23 21:27 123896 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2017-07-06 18:16 . 2016-06-28 21:52 39752 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2017-07-06 18:16 . 2011-07-31 18:22 774288 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2017-07-06 18:16 . 2017-03-17 19:11 50352 ----a-w- c:\windows\system32\drivers\aswbunivx.sys
2017-07-06 18:16 . 2017-03-17 19:11 276704 ----a-w- c:\windows\system32\drivers\aswblogx.sys
2017-07-06 18:16 . 2017-03-17 19:11 266976 ----a-w- c:\windows\system32\drivers\aswbidsdriverx.sys
2017-07-06 18:16 . 2017-03-17 19:11 157384 ----a-w- c:\windows\system32\drivers\aswbidshx.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-07-06 18:17 1209288 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 15:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2014-12-19 248176]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"cz.seznam.software.autoupdate"="c:\users\Pavel_2\AppData\Roaming\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
"cz.seznam.software.szndesktop"="c:\users\Pavel_2\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" [2015-05-26 103080]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2017-06-30 7658200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-18 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-18 92704]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-04 817672]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-07-24 147456]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-07-18 167936]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-03-18 173352]
"QuickTime Task"="c:\windows\system32\qttask.exe" [2013-01-13 98304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvLaunch.exe" [2017-07-06 213832]
"CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2012-03-09 350072]
"seznam-listicka-distribuce"="c:\program files\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
.
c:\users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-4-1 1216512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-03-25 13:24 567560 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Doplňkový sken -------
.
uStart Page = https://www.google.cz/
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\sign
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojeplatba.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Pavel_2\AppData\Roaming\Mozilla\Firefox\Profiles\n8xkgxkm.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-eRecoveryService - (no file)
Notify-AWinNotifyVitaKey MC3000 - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Activation Assistant for the 2007 Microsoft Office suites - c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe
AddRemove-Samsung Printer Live Update - c:\program files\SamsungPrinterLiveUpdateInstaller\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2017-07-18 07:44
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2017-07-18 07:49:49
ComboFix-quarantined-files.txt 2017-07-18 05:49
.
Před spuštěním: Volných bajtů: 67 998 670 848
Po spuštění: Volných bajtů: 67 703 533 568
.
- - End Of File - - 451BCC422D2B05788FC91DB97EB04199
BB9D3A6A13C5010348DA7C900BB6AF50

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 37130
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Kontrola logu

Příspěvekod jaro3 » 18 črc 2017 09:15

Odinstaluj:
Seznam.cz
McAfeeAntiSpyware (pokud najdeš)



Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
Folder::
c:\users\Pavel_2\AppData\Local\ESET
c:\users\Pavel_2\AppData\Roaming\Seznam.cz
c:\program files\Common Files\Java\Java Update
c:\program files\Seznam.cz

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cz.seznam.software.autoupdate"=-
"cz.seznam.software.szndesktop"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"seznam-listicka-distribuce"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000000

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000



Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.


Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Jaros
Level 2
Level 2
Příspěvky: 216
Registrován: květen 09
Pohlaví: Muž

Re: Kontrola logu

Příspěvekod Jaros » 19 črc 2017 01:10

ComboFix 17-07-07.01 - Pavel_2 19.07.2017 0:32.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3066.1168 [GMT 2:00]
Spuštěný z: c:\users\Pavel_2\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Pavel_2\Desktop\CFScript.txt
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\Java\Java Update
c:\program files\Common Files\Java\Java Update\jaucheck.exe
c:\program files\Common Files\Java\Java Update\jaureg.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
c:\program files\Common Files\Java\Java Update\jusched.exe
c:\program files\Common Files\Java\Java Update\task.xml
c:\program files\Common Files\Java\Java Update\task64.xml
c:\program files\Seznam.cz
c:\program files\WinRAR\rarlng.dll
c:\users\Pavel_2\AppData\Local\ESET
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\esets_apiW.dll
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\esets_apiW_a.dll
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\Char_Cache\CACHE.NDB
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\Modules\data\backup\db.xml
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\Modules\data\backup\em000_32-1112.dat
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\Modules\data\backup\em001_32-1867.dat
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\Modules\data\backup\em002_32-34045.dat
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\Modules\data\backup\em003_32-1317.dat
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\Modules\data\backup\em004_32-1144.dat
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\Modules\data\backup\em005_32-1173.dat
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\Modules\data\backup\em006_32-1164.dat
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\Modules\data\backup\em023_32-10546.dat
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\Modules\data\updfiles\http_update.eset.com\download\engineols3\update.ver
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\Modules\data\updfiles\lastupd.ver
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\Modules\data\updfiles\upd.ver
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\Modules\em000_32.dat
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\Modules\em001_32.dat
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\Modules\em002_32.dat
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\Modules\em003_32.dat
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\Modules\em004_32.dat
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\Modules\em005_32.dat
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\Modules\em006_32.dat
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\Modules\em023_32.dat
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\Modules\esets_api.stg
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\OldModules\data\updfiles\http_update.eset.com\download\engineols3\update.ver
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\OldModules\data\updfiles\lastupd.ver
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\OldModules\data\updfiles\nod09DE.nup
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\OldModules\data\updfiles\nod1B21.nup
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\OldModules\data\updfiles\nod2160.nup
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\OldModules\data\updfiles\nod2495.nup
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\OldModules\data\updfiles\nod29F4.nup
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\OldModules\data\updfiles\nod3EBA.nup
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\OldModules\data\updfiles\nod4121.nup
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\OldModules\data\updfiles\nod4A7F.nup
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\OldModules\data\updfiles\nod5B1A.nup
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\OldModules\data\updfiles\nod5F77.nup
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\OldModules\data\updfiles\nod69DD.nup
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\OldModules\data\updfiles\nod6B3B.nup
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\OldModules\data\updfiles\nod6C15.nup
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\OldModules\data\updfiles\nod750A.nup
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\OldModules\data\updfiles\nod773C.nup
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\OldModules\data\updfiles\nod77EE.nup
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\OldModules\data\updfiles\nod797A.nup
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\OldModules\data\updfiles\nod7FCE.nup
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\OldModules\data\updfiles\upd.ver
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\OldModules\em000_32.dat
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\OldModules\em001_32.dat
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\OldModules\em002_32.dat
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\OldModules\em003_32.dat
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\OldModules\em004_32.dat
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\OldModules\em005_32.dat
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\OldModules\em006_32.dat
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\OldModules\em023_32.dat
c:\users\Pavel_2\AppData\Local\ESET\ESETOnlineScanner\OldModules\esets_api.stg
c:\users\Pavel_2\AppData\Roaming\Seznam.cz
c:\users\Pavel_2\AppData\Roaming\Seznam.cz\~~erase-1349237-3156-51766.$$$
c:\users\Pavel_2\AppData\Roaming\Seznam.cz\~~erase-1349237-3156-69288.$$$
c:\users\Pavel_2\AppData\Roaming\Seznam.cz\~~erase-1349283-3156-47813.$$$\~~erase-1349237-3156-48030.$$$
c:\users\Pavel_2\AppData\Roaming\Seznam.cz\install.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2017-06-18 do 2017-07-18 )))))))))))))))))))))))))))))))
.
.
2017-07-18 22:54 . 2017-07-18 22:54 -------- d-----w- c:\users\Pavel_2\AppData\Local\CrashDumps
2017-07-18 22:53 . 2017-07-18 23:01 -------- d-----w- c:\users\Pavel_2\AppData\Local\temp
2017-07-18 22:53 . 2017-07-18 22:53 -------- d-----w- c:\users\Pavel\AppData\Local\temp
2017-07-18 22:53 . 2017-07-18 22:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-07-18 22:25 . 2017-07-18 22:25 -------- d-----w- c:\users\Pavel_2\AppData\Local\Adobe
2017-07-18 04:14 . 2017-07-18 02:43 24064 ----a-w- c:\windows\zoek-delete.exe
2017-07-18 02:43 . 2017-07-18 04:06 -------- d-----w- C:\zoek_backup
2017-07-14 20:51 . 2017-07-17 20:06 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-07-14 20:50 . 2017-07-15 06:44 -------- d-----w- c:\programdata\RogueKiller
2017-07-14 20:49 . 2017-07-14 20:49 -------- d-----w- c:\program files\RogueKiller
2017-07-14 16:22 . 2017-07-14 16:22 -------- d-----w- c:\programdata\Sophos
2017-07-14 16:21 . 2017-07-14 16:21 -------- d-----w- c:\program files\Sophos
2017-07-14 08:16 . 2017-07-14 08:16 -------- d-----w- c:\users\Pavel_2\AppData\Local\CEF
2017-07-14 08:15 . 2017-07-14 15:32 -------- d-----w- C:\AdwCleaner
2017-07-14 05:29 . 2017-07-14 05:29 -------- d-----w- c:\users\Pavel_2\AppData\Roaming\Hard Disk Sentinel
2017-07-14 05:28 . 2017-07-14 05:33 -------- d-----w- c:\program files\Hard Disk Sentinel
2017-07-14 04:36 . 2017-07-14 06:11 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-07-14 04:35 . 2015-03-17 04:15 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-07-14 04:35 . 2015-03-17 04:15 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2017-07-14 04:35 . 2017-07-14 04:35 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2017-07-14 04:35 . 2017-07-14 04:35 -------- d-----w- c:\programdata\Malwarebytes
2017-07-14 04:35 . 2015-03-17 04:15 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-07-13 18:31 . 2017-07-13 18:31 -------- d-----w- c:\program files\CCleaner
2017-07-13 18:22 . 2017-07-13 18:22 -------- d-----w- c:\users\Pavel_2\AppData\Roaming\Acer
2017-07-06 18:17 . 2017-07-06 18:17 303280 ----a-w- c:\windows\system32\aswBoot.exe
2017-06-23 20:52 . 2017-06-23 20:52 -------- d-----w- c:\users\Pavel\AppData\Roaming\Seznam Browser
2017-06-19 19:09 . 2017-06-19 19:09 -------- d-----w- c:\users\Pavel_2\AppData\Roaming\Template
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-07-18 22:10 . 2009-04-23 21:27 123928 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2017-07-11 19:26 . 2012-08-07 19:13 803328 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-07-11 19:26 . 2011-05-17 18:46 144896 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2017-07-06 18:18 . 2013-04-01 12:42 296312 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2017-07-06 18:17 . 2016-06-28 21:53 202688 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2017-07-06 18:17 . 2014-06-25 21:13 42824 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2017-07-06 18:17 . 2013-04-01 12:42 70840 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2017-07-06 18:17 . 2009-04-23 21:27 70088 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2017-07-06 18:17 . 2009-04-23 21:27 496976 ----a-w- c:\windows\system32\drivers\aswSP.sys
2017-07-06 18:16 . 2016-06-28 21:52 39752 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2017-07-06 18:16 . 2011-07-31 18:22 774288 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2017-07-06 18:16 . 2017-03-17 19:11 50352 ----a-w- c:\windows\system32\drivers\aswbunivx.sys
2017-07-06 18:16 . 2017-03-17 19:11 276704 ----a-w- c:\windows\system32\drivers\aswblogx.sys
2017-07-06 18:16 . 2017-03-17 19:11 266976 ----a-w- c:\windows\system32\drivers\aswbidsdriverx.sys
2017-07-06 18:16 . 2017-03-17 19:11 157384 ----a-w- c:\windows\system32\drivers\aswbidshx.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-07-06 18:17 1209288 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 15:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2014-12-19 248176]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2017-06-30 7658200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-18 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-18 92704]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-04 817672]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-07-24 147456]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-07-18 167936]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-03-18 173352]
"QuickTime Task"="c:\windows\system32\qttask.exe" [2013-01-13 98304]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvLaunch.exe" [2017-07-06 213832]
"CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2012-03-09 350072]
.
c:\users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]
.
c:\users\Pavel_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-4-1 1216512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-03-25 13:24 567560 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Doplňkový sken -------
.
uStart Page = https://www.google.cz/
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\sign
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojeplatba.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Pavel_2\AppData\Roaming\Mozilla\Firefox\Profiles\n8xkgxkm.default\
FF - prefs.js: browser.startup.homepage - about:home
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2017-07-19 01:03
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(1484)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\SPBA\upeksvr.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Acer\Empowering Technology\Service\ETService.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Acer\Acer VCM\RS_Service.exe
c:\program files\TomTom HOME 2\TomTomHOMEService.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Celkový čas: 2017-07-19 01:06:49 - počítač byl restartován
ComboFix-quarantined-files.txt 2017-07-18 23:06
ComboFix2.txt 2017-07-18 05:49
.
Před spuštěním: Volných bajtů: 67 523 162 112
Po spuštění: Volných bajtů: 67 712 503 808
.
- - End Of File - - DC73ED1DD412C9B70406C3904EA04163
BB9D3A6A13C5010348DA7C900BB6AF50

Log z HJT:

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 1:11:14, on 19.7.2017
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16800)

FIREFOX: 3.6.18 (cs)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
c:\users\pavel_2\downloads\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_6930g
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Windows\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvLaunch.exe" /gui
O4 - HKLM\..\Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Acer VCM.lnk = ?
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\Alwil Software\Avast5\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7770 bytes

Log z aswMBR:

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2017-07-19 01:12:44
-----------------------------
01:12:44.998 OS Version: Windows 6.0.6002 Service Pack 2
01:12:44.999 Number of processors: 2 586 0xF0D
01:12:45.002 ComputerName: PAVEL-PC UserName: Pavel_2
01:12:49.867 Initialize success
01:12:49.898 VM: initialized successfully
01:12:49.901 VM: Intel CPU virtualization not supported
01:13:04.011 AVAST engine defs: 17071802
01:14:53.576 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
01:14:53.583 Disk 0 Vendor: Hitachi_ FB4O Size: 305245MB BusType: 3
01:14:53.727 Disk 0 MBR read successfully
01:14:53.732 Disk 0 MBR scan
01:14:54.003 Disk 0 unknown MBR code
01:14:54.553 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048
01:14:54.655 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147501 MB offset 20973568
01:14:54.700 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 143872 MB offset 323055616
01:14:54.757 Disk 0 Partition 4 00 12 Compaq diag NTFS 3630 MB offset 617705472
01:14:54.838 Disk 0 scanning sectors +625139712
01:14:55.108 Disk 0 scanning C:\Windows\system32\drivers
01:15:04.238 File: C:\Windows\system32\drivers\int15.sys **INFECTED** Win32:Zeroot-B [Rtk]
01:15:16.966 Disk 0 statistics 112429/0/0 @ 5,83 MB/s
01:15:16.982 Scan finished successfully
01:15:29.991 Disk 0 MBR has been saved successfully to "C:\Users\Pavel_2\Desktop\MBR.dat"
01:15:30.001 The log file has been saved successfully to "C:\Users\Pavel_2\Desktop\aswMBR.txt"

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 37130
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Kontrola logu

Příspěvekod jaro3 » 19 črc 2017 09:13

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O4 - HKLM\..\Run: [QuickTime Task] "C:\Windows\system32\qttask.exe" -atboottime
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab


V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
C:\Windows\system32\drivers\int15.sys


Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 4 hosti